Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1498101
MD5:5bcfae8097a09c47fc7fa3cadfeb39ae
SHA1:229048e91ba78dbbade7a95f197ed8ffdf064b5a
SHA256:6a4d5fa1f240b1ea51164de317aa376bbc1bbddeb57df23238413c5c21ca9db0
Tags:exe
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6716 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 5BCFAE8097A09C47FC7FA3CADFEB39AE)
    • msedge.exe (PID: 6148 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 7268 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2032,i,17235730763845207271,9954628077255362807,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 5556 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 5576 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 5772 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8428 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2240 -parentBuildID 20230927232528 -prefsHandle 2188 -prefMapHandle 2180 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8205cf2-3fc0-4029-8ece-1522148321f6} 5772 "\\.\pipe\gecko-crash-server-pipe.5772" 15d8296dd10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7384 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4068 -parentBuildID 20230927232528 -prefsHandle 4572 -prefMapHandle 4568 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc14055a-cb3b-4982-b2ae-49b5b90d95b7} 5772 "\\.\pipe\gecko-crash-server-pipe.5772" 15d95a12610 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 7360 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7800 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2944 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9020 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6680 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9048 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6848 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9388 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6488 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9396 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7216 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9484 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7452 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 10228 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7452 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.80:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49780 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49786 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0052DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0052DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004FC2A2 FindFirstFileExW,0_2_004FC2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005368EE FindFirstFileW,FindClose,0_2_005368EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0053698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0052D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0052D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0052D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0052D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00539642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00539642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0053979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00539B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00539B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00535C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00535C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 94MB
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewIP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.165.142
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0053CE44
Source: global trafficHTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=867400062&timestamp=1724424724067 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=LYmUv1Z1vAtRz55&MD=53Fve3aL HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725029519&P2=404&P3=2&P4=kHCyqCMN7zkIUvouF1wInfVmnvvun6sXGzu4nJH8qR8yAkiljdm8KB5Je4FSvzGzGaXiSaQzhmUJ7ml3L8vKFg%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: Tn1qygMsWGvvhapf6VDhHSSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=LYmUv1Z1vAtRz55&MD=53Fve3aL HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000006.00000003.2201717155.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2432819873.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2441248614.0000015D92E51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.2201717155.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2432819873.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2441248614.0000015D92E51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: 000003.log6.8.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log6.8.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log6.8.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000006.00000003.2437511149.0000015D95169000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2242524831.0000015D951E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2437511149.0000015D951E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.2437511149.0000015D95169000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2242524831.0000015D951E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2437511149.0000015D951E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.2242524831.0000015D9518D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: 2c26bf84-7059-43d9-8f6a-ebaacc34bd89.tmp.9.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490317176662","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490320461257","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13368991920536407","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490320729216","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490324822616","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490326659570","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490325780825","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":179715},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490326723936","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":280837},"server":"https://accounts.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490355864803","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://play.google.com"}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}} equals www.youtube.com (Youtube)
Source: b8105376-8f06-410b-9a08-d945aea23ee5.tmp.9.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490317176662","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490320461257","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13368991920536407","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490320729216","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490324822616","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490326659570","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490325780825","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":179715},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490326723936","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":280837},"server":"https://accounts.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490355864803","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://play.google.com"}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}} equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: firefox.exe, 00000006.00000003.2486358478.0000015D93261000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200906501.0000015D93259000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2736944997.0000015D93261000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897818413.0000015D93261000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2244829606.0000015D93269000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000006.00000003.2486424122.0000015D92E40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2486714185.0000015D917C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000006.00000003.2486424122.0000015D92E40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000006.00000003.2440564476.0000015D93B2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2712892628.0000015D9411B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000006.00000003.2440564476.0000015D93B2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2712892628.0000015D9411B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000006.00000003.2440564476.0000015D93B2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2712892628.0000015D9411B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000006.00000003.2440564476.0000015D93B2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2712892628.0000015D9411B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000006.00000003.2440564476.0000015D93B2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2712892628.0000015D9411B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2440564476.0000015D93B2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2712892628.0000015D9411B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2440564476.0000015D93B2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2712892628.0000015D9411B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000006.00000003.2440564476.0000015D93B2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2712892628.0000015D9411B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000006.00000003.2440564476.0000015D93B2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2712892628.0000015D9411B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2898040155.0000015D92E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2440564476.0000015D93B2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2712892628.0000015D9411B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2197360955.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2073031487.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071463426.0000015D931C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2075456608.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2183093807.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071602016.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180557426.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2849468071.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852803242.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2068773683.0000015D931D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
Source: firefox.exe, 00000006.00000003.2438946869.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000006.00000003.2439898509.0000015D95142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000006.00000003.2737220441.0000015D92E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2196741356.0000015D93E3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000006.00000003.2899584479.0000015D8F050000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000006.00000003.2719664374.0000015D917D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2174707022.0000015D93EA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2737220441.0000015D92E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000006.00000003.2432819873.0000015D92E6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2737220441.0000015D92E1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000006.00000003.2434724730.0000015D96875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2240199060.0000015D968E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2195054869.0000015D9554D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2436814521.0000015D9554D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000006.00000003.2434724730.0000015D96875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2240199060.0000015D968E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2195054869.0000015D9554D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2436814521.0000015D9554D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000006.00000003.2246807953.0000015D8F08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2899584479.0000015D8F08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3280197064.0000015D8F08C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000006.00000003.2899584479.0000015D8F081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2246807953.0000015D8F081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3280197064.0000015D8F081000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000006.00000003.2246807953.0000015D8F08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2899584479.0000015D8F08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3280197064.0000015D8F08C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000006.00000003.2899584479.0000015D8F081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2246807953.0000015D8F081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3280197064.0000015D8F081000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressionsC:
Source: firefox.exe, 00000006.00000003.2246807953.0000015D8F08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2899584479.0000015D8F08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3280197064.0000015D8F08C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000006.00000002.3277176208.0000015D82903000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/strings
Source: firefox.exe, 00000006.00000003.2200394149.0000015D93748000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2118376329.0000015D95F84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2183093807.0000015D931AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2118376329.0000015D95FD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173453927.0000015D95FD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2190157556.0000015D95F33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173453927.0000015D95F3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180202134.0000015D93CD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2442594965.0000015D95B81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2194745815.0000015D95AD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2090222771.0000015D93FD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2203935936.000001600003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2174402320.0000015D95A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2092344524.0000015D93FD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2121499158.0000015D95AD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2118376329.0000015D95FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D93748000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2851907346.0000015D93FED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173453927.0000015D95F63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2093360118.0000015D93FED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2182116177.0000015D93FD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000006.00000003.2439898509.0000015D95142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000006.00000003.2197360955.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2073031487.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071463426.0000015D931C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2075456608.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2183093807.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071602016.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180557426.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2849468071.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852803242.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2068773683.0000015D931D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000006.00000003.2438946869.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000006.00000003.2197360955.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2073031487.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071463426.0000015D931C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2075456608.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2183093807.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071602016.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180557426.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2849468071.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852803242.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2068773683.0000015D931D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000006.00000003.2438946869.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000006.00000003.2197360955.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2073031487.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071463426.0000015D931C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2075456608.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2183093807.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071602016.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180557426.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2849468071.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852803242.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2068773683.0000015D931D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: firefox.exe, 00000006.00000003.2438946869.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000006.00000003.2439898509.0000015D95142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000006.00000003.2174164489.0000015D95CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897864302.0000015D92E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2121746944.0000015D956AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897900903.0000015D92E4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000006.00000003.2174164489.0000015D95C7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul:
Source: firefox.exe, 00000006.00000003.2174164489.0000015D95C7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulN
Source: firefox.exe, 00000006.00000003.2194476354.0000015D95CC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2174164489.0000015D95CC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulp
Source: firefox.exe, 00000010.00000002.3276689279.000002640B258000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000003.2118657504.000002640B258000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.6.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000006.00000003.2070588429.0000015D93800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071735889.0000015D90B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2072708223.0000015D90B79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071885499.0000015D90B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000006.00000003.2185679325.0000015D96821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000006.00000003.2174164489.0000015D95CEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2194225957.0000015D95CEC000.00000004.00000800.00020000.00000000.sdmp, Session_13368898317734783.8.drString found in binary or memory: https://accounts.google.com
Source: MediaDeviceSalts.8.dr, Session_13368898317734783.8.drString found in binary or memory: https://accounts.google.com/
Source: MediaDeviceSalts.8.drString found in binary or memory: https://accounts.google.com//~
Source: History.8.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: firefox.exe, 0000000C.00000002.3271487419.00000162160DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Service
Source: firefox.exe, 00000010.00000002.3271134713.000002640A460000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.goog
Source: firefox.exe, 0000000C.00000002.3275309042.0000016216490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.goog.
Source: Session_13368898317734783.8.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13368898317734783.8.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.8.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: file.exe, 00000000.00000003.2017978831.0000000001140000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000002.2022018646.000002033A5E3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.2021003081.000002033A5DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: file.exe, 00000000.00000003.2017978831.000000000115C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2018661291.000000000115C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdr.
Source: file.exe, 00000000.00000002.2018619005.0000000001108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdt
Source: WebAssistDatabase.8.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: 000003.log0.8.drString found in binary or memory: https://accounts.youtube.com/
Source: Session_13368898317734783.8.drString found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=86740
Source: firefox.exe, 00000006.00000003.2898362137.0000015D917AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000006.00000003.2242524831.0000015D9518D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000006.00000003.2719714796.0000015D917D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000006.00000002.3277176208.0000015D8290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000006.00000003.2246807953.0000015D8F0B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897900903.0000015D92E4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3273004179.00000162163C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3272130681.000002640A5D4000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: firefox.exe, 00000006.00000003.2246807953.0000015D8F0B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897900903.0000015D92E4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3273004179.00000162163C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3272130681.000002640A5D4000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: firefox.exe, 00000006.00000003.2196024406.0000015D95077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: Reporting and NEL.9.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.8.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.8.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json0.8.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.8.drString found in binary or memory: https://chromewebstore.google.com/
Source: b8105376-8f06-410b-9a08-d945aea23ee5.tmp.9.dr, 2c26bf84-7059-43d9-8f6a-ebaacc34bd89.tmp.9.drString found in binary or memory: https://clients2.google.com
Source: manifest.json.8.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000006.00000003.2070588429.0000015D93800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071735889.0000015D90B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2072708223.0000015D90B79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071885499.0000015D90B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000006.00000003.2246807953.0000015D8F0B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897900903.0000015D92E4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3273004179.00000162163C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3272130681.000002640A5D4000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000006.00000003.2246807953.0000015D8F0B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897900903.0000015D92E4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3273004179.00000162163C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3272130681.000002640A5D4000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000006.00000002.3277176208.0000015D8290E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3277176208.0000015D82932000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.9.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000006.00000003.2434724730.0000015D96875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2240199060.0000015D968E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: firefox.exe, 00000006.00000003.2195054869.0000015D95564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000006.00000003.2240199060.0000015D968E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2195054869.0000015D95564000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2195054869.0000015D9554D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2436814521.0000015D9554D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000006.00000003.2434724730.0000015D96875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2240199060.0000015D968E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: firefox.exe, 00000006.00000003.2195054869.0000015D9554D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2436814521.0000015D9554D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
Source: firefox.exe, 00000006.00000003.2434724730.0000015D96875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2240199060.0000015D968E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: firefox.exe, 00000006.00000003.2195054869.0000015D95564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 00000006.00000003.2434724730.0000015D96875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2240199060.0000015D968E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: firefox.exe, 00000006.00000003.2195054869.0000015D9554D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2436814521.0000015D9554D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json.8.drString found in binary or memory: https://docs.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.8.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000006.00000003.2070588429.0000015D93800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071735889.0000015D90B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2072708223.0000015D90B79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2441067482.0000015D932F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071885499.0000015D90B60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200485500.0000015D932F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: Web Data.8.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.8.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.8.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000006.00000003.2197360955.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180557426.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2403847651.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2073031487.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071463426.0000015D931C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2075456608.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2183093807.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071602016.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180557426.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2849468071.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D93154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852803242.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2068773683.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2244948414.0000015D92ED0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852938301.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000006.00000003.2438946869.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000006.00000003.2438946869.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 000003.log6.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log6.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log6.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log7.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 000003.log6.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 000003.log8.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCate
Source: 000003.log6.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: firefox.exe, 00000006.00000003.2180557426.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2403847651.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D93154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2244948414.0000015D92ED0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852938301.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000006.00000003.2434724730.0000015D96875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2240199060.0000015D968E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2195054869.0000015D95564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000006.00000003.2190521554.0000015D95EC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2435558023.0000015D95EDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000006.00000002.3280197064.0000015D8F0DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: b8105376-8f06-410b-9a08-d945aea23ee5.tmp.9.dr, 2c26bf84-7059-43d9-8f6a-ebaacc34bd89.tmp.9.drString found in binary or memory: https://fonts.gstatic.com
Source: firefox.exe, 00000006.00000003.2898362137.0000015D917AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2898540246.0000015D8FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2246184999.0000015D8FBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000006.00000003.2070588429.0000015D93800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071735889.0000015D90B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2072708223.0000015D90B79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071885499.0000015D90B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000006.00000003.2194441162.0000015D95CCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 00000006.00000003.2431971676.0000015D95A98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2174402320.0000015D95A98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2121499158.0000015D95A98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2718627897.0000015D95A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: firefox.exe, 00000006.00000003.2660510054.00002EE05AA80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.comZ
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000006.00000002.3277176208.0000015D8290E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: prefs-1.js.6.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000006.00000003.2245799790.0000015D917CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000006.00000003.2736944997.0000015D93261000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2719027215.0000015D94F7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/3c7034d6-bc52-43bb-9a23-5da34ee205e0/health/
Source: firefox.exe, 00000006.00000003.2736944997.0000015D93261000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/a83301c6-790b-49f3-adc7-55a855f7fe79/main/Fi
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000006.00000003.2174547734.0000015D9429D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2195684322.0000015D9508D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2440077084.0000015D9508D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2113949107.0000015D9508D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2122196470.0000015D9508D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000006.00000003.2113949107.0000015D9506F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000006.00000003.2441714108.0000015D917AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2195684322.0000015D9508D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2113949107.0000015D9508D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2122196470.0000015D9508D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000006.00000003.2185679325.0000015D96821000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2854160334.0000366FAF103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000006.00000003.2854160334.0000366FAF103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.comZ
Source: firefox.exe, 00000006.00000003.2185679325.0000015D96821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000006.00000003.2180557426.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2403847651.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D93154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2244948414.0000015D92ED0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852938301.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000006.00000003.2197360955.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180557426.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2403847651.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2073031487.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071463426.0000015D931C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2075456608.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2183093807.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071602016.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180557426.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2849468071.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D93154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852803242.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2068773683.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2244948414.0000015D92ED0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852938301.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000006.00000003.2438946869.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000006.00000003.2197360955.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180557426.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2403847651.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2073031487.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071463426.0000015D931C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2075456608.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2183093807.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071602016.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180557426.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2849468071.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D93154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852803242.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2068773683.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2244948414.0000015D92ED0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852938301.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000006.00000003.2438946869.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 00000006.00000002.3277176208.0000015D829D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3273004179.0000016216372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3272130681.000002640A58C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000006.00000003.2246184999.0000015D8FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000006.00000003.2180557426.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2403847651.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D93154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2244948414.0000015D92ED0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852938301.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000006.00000003.2197360955.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180557426.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2403847651.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2073031487.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071463426.0000015D931C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2075456608.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2183093807.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071602016.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180557426.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2849468071.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D93154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852803242.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2068773683.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2244948414.0000015D92ED0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852938301.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000006.00000003.2180557426.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2403847651.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D93154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852938301.0000015D9317C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s4
Source: firefox.exe, 00000006.00000003.2438946869.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000006.00000003.2245185286.0000015D92E94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000006.00000003.2737220441.0000015D92E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000006.00000003.2737220441.0000015D92E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000006.00000003.2737729272.0000015D917C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2441714108.0000015D917C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2486714185.0000015D917C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000006.00000003.2737729272.0000015D917C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2441714108.0000015D917C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2486714185.0000015D917C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000006.00000003.2737729272.0000015D917C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2441714108.0000015D917C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2486714185.0000015D917C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000006.00000003.2737729272.0000015D917C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2441714108.0000015D917C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2486714185.0000015D917C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000006.00000003.2898040155.0000015D92E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000006.00000003.2737729272.0000015D917C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2441714108.0000015D917C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2486714185.0000015D917C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000006.00000003.2246184999.0000015D8FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000006.00000003.2071885499.0000015D90B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000006.00000003.2713326000.0000015D92E35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2486424122.0000015D92E40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000006.00000003.2242524831.0000015D9518D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000006.00000003.2242524831.0000015D9518D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000006.00000003.2898362137.0000015D917AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000006.00000003.2436451254.0000015D95DC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2192248061.0000015D95DB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000006.00000003.2719553012.0000015D93B41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2440498285.0000015D93D5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000006.00000003.2240199060.0000015D968E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: firefox.exe, 00000006.00000003.2195054869.0000015D9554D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2436814521.0000015D9554D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 00000006.00000003.2195054869.0000015D9554D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2436814521.0000015D9554D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000006.00000003.2195054869.0000015D95564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000006.00000003.2195054869.0000015D95564000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2195054869.0000015D9554D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2436814521.0000015D9554D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000006.00000003.2195054869.0000015D95564000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2195054869.0000015D9554D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2436814521.0000015D9554D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000006.00000003.2195054869.0000015D95564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000006.00000003.2898362137.0000015D917AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000006.00000003.2201717155.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2432819873.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2441248614.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713326000.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2737220441.0000015D92E49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897900903.0000015D92E4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000006.00000003.2246807953.0000015D8F0B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897900903.0000015D92E4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3273004179.00000162163C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3272130681.000002640A5D4000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: firefox.exe, 00000006.00000003.2070588429.0000015D93800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071735889.0000015D90B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2072708223.0000015D90B79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071885499.0000015D90B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000006.00000003.2246807953.0000015D8F0B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897900903.0000015D92E4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3273004179.00000162163C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3272130681.000002640A5D4000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: https://www.digicert.com/CPS0
Source: content_new.js.8.dr, content.js.8.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000006.00000003.2070588429.0000015D93800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071735889.0000015D90B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2072708223.0000015D90B79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071885499.0000015D90B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: Web Data.8.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000006.00000003.2441067482.0000015D932D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2070588429.0000015D93800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071735889.0000015D90B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200485500.0000015D932D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2072708223.0000015D90B79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071885499.0000015D90B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: b8105376-8f06-410b-9a08-d945aea23ee5.tmp.9.dr, 2c26bf84-7059-43d9-8f6a-ebaacc34bd89.tmp.9.drString found in binary or memory: https://www.googleapis.com
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000006.00000002.3281531515.0000015D8F1A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3272313811.0000004918B3C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000006.00000003.2246807953.0000015D8F05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3273004179.00000162163C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3272130681.000002640A5D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000C.00000002.3273004179.00000162163C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/N
Source: firefox.exe, 00000006.00000002.3272313811.0000004918B3C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.orgo
Source: firefox.exe, 00000006.00000003.2854160334.0000366FAF103000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200906501.0000015D93259000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000006.00000003.2854160334.0000366FAF103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comZ
Source: firefox.exe, 00000006.00000002.3281935401.0000015D8F1BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2246676118.0000015D8F1D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000006.00000003.2201717155.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2432819873.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2441248614.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713326000.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2737220441.0000015D92E49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897900903.0000015D92E4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000006.00000003.2854160334.0000366FAF103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.ca
Source: firefox.exe, 00000006.00000003.2854160334.0000366FAF103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.caZ
Source: firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897900903.0000015D92E4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000006.00000003.2434724730.0000015D96875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2240199060.0000015D968E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2195054869.0000015D95564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.80:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49780 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49786 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0053EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0053ED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0053EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0052AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0052AA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00559576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00559576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.2013878167.0000000000582000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_4b162c3f-2
Source: file.exe, 00000000.00000000.2013878167.0000000000582000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_5f784bb8-7
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_7ddb69b7-7
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_ba34d2aa-1
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000002640A4F6537 NtQuerySystemInformation,16_2_000002640A4F6537
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000002640AA79632 NtQuerySystemInformation,16_2_000002640AA79632
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0052D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0052D5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00521201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00521201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0052E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0052E8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004CBF400_2_004CBF40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005320460_2_00532046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004C80600_2_004C8060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005282980_2_00528298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004FE4FF0_2_004FE4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F676B0_2_004F676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005548730_2_00554873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004CCAF00_2_004CCAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004ECAA00_2_004ECAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DCC390_2_004DCC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F6DD90_2_004F6DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DB1190_2_004DB119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004C91C00_2_004C91C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E13940_2_004E1394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E17060_2_004E1706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E781B0_2_004E781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D997D0_2_004D997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004C79200_2_004C7920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E19B00_2_004E19B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E7A4A0_2_004E7A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E1C770_2_004E1C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E7CA70_2_004E7CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054BE440_2_0054BE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F9EEE0_2_004F9EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E1F320_2_004E1F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000002640A4F653716_2_000002640A4F6537
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000002640AA7963216_2_000002640AA79632
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000002640AA7967216_2_000002640AA79672
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000002640AA79D5C16_2_000002640AA79D5C
Source: C:\Users\user\Desktop\file.exeCode function: String function: 004C9CB3 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 004E0A30 appears 46 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 004DF9F2 appears 40 times
Source: file.exe, 00000000.00000003.2017978831.0000000001131000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs file.exe
Source: file.exe, 00000000.00000002.2018661291.0000000001131000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs file.exe
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal56.evad.winEXE@71/263@29/23
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005337B5 GetLastError,FormatMessageW,0_2_005337B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005210BF AdjustTokenPrivileges,CloseHandle,0_2_005210BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005216C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_005216C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005351CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_005351CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0052D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_0052D4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0053648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004C42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_004C42A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f5b776c1-5b36-4243-93c7-93826cec4cad.tmpJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2032,i,17235730763845207271,9954628077255362807,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2944 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2240 -parentBuildID 20230927232528 -prefsHandle 2188 -prefMapHandle 2180 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8205cf2-3fc0-4029-8ece-1522148321f6} 5772 "\\.\pipe\gecko-crash-server-pipe.5772" 15d8296dd10 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6680 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6848 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4068 -parentBuildID 20230927232528 -prefsHandle 4572 -prefMapHandle 4568 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc14055a-cb3b-4982-b2ae-49b5b90d95b7} 5772 "\\.\pipe\gecko-crash-server-pipe.5772" 15d95a12610 rdd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6488 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7216 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7452 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7452 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2032,i,17235730763845207271,9954628077255362807,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2240 -parentBuildID 20230927232528 -prefsHandle 2188 -prefMapHandle 2180 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8205cf2-3fc0-4029-8ece-1522148321f6} 5772 "\\.\pipe\gecko-crash-server-pipe.5772" 15d8296dd10 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4068 -parentBuildID 20230927232528 -prefsHandle 4572 -prefMapHandle 4568 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc14055a-cb3b-4982-b2ae-49b5b90d95b7} 5772 "\\.\pipe\gecko-crash-server-pipe.5772" 15d95a12610 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2944 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6680 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6848 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6488 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7216 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7452 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7452 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004C42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004C42DE
Source: gmpopenh264.dll.tmp.6.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E0A76 push ecx; ret 0_2_004E0A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004DF98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00551C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00551C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95532
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000002640A4F6537 rdtsc 16_2_000002640A4F6537
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.2 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0052DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0052DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004FC2A2 FindFirstFileExW,0_2_004FC2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005368EE FindFirstFileW,FindClose,0_2_005368EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0053698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0052D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0052D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0052D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0052D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00539642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00539642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0053979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00539B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00539B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00535C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00535C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004C42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004C42DE
Source: firefox.exe, 0000000C.00000002.3271487419.00000162160DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW6
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: Web Data.8.drBinary or memory string: discord.comVMware20,11696428655f
Source: Web Data.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Web Data.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: Web Data.8.drBinary or memory string: global block list test formVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: firefox.exe, 00000006.00000003.2062625706.0000015D84BE5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2051932784.0000015D84C21000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2062932064.0000015D84BE5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2051932784.0000015D84BE5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3278388412.0000015D84BE0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2062932064.0000015D84C21000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2050224051.0000015D84C21000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2050224051.0000015D84BE5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3271487419.00000162160DA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3275074593.000002640AB30000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3270277097.000002640A2CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000006.00000003.2246676118.0000015D8F1BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3281935401.0000015D8F1BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3275930131.0000016216514000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Web Data.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Web Data.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: firefox.exe, 00000010.00000002.3275074593.000002640AB30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlla
Source: Web Data.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Web Data.8.drBinary or memory string: outlook.office365.comVMware20,11696428655t
Source: Web Data.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: firefox.exe, 00000006.00000003.2051932784.0000015D84C21000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2062932064.0000015D84C21000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2050224051.0000015D84C21000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3275074593.000002640AB30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Web Data.8.drBinary or memory string: outlook.office.comVMware20,11696428655s
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Web Data.8.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: AMC password management pageVMware20,11696428655
Source: Web Data.8.drBinary or memory string: tasks.office.comVMware20,11696428655o
Source: Web Data.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Web Data.8.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Web Data.8.drBinary or memory string: interactivebrokers.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Web Data.8.drBinary or memory string: dev.azure.comVMware20,11696428655j
Source: firefox.exe, 00000010.00000002.3275074593.000002640AB30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll1
Source: Web Data.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: firefox.exe, 0000000C.00000002.3276950842.0000016216950000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllH
Source: Web Data.8.drBinary or memory string: bankofamerica.comVMware20,11696428655x
Source: Web Data.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: Web Data.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000002640A4F6537 rdtsc 16_2_000002640A4F6537
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0053EAA2 BlockInput,0_2_0053EAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004F2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004C42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004C42DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E4CE8 mov eax, dword ptr fs:[00000030h]0_2_004E4CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00520B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00520B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004F2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004F2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004E083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E09D5 SetUnhandledExceptionFilter,0_2_004E09D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004E0C21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00521201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00521201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00502BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00502BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0052B226 SendInput,keybd_event,0_2_0052B226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005422DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_005422DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00520B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00520B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00521663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00521663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E0698 cpuid 0_2_004E0698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00538195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00538195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0051D27A GetUserNameW,0_2_0051D27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004FB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_004FB952
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004C42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_004C42DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00541204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00541204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00541806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00541806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1498101 Sample: file.exe Startdate: 23/08/2024 Architecture: WINDOWS Score: 56 42 telemetry-incoming.r53-2.services.mozilla.com 2->42 44 sni1gl.wpc.nucdn.net 2->44 46 13 other IPs or domains 2->46 66 Binary is likely a compiled AutoIt script file 2->66 68 Machine Learning detection for sample 2->68 70 AI detected suspicious sample 2->70 8 file.exe 1 2->8         started        11 msedge.exe 27 402 2->11         started        14 firefox.exe 1 2->14         started        signatures3 process4 dnsIp5 72 Binary is likely a compiled AutoIt script file 8->72 74 Found API chain indicative of sandbox detection 8->74 16 msedge.exe 10 8->16         started        18 firefox.exe 1 8->18         started        60 192.168.2.16 unknown unknown 11->60 62 192.168.2.5, 443, 49335, 49661 unknown unknown 11->62 64 239.255.255.250 unknown Reserved 11->64 20 msedge.exe 11->20         started        23 msedge.exe 11->23         started        25 msedge.exe 11->25         started        30 4 other processes 11->30 27 firefox.exe 3 95 14->27         started        signatures6 process7 dnsIp8 32 msedge.exe 16->32         started        48 13.107.246.40, 443, 49751, 49760 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->48 50 s-part-0032.t-0009.t-msedge.net 13.107.246.60, 443, 49737, 49748 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->50 56 16 other IPs or domains 20->56 52 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49750, 49753, 49777 GOOGLEUS United States 27->52 54 telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123, 443, 49785, 49786 GOOGLEUS United States 27->54 58 5 other IPs or domains 27->58 38 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 27->38 dropped 40 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 27->40 dropped 34 firefox.exe 27->34         started        36 firefox.exe 27->36         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
http://www.mozilla.com00%URL Reputationsafe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
https://screenshots.firefox.com0%URL Reputationsafe
https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
https://monitor.firefox.com/breach-details/0%URL Reputationsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
https://xhr.spec.whatwg.org/#sync-warning0%URL Reputationsafe
https://profiler.firefox.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
http://exslt.org/sets0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
https://api.accounts.firefox.com/v10%URL Reputationsafe
http://exslt.org/common0%URL Reputationsafe
https://drive-daily-2.corp.google.com/0%URL Reputationsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%URL Reputationsafe
https://fpn.firefox.com0%URL Reputationsafe
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc0%URL Reputationsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
http://exslt.org/dates-and-times0%URL Reputationsafe
https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
http://win.mail.ru/cgi-bin/sentmsg?mailto=%s0%URL Reputationsafe
https://www.msn.comZ0%Avira URL Cloudsafe
https://drive-daily-1.corp.google.com/0%URL Reputationsafe
https://drive-daily-5.corp.google.com/0%URL Reputationsafe
https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%Avira URL Cloudsafe
https://bugzilla.mo0%URL Reputationsafe
https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
https://static.adsafeprotected.com/firefox-etp-js0%URL Reputationsafe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref0%URL Reputationsafe
https://chromewebstore.google.com/0%URL Reputationsafe
https://drive-preprod.corp.google.com/0%URL Reputationsafe
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%URL Reputationsafe
https://spocs.getpocket.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing0%Avira URL Cloudsafe
https://www.msn.com0%Avira URL Cloudsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
https://monitor.firefox.com/about0%URL Reputationsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
https://account.bellmedia.c0%URL Reputationsafe
https://www.openh264.org/0%URL Reputationsafe
https://www.youtube.com/0%Avira URL Cloudsafe
https://login.microsoftonline.com0%URL Reputationsafe
https://coverage.mozilla.org0%URL Reputationsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
https://accounts.youtube.com/0%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
https://blocked.cdn.mozilla.net/0%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored0%URL Reputationsafe
http://developer.mozilla.org/en/docs/DOM:element.addEventListener0%URL Reputationsafe
https://profiler.firefox.com0%URL Reputationsafe
https://outlook.live.com/default.aspx?rru=compose&to=%s0%URL Reputationsafe
https://mozilla.cloudflare-dns.com/dns-query0%URL Reputationsafe
https://contile.services.mozilla.com/v1/tiles0%URL Reputationsafe
https://monitor.firefox.com/user/preferences0%URL Reputationsafe
https://screenshots.firefox.com/0%URL Reputationsafe
https://relay.firefox.com/api/v1/0%URL Reputationsafe
https://drive-autopush.corp.google.com/0%URL Reputationsafe
https://amazon.com0%Avira URL Cloudsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report0%URL Reputationsafe
https://topsites.services.mozilla.com/cid/0%URL Reputationsafe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde74770%Avira URL Cloudsafe
https://chrome.google.com/webstore/0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r0%Avira URL Cloudsafe
http://exslt.org/strings0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%Avira URL Cloudsafe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi0%Avira URL Cloudsafe
http://www.inbox.lv/rfc2368/?value=%su0%Avira URL Cloudsafe
https://www.tsn.caZ0%Avira URL Cloudsafe
https://www.tsn.ca0%Avira URL Cloudsafe
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi0%Avira URL Cloudsafe
http://mozilla.org/MPL/2.0/.0%Avira URL Cloudsafe
https://mail.yahoo.co.jp/compose/?To=%s0%Avira URL Cloudsafe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
https://twitter.com/0%Avira URL Cloudsafe
https://www.google.com/search0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalse
    		unknown
    chrome.cloudflare-dns.com
    		162.159.61.3
    		truefalse
      		unknown
      prod.classify-client.prod.webservices.mozgcp.net
      		35.190.72.216
      		truefalse
        		unknown
        prod.balrog.prod.cloudops.mozgcp.net
        		35.244.181.201
        		truefalse
          		unknown
          prod.detectportal.prod.cloudops.mozgcp.net
          		34.107.221.82
          		truefalse
            		unknown
            services.addons.mozilla.org
            		52.222.236.80
            		truefalse
              		unknown
              ssl.bingadsedgeextension-prod-europe.azurewebsites.net
              		94.245.104.56
              		truefalse
                		unknown
                prod.remote-settings.prod.webservices.mozgcp.net
                		34.149.100.209
                		truefalse
                  		unknown
                  sni1gl.wpc.nucdn.net
                  		152.199.21.175
                  		truefalse
                    		unknown
                    ipv4only.arpa
                    		192.0.0.170
                    		truefalse
                      		unknown
                      googlehosted.l.googleusercontent.com
                      		142.250.184.193
                      		truefalse
                        		unknown
                        s-part-0032.t-0009.t-msedge.net
                        		13.107.246.60
                        		truefalse
                          		unknown
                          telemetry-incoming.r53-2.services.mozilla.com
                          		34.120.208.123
                          		truefalse
                            		unknown
                            detectportal.firefox.com
                            		unknown
                            		unknownfalse
                              		unknown
                              clients2.googleusercontent.com
                              		unknown
                              		unknownfalse
                                		unknown
                                bzib.nelreports.net
                                		unknown
                                		unknownfalse
                                  		unknown
                                  firefox.settings.services.mozilla.com
                                  		unknown
                                  		unknownfalse
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    https://www.google.com/favicon.icofalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://duckduckgo.com/chrome_newtabWeb Data.8.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://duckduckgo.com/ac/?q=Web Data.8.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.msn.comZfirefox.exe, 00000006.00000003.2854160334.0000366FAF103000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.mozilla.com0firefox.exe, 00000006.00000003.2439898509.0000015D95142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.firefox.exe, 00000006.00000003.2246807953.0000015D8F0B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897900903.0000015D92E4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3273004179.00000162163C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3272130681.000002640A5D4000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000006.00000002.3277176208.0000015D829D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3273004179.0000016216372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3272130681.000002640A58C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.9.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://docs.google.com/manifest.json.8.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://screenshots.firefox.comfirefox.exe, 00000006.00000003.2246184999.0000015D8FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://completion.amazon.com/search/complete?q=firefox.exe, 00000006.00000003.2070588429.0000015D93800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071735889.0000015D90B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2072708223.0000015D90B79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071885499.0000015D90B60000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000006.00000003.2242524831.0000015D9518D000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://monitor.firefox.com/breach-details/firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000006.00000003.2434724730.0000015D96875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2240199060.0000015D968E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2195054869.0000015D95564000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000006.00000003.2070588429.0000015D93800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071735889.0000015D90B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2072708223.0000015D90B79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071885499.0000015D90B60000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://profiler.firefox.com/firefox.exe, 00000006.00000003.2245185286.0000015D92E94000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.msn.comfirefox.exe, 00000006.00000003.2854160334.0000366FAF103000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200906501.0000015D93259000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://github.com/mozilla-services/screenshotsfirefox.exe, 00000006.00000003.2070588429.0000015D93800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071735889.0000015D90B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2072708223.0000015D90B79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071885499.0000015D90B60000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://exslt.org/setsfirefox.exe, 00000006.00000003.2246807953.0000015D8F08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2899584479.0000015D8F08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3280197064.0000015D8F08C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingfirefox.exe, 00000006.00000003.2434724730.0000015D96875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2240199060.0000015D968E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://accounts.youtube.com/000003.log0.8.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://api.accounts.firefox.com/v1firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://exslt.org/commonfirefox.exe, 00000006.00000003.2246807953.0000015D8F08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2899584479.0000015D8F08C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3280197064.0000015D8F08C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://drive-daily-2.corp.google.com/manifest.json.8.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://fpn.firefox.comfirefox.exe, 00000006.00000003.2898362137.0000015D917AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2898540246.0000015D8FBB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2246184999.0000015D8FBB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 00000006.00000003.2195054869.0000015D95564000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.8.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://exslt.org/dates-and-timesfirefox.exe, 00000006.00000003.2899584479.0000015D8F081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2246807953.0000015D8F081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3280197064.0000015D8F081000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://win.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 00000006.00000003.2197360955.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2073031487.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071463426.0000015D931C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2075456608.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2183093807.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071602016.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180557426.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2849468071.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852803242.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2068773683.0000015D931D5000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://drive-daily-1.corp.google.com/manifest.json.8.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.youtube.com/firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897900903.0000015D92E4D000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://drive-daily-5.corp.google.com/manifest.json.8.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.9.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://127.0.0.1:firefox.exe, 00000006.00000003.2486358478.0000015D93261000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200906501.0000015D93259000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2736944997.0000015D93261000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897818413.0000015D93261000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2244829606.0000015D93269000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://bugzilla.mofirefox.exe, 00000006.00000003.2196024406.0000015D95077000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://mitmdetection.services.mozilla.com/firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://amazon.comfirefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000006.00000003.2242524831.0000015D9518D000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 00000006.00000003.2246807953.0000015D8F0B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897900903.0000015D92E4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3273004179.00000162163C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3272130681.000002640A5D4000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://chromewebstore.google.com/manifest.json0.8.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://drive-preprod.corp.google.com/manifest.json.8.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 00000006.00000003.2246807953.0000015D8F0B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897900903.0000015D92E4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.3273004179.00000162163C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3272130681.000002640A5D4000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://chrome.google.com/webstore/manifest.json0.8.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000006.00000003.2240199060.0000015D968E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2195054869.0000015D95564000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2195054869.0000015D9554D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2436814521.0000015D9554D000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://spocs.getpocket.com/firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://exslt.org/stringsfirefox.exe, 00000006.00000002.3277176208.0000015D82903000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000006.00000003.2713326000.0000015D92E35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2486424122.0000015D92E40000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.6.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000006.00000003.2438946869.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.tsn.caZfirefox.exe, 00000006.00000003.2854160334.0000366FAF103000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.tsn.cafirefox.exe, 00000006.00000003.2854160334.0000366FAF103000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://monitor.firefox.com/aboutfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://mozilla.org/MPL/2.0/.firefox.exe, 00000006.00000003.2200394149.0000015D93748000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2118376329.0000015D95F84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2183093807.0000015D931AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2118376329.0000015D95FD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173453927.0000015D95FD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2190157556.0000015D95F33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173453927.0000015D95F3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180202134.0000015D93CD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2442594965.0000015D95B81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2194745815.0000015D95AD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2090222771.0000015D93FD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2203935936.000001600003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2174402320.0000015D95A8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2092344524.0000015D93FD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2121499158.0000015D95AD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2118376329.0000015D95FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D93748000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2851907346.0000015D93FED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2173453927.0000015D95F63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2093360118.0000015D93FED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2182116177.0000015D93FD2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://account.bellmedia.cfirefox.exe, 00000006.00000003.2185679325.0000015D96821000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.openh264.org/firefox.exe, 00000006.00000002.3281935401.0000015D8F1BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2246676118.0000015D8F1D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://login.microsoftonline.comfirefox.exe, 00000006.00000003.2185679325.0000015D96821000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://coverage.mozilla.orgfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000006.00000003.2439898509.0000015D95142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2442855110.0000015D94300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.9.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://blocked.cdn.mozilla.net/firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 00000006.00000003.2195054869.0000015D9554D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2436814521.0000015D9554D000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 00000006.00000003.2434724730.0000015D96875000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2240199060.0000015D968E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2195054869.0000015D9554D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2436814521.0000015D9554D000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://profiler.firefox.comfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 00000006.00000003.2180557426.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2403847651.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D93154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2244948414.0000015D92ED0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852938301.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 00000006.00000003.2197360955.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180557426.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2403847651.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2073031487.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071463426.0000015D931C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2075456608.0000015D931D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2183093807.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071602016.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2180557426.0000015D931C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2849468071.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D931D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2842368117.0000015D93154000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852803242.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2068773683.0000015D931D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2244948414.0000015D92ED0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2852938301.0000015D9317C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201264940.0000015D92EC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoWeb Data.8.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://monitor.firefox.com/user/preferencesfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://screenshots.firefox.com/firefox.exe, 00000006.00000003.2071885499.0000015D90B60000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.google.com/searchfirefox.exe, 00000006.00000003.2441067482.0000015D932D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2070588429.0000015D93800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071735889.0000015D90B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200485500.0000015D932D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2072708223.0000015D90B79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2071885499.0000015D90B60000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://relay.firefox.com/api/v1/firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://drive-autopush.corp.google.com/manifest.json.8.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://topsites.services.mozilla.com/cid/firefox.exe, 0000000C.00000002.3272606403.0000016216190000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3271545398.000002640A4B0000.00000002.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://twitter.com/firefox.exe, 00000006.00000003.2201717155.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2432819873.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2441248614.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2404733875.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2200349337.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713326000.0000015D92E51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2737220441.0000015D92E49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2713160126.0000015D937CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2897900903.0000015D92E4D000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    13.107.246.40
                                    		unknownUnited States
                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                    152.195.19.97
                                    		unknownUnited States
                                    		15133EDGECASTUSfalse
                                    142.251.40.228
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    13.107.246.60
                                    		s-part-0032.t-0009.t-msedge.netUnited States
                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                    162.159.61.3
                                    		chrome.cloudflare-dns.comUnited States
                                    		13335CLOUDFLARENETUSfalse
                                    172.64.41.3
                                    		unknownUnited States
                                    		13335CLOUDFLARENETUSfalse
                                    34.120.208.123
                                    		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                    		15169GOOGLEUSfalse
                                    142.250.65.174
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    142.250.184.193
                                    		googlehosted.l.googleusercontent.comUnited States
                                    		15169GOOGLEUSfalse
                                    94.245.104.56
                                    		ssl.bingadsedgeextension-prod-europe.azurewebsites.netUnited Kingdom
                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                    23.57.90.146
                                    		unknownUnited States
                                    		35994AKAMAI-ASUSfalse
                                    34.149.100.209
                                    		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                    		2686ATGS-MMD-ASUSfalse
                                    52.222.236.80
                                    		services.addons.mozilla.orgUnited States
                                    		16509AMAZON-02USfalse
                                    172.253.62.84
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    142.250.80.99
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    34.107.221.82
                                    		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                    		15169GOOGLEUSfalse
                                    35.244.181.201
                                    		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                    		15169GOOGLEUSfalse
                                    239.255.255.250
                                    		unknownReserved
                                    		unknownunknownfalse
                                    35.190.72.216
                                    		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                    		15169GOOGLEUSfalse
                                    172.217.165.142
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse

                                    Private

                                    IP
                                    192.168.2.16
                                    192.168.2.5
                                    127.0.0.1

                                    General Information

                                    Joe Sandbox version:40.0.0 Tourmaline
                                    Analysis ID:1498101
                                    Start date and time:2024-08-23 16:51:05 +02:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 6m 53s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:23
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:file.exe
                                    Detection:MAL
                                    Classification:mal56.evad.winEXE@71/263@29/23
                                    EGA Information:
                                    • Successful, ratio: 50%
                                    HCA Information:
                                    • Successful, ratio: 97%
                                    • Number of executed functions: 34
                                    • Number of non-executed functions: 314
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 74.125.133.84, 13.107.21.239, 204.79.197.239, 172.217.16.206, 13.107.6.158, 13.107.42.16, 2.19.126.152, 2.19.126.145, 142.250.186.99, 142.250.74.195, 2.23.209.143, 2.23.209.154, 2.23.209.150, 2.23.209.140, 2.23.209.187, 2.23.209.189, 2.23.209.149, 2.23.209.144, 2.23.209.135, 20.103.156.88, 93.184.221.240, 192.229.221.95, 172.217.18.14, 2.22.61.59, 2.22.61.56, 142.250.185.238, 142.250.64.67, 142.251.41.3, 142.250.65.163
                                    • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, edgeassetservice.afd.azureedge.net, aus5.mozilla.org, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, www.bing.com, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, wildcardtlu-ssl.azureedge.net, edgeassetservice.azureedge.net, clients.l.google.com, location.services.mozilla.com, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, arc.msn.com, www.bing.com.edgekey.net, redirector.gvt1.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmanager.net, config.edge.sky
                                    • Execution Graph export aborted for target firefox.exe, PID 5772 because it is empty
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtOpenFile calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                    • VT rate limit hit for: file.exe

                                    Simulations

                                    Behavior and APIs

                                    No simulations

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                                    • www.aib.gov.uk/
                                    NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                    • 2s.gg/3zs
                                    PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                                    • 2s.gg/42Q
                                    06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                                    • 2s.gg/3zk
                                    Quotation.xlsGet hashmaliciousUnknownBrowse
                                    • 2s.gg/3zM
                                    152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
                                    • www.ust.com/
                                    13.107.246.60https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1vGet hashmaliciousUnknownBrowse
                                    • www.mimecast.com/Customers/Support/Contact-support/
                                    http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5Get hashmaliciousUnknownBrowse
                                    • wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                                    • 162.159.61.3
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 162.159.61.3
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 172.64.41.3
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 172.64.41.3
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 162.159.61.3
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 162.159.61.3
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 162.159.61.3
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 172.64.41.3
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 172.64.41.3
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 172.64.41.3
                                    example.orgfile.exeGet hashmaliciousUnknownBrowse
                                    • 93.184.215.14
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 93.184.215.14
                                    random.exeGet hashmaliciousAmadey, StealcBrowse
                                    • 93.184.215.14
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 93.184.215.14
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 93.184.215.14
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 93.184.215.14
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 93.184.215.14
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 93.184.215.14
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 93.184.215.14
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 93.184.215.14
                                    services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                                    • 18.65.39.112
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 52.222.236.120
                                    random.exeGet hashmaliciousAmadey, StealcBrowse
                                    • 52.222.236.120
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 52.222.236.23
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 52.222.236.23
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 52.222.236.120
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 52.222.236.23
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 18.65.39.85
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 52.222.236.48
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 18.65.39.4

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    CLOUDFLARENETUShttp://ezp-prod1.hul.harvard.edu/login?qurl=https://nearbystorageunitss.com/image#YmhvZmZtYW5AaGlsY29ycC5jb20=Get hashmaliciousHTMLPhisherBrowse
                                    • 104.17.25.14
                                    https://app.supercast.com/ahoy/messages/NuCwMXL7H9TYxRcbnPV2HNBC27R3XTJ7/click?signature=a81c8ff09c7aec0f320b61cbf7dd42e1a041100b&url=https://nursematte.com/asdbhewjcjfnjernfreddbecje/cloudflare-antibot#Kirsten.stevens+sueryder.orgGet hashmaliciousHTMLPhisherBrowse
                                    • 172.67.70.233
                                    script.ps1Get hashmaliciousUnknownBrowse
                                    • 172.67.190.251
                                    http://fszatrack.xyzGet hashmaliciousUnknownBrowse
                                    • 188.114.96.3
                                    FW_ SLS properties Credit application.msgGet hashmaliciousUnknownBrowse
                                    • 188.114.96.3
                                    specification details.exeGet hashmaliciousSnake KeyloggerBrowse
                                    • 188.114.96.3
                                    https://gamma.app/docs/access-e8vjky3je6dx04nGet hashmaliciousUnknownBrowse
                                    • 104.18.11.200
                                    https://tinyurl.com/EDODHTQN#em=heidi.wiebold@trapezegroup.comGet hashmaliciousPhisherBrowse
                                    • 188.114.96.3
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 172.64.41.3
                                    700987654656676.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                    • 188.114.97.3
                                    MICROSOFT-CORP-MSN-AS-BLOCKUSCorp.AcctPayable Payment Update.pdfGet hashmaliciousUnknownBrowse
                                    • 52.123.128.14
                                    http://fszatrack.xyzGet hashmaliciousUnknownBrowse
                                    • 13.107.246.60
                                    FW_ SLS properties Credit application.msgGet hashmaliciousUnknownBrowse
                                    • 52.113.194.132
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 94.245.104.56
                                    700987654656676.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                    • 13.107.137.11
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 13.107.246.60
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 13.107.246.60
                                    http://algestconsulting20-my.sharepoint.com/:f:/g/personal/jacques_cangah_algest-consulting_com/EkolIGllKGRKhe-gd4i73uMBzF46oqcv00d-WXGnz9D-FwGet hashmaliciousUnknownBrowse
                                    • 40.99.150.66
                                    https://bstouten.sazular.com/?preview=1&v=99098329Get hashmaliciousHTMLPhisherBrowse
                                    • 13.107.21.237
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 13.107.246.60
                                    EDGECASTUShttps://app.supercast.com/ahoy/messages/NuCwMXL7H9TYxRcbnPV2HNBC27R3XTJ7/click?signature=a81c8ff09c7aec0f320b61cbf7dd42e1a041100b&url=https://nursematte.com/asdbhewjcjfnjernfreddbecje/cloudflare-antibot#Kirsten.stevens+sueryder.orgGet hashmaliciousHTMLPhisherBrowse
                                    • 152.199.21.175
                                    http://fszatrack.xyzGet hashmaliciousUnknownBrowse
                                    • 152.199.21.175
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 152.195.19.97
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 152.195.19.97
                                    http://algestconsulting20-my.sharepoint.com/:f:/g/personal/jacques_cangah_algest-consulting_com/EkolIGllKGRKhe-gd4i73uMBzF46oqcv00d-WXGnz9D-FwGet hashmaliciousUnknownBrowse
                                    • 152.199.21.175
                                    https://bstouten.sazular.com/?preview=1&v=99098329Get hashmaliciousHTMLPhisherBrowse
                                    • 152.199.21.175
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 152.195.19.97
                                    Review_Aonoro.pdfGet hashmaliciousUnknownBrowse
                                    • 93.184.221.240
                                    http://url103.dignitycampaign.net/ls/click?upn=u001.Cas5ugePNtSf1mSWabrqo3mcJtdueilvOPTgzdlEpUd4GqCBNMVtW-2F-2F2wgGqCLpTN6dAfdijLlYq9iwquJXmE-2BZj79F37Z0CckED5TsG4fQ25o-2Fg-2FPDuwQBBWHkJ8RPrCF5saPUwaAjeZZiD8h-2FB9W48m4tIaN6GGErXkSFKFmDgBEYW1T7k-2FnXnvn8ldLi-2FIdfk0aRSirefRJxNUdOIGpZfncANcS7uFNatgOPxV2Ygm6fLOUWLotwEqsin4Y1CmtZ7BxfF5foNolE-2Boa25K-2B7wPI3V-2B767Ve4mOhPgJzLgSnGmthLVhWy6BYQf00QNI659fk8q12w02DBMlmMrw3khDr3cnNgYYng2Y5i7BXuipr6DyeGT98fM-2FKBVEQSrbKIquH3JWJaaXzReEynWFW3nTYFz4s5xNRnFU5AokDAcZstvVwxKq-2FJ1IjM1twMf6Hwg_J4YDns4pksLrb17hOXi2aOEwqj3m3dsJSi8gSl9zOoLhblODLjz6IKGTmKF92YKf5UEx9qOPJhvHxt6OvXPWhTIMtIICg1dYT0JxHA0xPVOIL6-2FatGunkes1VHfyRgkBTjXb0N8OIv5rbfThOrNJV8o4LJaaqlIOJB8KNeMcZLv1BO01a-2BZFPSvVNpAIaUaUnS-2BTtMnNrsqDBXNDQiQ2C60GIMOxXkEBDcUqmXWKAXHT2jyJKnE-2BTVX7Dn6v15EXXnFGV7DsBJuyOfxy4Jpp-2FDgxjoJYvwKKleeNMeZbnV7GSaFm53K3rrMP7FHypDrTj5gZolkQN74G665MiZOGOEsJpZBxGWUmRe5KD1lnqv9UsmS5oXGuT59ef-2B-2BOIJwozGuQ8LcLU9sq2bhaxr5QKojdGSLYHkQV48pY3diE-2FSKipsOxgeSp8hri35emljCrDJ8o2gvEcqTrgSbi5z9cBSKny1JK-2FAw-2B-2Bt5GdKd66pp3fqQXb-2FO03pmb7PSvgIGO-2BeUcgeDGkShCS6uwIbaWf92ZS-2BRnf-2BH4JXvcFqQFMHG6QluReLkOtpCzV5c3fz0XkA9GRQTJKj7LLrgRu3TEig-3D-3DGet hashmaliciousUnknownBrowse
                                    • 93.184.221.165
                                    Remittance_Details_#56712.htmlGet hashmaliciousHTMLPhisherBrowse
                                    • 152.199.21.175
                                    MICROSOFT-CORP-MSN-AS-BLOCKUSCorp.AcctPayable Payment Update.pdfGet hashmaliciousUnknownBrowse
                                    • 52.123.128.14
                                    http://fszatrack.xyzGet hashmaliciousUnknownBrowse
                                    • 13.107.246.60
                                    FW_ SLS properties Credit application.msgGet hashmaliciousUnknownBrowse
                                    • 52.113.194.132
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 94.245.104.56
                                    700987654656676.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                    • 13.107.137.11
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 13.107.246.60
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 13.107.246.60
                                    http://algestconsulting20-my.sharepoint.com/:f:/g/personal/jacques_cangah_algest-consulting_com/EkolIGllKGRKhe-gd4i73uMBzF46oqcv00d-WXGnz9D-FwGet hashmaliciousUnknownBrowse
                                    • 40.99.150.66
                                    https://bstouten.sazular.com/?preview=1&v=99098329Get hashmaliciousHTMLPhisherBrowse
                                    • 13.107.21.237
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 13.107.246.60

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    28a2c9bd18a11de089ef85a160da29e4http://premium.davidabostic.comGet hashmaliciousUnknownBrowse
                                    • 184.28.90.27
                                    • 20.114.59.183
                                    http://ezp-prod1.hul.harvard.edu/login?qurl=https://nearbystorageunitss.com/image#YmhvZmZtYW5AaGlsY29ycC5jb20=Get hashmaliciousHTMLPhisherBrowse
                                    • 184.28.90.27
                                    • 20.114.59.183
                                    Corp.AcctPayable Payment Update.pdfGet hashmaliciousUnknownBrowse
                                    • 184.28.90.27
                                    • 20.114.59.183
                                    https://app.supercast.com/ahoy/messages/NuCwMXL7H9TYxRcbnPV2HNBC27R3XTJ7/click?signature=a81c8ff09c7aec0f320b61cbf7dd42e1a041100b&url=https://nursematte.com/asdbhewjcjfnjernfreddbecje/cloudflare-antibot#Kirsten.stevens+sueryder.orgGet hashmaliciousHTMLPhisherBrowse
                                    • 184.28.90.27
                                    • 20.114.59.183
                                    http://lixowaste.comGet hashmaliciousUnknownBrowse
                                    • 184.28.90.27
                                    • 20.114.59.183
                                    http://fszatrack.xyzGet hashmaliciousUnknownBrowse
                                    • 184.28.90.27
                                    • 20.114.59.183
                                    https://gabrielamartinez.hosted.phplist.com/lists/lt.php?tid=ehpRUwdcC1FXB05UUgRXS1BQBQEVWwgBV0wGB1EFBFVTVwdRDg9EUVIABVRRVwRLVAJRVhUNXlkNTAYDDAIZUwJXU1cEXAELDQcGHgAAVAQCCQYCFVsBXQZMUAEEBxldUFdTT1UMWQMMBQYGUwxRUgGet hashmaliciousUnknownBrowse
                                    • 184.28.90.27
                                    • 20.114.59.183
                                    https://gamma.app/docs/access-e8vjky3je6dx04nGet hashmaliciousUnknownBrowse
                                    • 184.28.90.27
                                    • 20.114.59.183
                                    https://tinyurl.com/EDODHTQN#em=heidi.wiebold@trapezegroup.comGet hashmaliciousPhisherBrowse
                                    • 184.28.90.27
                                    • 20.114.59.183
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 184.28.90.27
                                    • 20.114.59.183
                                    fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                                    • 35.244.181.201
                                    • 34.149.100.209
                                    • 52.222.236.80
                                    • 34.120.208.123
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 35.244.181.201
                                    • 34.149.100.209
                                    • 52.222.236.80
                                    • 34.120.208.123
                                    random.exeGet hashmaliciousAmadey, StealcBrowse
                                    • 35.244.181.201
                                    • 34.149.100.209
                                    • 52.222.236.80
                                    • 34.120.208.123
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 35.244.181.201
                                    • 34.149.100.209
                                    • 52.222.236.80
                                    • 34.120.208.123
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 35.244.181.201
                                    • 34.149.100.209
                                    • 52.222.236.80
                                    • 34.120.208.123
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 35.244.181.201
                                    • 34.149.100.209
                                    • 52.222.236.80
                                    • 34.120.208.123
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 35.244.181.201
                                    • 34.149.100.209
                                    • 52.222.236.80
                                    • 34.120.208.123
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 35.244.181.201
                                    • 34.149.100.209
                                    • 52.222.236.80
                                    • 34.120.208.123
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 35.244.181.201
                                    • 34.149.100.209
                                    • 52.222.236.80
                                    • 34.120.208.123
                                    file.exeGet hashmaliciousUnknownBrowse
                                    • 35.244.181.201
                                    • 34.149.100.209
                                    • 52.222.236.80
                                    • 34.120.208.123

                                    Dropped Files

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousUnknownBrowse
                                          file.exeGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                          file.exeGet hashmaliciousUnknownBrowse

                                                                            Created / dropped Files

                                                                            C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_db1c19c8-c1f5-4a29-84a2-8419dd8dac0b.json (copy)

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):6439
                                                                            Entropy (8bit):5.140189809953516
                                                                            Encrypted:false
                                                                            SSDEEP:192:6KMX1P81Pe1PRcbhbVbTbfbRbObtbyEznpnSrDtTZdB:6PFPgPSPRcNhnzFSJ7nSrDhZdB
                                                                            MD5:54D5E4FE9B571EAC9B0C71CF2CF327E0
                                                                            SHA1:BDE6D0FE3B91133D55379C2B118CFB8ECBB35C0B
                                                                            SHA-256:961B9BFBF4C5A520EB2C76A780D78D70B7381C11D1B9E41A75BE36517126F114
                                                                            SHA-512:15B6056BF4E5FF18A3C3F9450AD5F4D44BF5CFC89A2B4D2B12CB646BA6934AC16BA3E847A220522136E7AAE9E83C0E9ACDB4BA65EDBA57F05DEC340D9CF80C29
                                                                            Malicious:false
                                                                            Preview:{"type":"uninstall","id":"db1c19c8-c1f5-4a29-84a2-8419dd8dac0b","creationDate":"2024-08-23T16:03:41.837Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                            C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_db1c19c8-c1f5-4a29-84a2-8419dd8dac0b.json.tmp

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):6439
                                                                            Entropy (8bit):5.140189809953516
                                                                            Encrypted:false
                                                                            SSDEEP:192:6KMX1P81Pe1PRcbhbVbTbfbRbObtbyEznpnSrDtTZdB:6PFPgPSPRcNhnzFSJ7nSrDhZdB
                                                                            MD5:54D5E4FE9B571EAC9B0C71CF2CF327E0
                                                                            SHA1:BDE6D0FE3B91133D55379C2B118CFB8ECBB35C0B
                                                                            SHA-256:961B9BFBF4C5A520EB2C76A780D78D70B7381C11D1B9E41A75BE36517126F114
                                                                            SHA-512:15B6056BF4E5FF18A3C3F9450AD5F4D44BF5CFC89A2B4D2B12CB646BA6934AC16BA3E847A220522136E7AAE9E83C0E9ACDB4BA65EDBA57F05DEC340D9CF80C29
                                                                            Malicious:false
                                                                            Preview:{"type":"uninstall","id":"db1c19c8-c1f5-4a29-84a2-8419dd8dac0b","creationDate":"2024-08-23T16:03:41.837Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\043b1a79-fceb-45c4-a100-e8b8275f8db8.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:modified
                                                                            Size (bytes):44596
                                                                            Entropy (8bit):6.0967136335256855
                                                                            Encrypted:false
                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBRwuIhDO6vP6OXnrCDZX/F98cGoup1Xl3jVzXr4CW:z/Ps+wsI7ynEL6Xrchu3VlXr4CRo1
                                                                            MD5:AFB4EFF7039D2B06FE50827E44F32C1B
                                                                            SHA1:D0FAED068F495E403F436793AD09637DD9348188
                                                                            SHA-256:66ECD448F4C76998AA1391270E43367FD02488049C6E4082C943DCB7C831EFB4
                                                                            SHA-512:3D3A077B7A99E5837E1118AC42D96F24F6950147266B82C3FF214E84A1FD9BDF85ACDF23C0301EDA51A6842ADD7BD2DE4C80A76772A19AA98D6858DD3520524E
                                                                            Malicious:false
                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5eb944ec-86a0-49d9-bdf3-f7e7a456cb61.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):45752
                                                                            Entropy (8bit):6.089188811167107
                                                                            Encrypted:false
                                                                            SSDEEP:768:2M7X2zt1jKYqHkZeh9K1D1hDO6vP6OXnr6iZWy3YHK/pIOyFsTJCAoNGoup1Xl3E:2MSzvKYqsa9K06XuWpIOyFstRoNhu3VU
                                                                            MD5:6A6A2C06B9C5F6B563C29B1468D4BDAD
                                                                            SHA1:E89F6CFD499AA60456FDDC2C7EBB0D11F1B71E8E
                                                                            SHA-256:6F1B84B119C37B76938CB5FA7165CA42007E6E4498EED2173919F26B1616A2E8
                                                                            SHA-512:3482274534F80885BAEDF10B8772BBB4BCA2E4C43B4AB574570577829B3B1E23EC82C94601E6B517FC75699A267522F53BBA00D0A3F33AACF1DE908E1A7C38B7
                                                                            Malicious:false
                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):4194304
                                                                            Entropy (8bit):0.0
                                                                            Encrypted:false
                                                                            SSDEEP:3::
                                                                            MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                            SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                            SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                            SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                            Malicious:false
                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):4194304
                                                                            Entropy (8bit):0.0
                                                                            Encrypted:false
                                                                            SSDEEP:3::
                                                                            MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                            SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                            SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                            SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                            Malicious:false
                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66C8A20A-1CC0.pma

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):4194304
                                                                            Entropy (8bit):0.48263221538004
                                                                            Encrypted:false
                                                                            SSDEEP:6144:jpYm76sf371OaH91GJwgLSqeWKkOaHw7vL:N71FuJw2F
                                                                            MD5:06E9B851087F531A8473E8CAB43C041D
                                                                            SHA1:1A5FD62B4D031671117E51C785413E310ED7C423
                                                                            SHA-256:6C11BC61BB4CD81E3F23BDFF35201454F9274A77AD69AC130D1390C3BB034979
                                                                            SHA-512:A685729F696493B5CDF1FE9B271ADC2216DF003CD0626E9D350A77FEBBCDC6C064BEA7843684775BCF7F4F185BF5851DF8C5B3AC2D6A7B6DF82E499770EAF6CE
                                                                            Malicious:false
                                                                            Preview:...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".blhhgs20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K..>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................ .2........V.....

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):280
                                                                            Entropy (8bit):4.132041621771752
                                                                            Encrypted:false
                                                                            SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
                                                                            MD5:845CFA59D6B52BD2E8C24AC83A335C66
                                                                            SHA1:6882BB1CE71EB14CEF73413EFC591ACF84C63C75
                                                                            SHA-256:29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
                                                                            SHA-512:8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
                                                                            Malicious:false
                                                                            Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\50650ad5-16fb-4f9f-bc9c-358e89bc017a.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):30210
                                                                            Entropy (8bit):5.5655682322503495
                                                                            Encrypted:false
                                                                            SSDEEP:768:CBCOGD7pLGLvtIWPZVfDX8F1+UoAYDCx9Tuqh0VfUC9xbog/OV4A5L7G+rwjpQtU:CBCOG1cvtIWPZVfDXu1jaFA5/GbqtU
                                                                            MD5:9CF8FBBE64765B1D2021FB5D4FF8B917
                                                                            SHA1:2F7B8C15AB8A6FAABE7F9F6A3BB3D4D5843DBE15
                                                                            SHA-256:0639C9545194318918123F414684D04707FDC0973E7D15C164E70D9CCC692B98
                                                                            SHA-512:7E574E4E6933ECC2B51DF5CCBB7025AF691289EEF8FEB03205190B1E33A299640E5E02CDD4B737C3EE40AA2DC26ABCDE464912627B27D6FF2094C9E705281071
                                                                            Malicious:false
                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368898315169275","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368898315169275","location":5,"ma

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\724fb5be-7177-4658-9333-031154b0a51e.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:very short file (no magic)
                                                                            Category:dropped
                                                                            Size (bytes):1
                                                                            Entropy (8bit):0.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:L:L
                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                            Malicious:false
                                                                            Preview:.

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9b999ceb-39e9-4ef0-8da6-900b1b9e8425.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:very short file (no magic)
                                                                            Category:dropped
                                                                            Size (bytes):1
                                                                            Entropy (8bit):0.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:L:L
                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                            Malicious:false
                                                                            Preview:.

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):16
                                                                            Entropy (8bit):3.2743974703476995
                                                                            Encrypted:false
                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                            Malicious:false
                                                                            Preview:MANIFEST-000001.

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):33
                                                                            Entropy (8bit):3.5394429593752084
                                                                            Encrypted:false
                                                                            SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                            MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                            SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                            SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                            SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                            Malicious:false
                                                                            Preview:...m.................DB_VERSION.1

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):16
                                                                            Entropy (8bit):3.2743974703476995
                                                                            Encrypted:false
                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                            Malicious:false
                                                                            Preview:MANIFEST-000001.

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):309
                                                                            Entropy (8bit):5.2212300776275296
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPeM2M1923oH+Tcwtp3hBtB2KLlLPeaSZVq2P923oH+Tcwtp3hBWsIFUv:NPMhYebp3dFL1P4v4Yebp3eFUv
                                                                            MD5:D2A1A59D29179FDB0B4A2CD0E62712F6
                                                                            SHA1:79DBE220D8F24A36B209FEB26F542AA6A73B6E32
                                                                            SHA-256:6354587F3E896880B62F10F60221A35AA57E0835277CBBD5757C17A00D3D2E2B
                                                                            SHA-512:3895CA2D472AAA9F17390985927D7FB30850B33CC867D22E6931E133ACF0F6628528A9CBAD6C8055ECEFC20A323005C27960D9AADB832C7BD7807BBAFDAFEE56
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:52:01.014 1dc4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/08/23-10:52:01.175 1dc4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:OpenPGP Secret Key
                                                                            Category:dropped
                                                                            Size (bytes):41
                                                                            Entropy (8bit):4.704993772857998
                                                                            Encrypted:false
                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                            Malicious:false
                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:modified
                                                                            Size (bytes):480979
                                                                            Entropy (8bit):5.394837196404918
                                                                            Encrypted:false
                                                                            SSDEEP:3072:v+477TZyhJOGiMlbOFbXG/KFd2X13p8S15tndAYDI11csx2:v+4zZoOG1eLG/KKp8cdAYDI11csA
                                                                            MD5:CA2FF51BE9D2508A2F973BF619F178F7
                                                                            SHA1:6ED8CB8269866B3223E7842A44BF48E370204700
                                                                            SHA-256:2F1B2B3CC8CA774EAFD3D03E9C0F7D0E6964E7173A95A060C953FDB9BA410BC7
                                                                            SHA-512:9A207B10E5DF65FFC4E8200C42042AB49B6AAF2B9DE979E114FDBDD82E385A817476F0C1BAAA6EDD417F54F4FB61588A297B839C88020CECB7C9BA474C97E491
                                                                            Malicious:false
                                                                            Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):336
                                                                            Entropy (8bit):5.099324690312264
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPeNVjOq2P923oH+Tcwt9Eh1tIFUt88PeNHZmw+8PebvzkwO923oH+Tcwt9Eh15d:NPyjOv4Yeb9Eh16FUt88PQ/+8PAz5LYf
                                                                            MD5:AEC76F2D403E7E570A3208AD6D30CB9D
                                                                            SHA1:2605183A9D62BF98F32F57B64CC96F44D25258CF
                                                                            SHA-256:EBA659BC77EED5575F97816748F75285EA53B624BE2C7A6AF8208408AFF78196
                                                                            SHA-512:816AE9D7FC3C0F7C3DB990F0FD439C753CC30364F312352581F1D56EECC3AF70D093DD760B9396A2E66903D13A1EDF86E600B77FE4B3AC869D214FC4C245956E
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:52:00.765 23d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/08/23-10:52:00.767 23d0 Recovering log #3.2024/08/23-10:52:00.806 23d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):336
                                                                            Entropy (8bit):5.099324690312264
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPeNVjOq2P923oH+Tcwt9Eh1tIFUt88PeNHZmw+8PebvzkwO923oH+Tcwt9Eh15d:NPyjOv4Yeb9Eh16FUt88PQ/+8PAz5LYf
                                                                            MD5:AEC76F2D403E7E570A3208AD6D30CB9D
                                                                            SHA1:2605183A9D62BF98F32F57B64CC96F44D25258CF
                                                                            SHA-256:EBA659BC77EED5575F97816748F75285EA53B624BE2C7A6AF8208408AFF78196
                                                                            SHA-512:816AE9D7FC3C0F7C3DB990F0FD439C753CC30364F312352581F1D56EECC3AF70D093DD760B9396A2E66903D13A1EDF86E600B77FE4B3AC869D214FC4C245956E
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:52:00.765 23d0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/08/23-10:52:00.767 23d0 Recovering log #3.2024/08/23-10:52:00.806 23d0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                            Category:dropped
                                                                            Size (bytes):28672
                                                                            Entropy (8bit):0.46491536541251155
                                                                            Encrypted:false
                                                                            SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBNjp03/:TouQq3qh7z3bY2LNW9WMcUvBM/
                                                                            MD5:DA7E00ABD8B158925DC0C8438DF15105
                                                                            SHA1:27A1C47DD1285029A31E2DD464433692EF41E29E
                                                                            SHA-256:92F470D30C78E8E1EA0C49D2B6F258FAF4451C6F83D2FAB938E129B63E5EB9B9
                                                                            SHA-512:B76B0473300958C7487F45CFD74E690B22103F8D7A0BC38B26E76FF298ED0448EEF1311FFF089696E8DAEE06BE4095C140E716BC4F31AC583003E0C0C5C8B663
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                            Category:dropped
                                                                            Size (bytes):10240
                                                                            Entropy (8bit):0.8708334089814068
                                                                            Encrypted:false
                                                                            SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                            MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                            SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                            SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                            SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):635774
                                                                            Entropy (8bit):6.012183659776851
                                                                            Encrypted:false
                                                                            SSDEEP:12288:eKY6rpp/82GXDV9cna1/eIek1MTfLninC2cctsJlGX9URyNPpa:PXG9XKS/e4xngoI8X9U9
                                                                            MD5:77B3B72C15C17A12B168C2C1F760BA67
                                                                            SHA1:2B9AE8FFA0485CEB9A8566E1F4BE0BB4142525D0
                                                                            SHA-256:9CF553A7ADE051A9F5F4323CE3AD213147E60FEDF5E6D1771340DB36A723C470
                                                                            SHA-512:318D98C731E9D06CAAB89A808B1291A65ABAED32CF4084B635E180CA876E56B7BF116CA7440CDC6352B1EA18C5A3BD975CE66FFF822DAB1F2CED2C41F25CD721
                                                                            Malicious:false
                                                                            Preview:...m.................DB_VERSION.1...W.................BLOOM_FILTER:..&{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3763266,"primeBases":[5381,5381,5381,5381],"supportedDomains":"oEXxTbaof5Y1hW7e/pbiHNxh3jYTa3aWNl0IUVTdlTTBavPYycmnlwG1AdukGG09optkQKCrjVEfBvhi51iq5zc0TqLrOXGnVaIdAgGJ8KVmX5IKQlFcZmI2CMo4qLJDeMrr5/V5RqLCUocBgMB9K0HqcJAgHLMA1ITIb2mwxBMGEQ5Co34XflxTlPs+XCMjekep2LnfWNbGuyPHXvLIYKWWyQCgNghVDoV4KLVlczuI7vWH+P79MdfnQrh7D06T5Mxvr3kOEaD3qjm0T/dCFBe4MwSW/LWpjxMEb/+WKVNoMK82Da0psvRq/U6zP2MS4ta7tELF8UraMb7JqvnJ8jUPcjiSnF6GfX6MgKIWTmgcPHszlybOlYoHREhjmcR7rngOXb/egLDAb9KmusQYfli0660iNB+X2vX5bREpWlyReFUPkL3KiatAnSoASyUs0ev6XRWPQmEh8FRlGVZ6eQE1b2RA4r8ItQ5gCQ9uMVAeAkhcz+5G7+B5jT3qthWoxAhvaBx1+zcTMlU5GDPcnFlfleXE8w5i5qPJVgMBhmRS42joAJ2OZ7bv74rzkUiGCHVPYLTDSQEBihlOsUAMbjOAdkPQrieSkIT6JWQkqgxDzI8gpoTCDZjSY/WTmYzDz4D+fzJf6jPQtH+6p9R5kaXYgibpSl87wwCaEaQqh7JpvDsgG43ECG2xxuH/2CYo46OBFiUknwAdOFOIrij2RVjxAAMBKQAFMbyTTAA8UDT/VMdw4y/1JJrSzQqqASC4Y1Nv4pqSMbP6UQsvqspERTSmpWlWUkqysRq

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):142
                                                                            Entropy (8bit):4.985744429861633
                                                                            Encrypted:false
                                                                            SSDEEP:3:pv//38E28xp4m3rscUSXR3XSwitVtlf+nETPxpK2x7LuX4X969XIs:9X38D8xSEsIXR3iwitt+n0PxEWA4X96l
                                                                            MD5:35A7C8A029ECC2CC3D995B817A62984D
                                                                            SHA1:275A00F9ACB4F22677D9B133E8332E1F26F2EBE2
                                                                            SHA-256:3AA7A4A9E0306C6C85EF7E2558A2886BF0B2A461E8E021F3A851BD7B9E84BD24
                                                                            SHA-512:AFE3D9409B90BAB9492A0AD2654AE5F8A7891401FAD50AE8AD038E55C09079F9F90A1DC01E784BD924C0BCAACDF1057380600FEB4093456165D202C24EDDA5BA
                                                                            Malicious:false
                                                                            Preview:.Z..9................BLOOM_FILTER_EXPIRY_TIME:.1724511121.225740..d.G................BLOOM_FILTER_LAST_MODIFIED:.Fri, 23 Aug 2024 13:23:22 GMT

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):635749
                                                                            Entropy (8bit):6.0117261268484015
                                                                            Encrypted:false
                                                                            SSDEEP:12288:xKO6rcp/75GjDVBc4a1JpIek1bBfmnoC2cctsJlG09bRykPje:8UV0jzSJp4dgoa809bu
                                                                            MD5:CBB0FF72213C7EBD1CF626DE40A0724E
                                                                            SHA1:CC798EF05D1FB411AF67797BD876B78FAC907C21
                                                                            SHA-256:6E6192FDA4EBBE0C0BF83C0AB0A70920EB8CC45A9C4C21191B2DCC27B72D7404
                                                                            SHA-512:755D68BAFB4A45BB90E98F46BD2088B97D1E8DA6D2C7970FF2FAC6DE7000D599AE85692CEAA5EC0F4291C1DC581053487F2FC0BD1A12527C32FCF9CDFF2D1B0A
                                                                            Malicious:false
                                                                            Preview:....&BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3763266,"primeBases":[5381,5381,5381,5381],"supportedDomains":"oEXxTbaof5Y1hW7e/pbiHNxh3jYTa3aWNl0IUVTdlTTBavPYycmnlwG1AdukGG09optkQKCrjVEfBvhi51iq5zc0TqLrOXGnVaIdAgGJ8KVmX5IKQlFcZmI2CMo4qLJDeMrr5/V5RqLCUocBgMB9K0HqcJAgHLMA1ITIb2mwxBMGEQ5Co34XflxTlPs+XCMjekep2LnfWNbGuyPHXvLIYKWWyQCgNghVDoV4KLVlczuI7vWH+P79MdfnQrh7D06T5Mxvr3kOEaD3qjm0T/dCFBe4MwSW/LWpjxMEb/+WKVNoMK82Da0psvRq/U6zP2MS4ta7tELF8UraMb7JqvnJ8jUPcjiSnF6GfX6MgKIWTmgcPHszlybOlYoHREhjmcR7rngOXb/egLDAb9KmusQYfli0660iNB+X2vX5bREpWlyReFUPkL3KiatAnSoASyUs0ev6XRWPQmEh8FRlGVZ6eQE1b2RA4r8ItQ5gCQ9uMVAeAkhcz+5G7+B5jT3qthWoxAhvaBx1+zcTMlU5GDPcnFlfleXE8w5i5qPJVgMBhmRS42joAJ2OZ7bv74rzkUiGCHVPYLTDSQEBihlOsUAMbjOAdkPQrieSkIT6JWQkqgxDzI8gpoTCDZjSY/WTmYzDz4D+fzJf6jPQtH+6p9R5kaXYgibpSl87wwCaEaQqh7JpvDsgG43ECG2xxuH/2CYo46OBFiUknwAdOFOIrij2RVjxAAMBKQAFMbyTTAA8UDT/VMdw4y/1JJrSzQqqASC4Y1Nv4pqSMbP6UQsvqspERTSmpWlWUkqysRqad4ySvuvuTvk2iW8bAsKAUlVu4wlDOqpGSMPQUCL4gDP

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):512
                                                                            Entropy (8bit):5.218171078232623
                                                                            Encrypted:false
                                                                            SSDEEP:12:NPxxv4Yebn9GFUt88PQVX/+8PQVF5LYebn95Z9LPPpMWf01PSgMWfd21K8PPSh:NPx94Yeb9ig88PQ3PQtLYeb9zdPKX1P/
                                                                            MD5:AA3EAA18A455C2CAA726F0F15C96BFEE
                                                                            SHA1:22002830AF6121A21A3874F657FF0DEBCB85F6A1
                                                                            SHA-256:20B2BFE30D9B653085E6117A926A03CD9D9FF6550905CE0D28074930E3914927
                                                                            SHA-512:8FCCA3DCD11BEBEC54F152BD11B551463E4DF304AF0C84E6AD996A3CF5A41C7490A7B244B6E50EC46AC64460C03F3B1B53CBC31452ABE745B44F99CD930C33E1
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.262 1e00 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/08/23-10:51:55.264 1e00 Recovering log #3.2024/08/23-10:51:55.264 1e00 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/08/23-10:52:01.356 1dc8 Level-0 table #5: started.2024/08/23-10:52:01.565 1dc8 Level-0 table #5: 635749 bytes OK.2024/08/23-10:52:01.567 1dc8 Delete type=0 #3.

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):512
                                                                            Entropy (8bit):5.218171078232623
                                                                            Encrypted:false
                                                                            SSDEEP:12:NPxxv4Yebn9GFUt88PQVX/+8PQVF5LYebn95Z9LPPpMWf01PSgMWfd21K8PPSh:NPx94Yeb9ig88PQ3PQtLYeb9zdPKX1P/
                                                                            MD5:AA3EAA18A455C2CAA726F0F15C96BFEE
                                                                            SHA1:22002830AF6121A21A3874F657FF0DEBCB85F6A1
                                                                            SHA-256:20B2BFE30D9B653085E6117A926A03CD9D9FF6550905CE0D28074930E3914927
                                                                            SHA-512:8FCCA3DCD11BEBEC54F152BD11B551463E4DF304AF0C84E6AD996A3CF5A41C7490A7B244B6E50EC46AC64460C03F3B1B53CBC31452ABE745B44F99CD930C33E1
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.262 1e00 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/08/23-10:51:55.264 1e00 Recovering log #3.2024/08/23-10:51:55.264 1e00 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/08/23-10:52:01.356 1dc8 Level-0 table #5: started.2024/08/23-10:52:01.565 1dc8 Level-0 table #5: 635749 bytes OK.2024/08/23-10:52:01.567 1dc8 Delete type=0 #3.

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:OpenPGP Secret Key
                                                                            Category:dropped
                                                                            Size (bytes):103
                                                                            Entropy (8bit):5.287315490441997
                                                                            Encrypted:false
                                                                            SSDEEP:3:scoBAIxQRDKIVjFknThind5xFxN3erkEtl:scoBY7jFNbxFDkHl
                                                                            MD5:50F2E2220E861B065523A7BF869F083F
                                                                            SHA1:D2DEE8DCE8A80B9D2A92A7EEEB816236E41F66CF
                                                                            SHA-256:86624A8B251E70CB9FAE87CBF77A7DFE3814FA6D019E8CC33EEEC82FB66380C0
                                                                            SHA-512:E96674D4F0AD9C6CC701AE22D7CE2EB57B03001351D165FC4DBA0A5642B1851BA4F735457DF00681E0F07843F87A61259727FD900B4678009E3493200E424250
                                                                            Malicious:false
                                                                            Preview:.|.."....leveldb.BytewiseComparator.......GP.7...............&.BLOOM_FILTER:.........DB_VERSION........

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):16
                                                                            Entropy (8bit):3.2743974703476995
                                                                            Encrypted:false
                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                            Malicious:false
                                                                            Preview:MANIFEST-000001.

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):375520
                                                                            Entropy (8bit):5.3541444317720535
                                                                            Encrypted:false
                                                                            SSDEEP:6144:yA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:yFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                            MD5:D643773B1C16D42F915DAB37362DF95C
                                                                            SHA1:CE4110D7D2FEAB958F518937772B272612A92ADA
                                                                            SHA-256:60F3EE15164B4C12ABD332AA8214F266F32A91E06FE28ACDB8025003A4C5D2DE
                                                                            SHA-512:D591D94259840CB734B80614A6B051805D71EE9740E3D3FA14E15B9BB5A0F102383198CECFC5AA96ED7D20C06E0C720729C226D78FB846FFD71DCEFA00C831AE
                                                                            Malicious:false
                                                                            Preview:...m.................DB_VERSION.1!...q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13368898324021495..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):16
                                                                            Entropy (8bit):3.2743974703476995
                                                                            Encrypted:false
                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                            Malicious:false
                                                                            Preview:MANIFEST-000001.

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):311
                                                                            Entropy (8bit):5.127998959067825
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPe91923oH+Tcwtk2WwnvB2KLlLPeb1yq2P923oH+Tcwtk2WwnvIFUv:NPXYebkxwnvFL1Ppv4YebkxwnQFUv
                                                                            MD5:9477ECCF691250F888AC9250CA2A1772
                                                                            SHA1:2D20DCDD4864211CFF7471527222980018DCA4FC
                                                                            SHA-256:C107BE2AF191DEB24BF2CCD08DB1AA0CCB31BBC99E912012B0E66B09475AF088
                                                                            SHA-512:284220C1BC6E0A1CD3917A31EDDC66B19A04D7A5F34E2DFDF882DE4B7ABFA41417F44A744F1CF72DF595C7EAD735E4E9BF170C2B81D5D96D64D2E9B49B6AC81E
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:52:00.805 23a0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/08/23-10:52:00.847 23a0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:OpenPGP Secret Key
                                                                            Category:dropped
                                                                            Size (bytes):41
                                                                            Entropy (8bit):4.704993772857998
                                                                            Encrypted:false
                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                            Malicious:false
                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:modified
                                                                            Size (bytes):358860
                                                                            Entropy (8bit):5.324615796265039
                                                                            Encrypted:false
                                                                            SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rt:C1gAg1zfvF
                                                                            MD5:E919B6BC7897F602BFD923FA739F9C1B
                                                                            SHA1:E124EE0E3DCAFDD0D3E214EC4C66D2E418899A7E
                                                                            SHA-256:58C50064428B27043FE30AFD68C811A9032DD805070310052C9E74D4BF758650
                                                                            SHA-512:E7230BC7A1AADDCA587CB0360BCAAA83B9D065FC789ADDBE138509072F8FF8B0A770EFCD0C252A7C808F3509BA5A1B45D49D52B3CA98503D6FF540CB309E022D
                                                                            Malicious:false
                                                                            Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):418
                                                                            Entropy (8bit):1.8784775129881184
                                                                            Encrypted:false
                                                                            SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                            MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                            SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                            SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                            SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                            Malicious:false
                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):324
                                                                            Entropy (8bit):5.175590487409917
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPejYN+q2P923oH+Tcwt8aPrqIFUt88PekEZmw+8PeCnVkwO923oH+Tcwt8amLJ:NPDIv4YebL3FUt88PrE/+8PTV5LYebQJ
                                                                            MD5:8DF3F7623A9A69C46E33098404E9EA2E
                                                                            SHA1:8A3D2549843D56BAE64AEB0798BCC7E85EBD2F06
                                                                            SHA-256:35AC4809110F3EC606E88654810891FEC1525B2FAA6A3F5E9E1F24238A4DD838
                                                                            SHA-512:D506426364D01B783EDB6B290760617B14B978AF962B89476D18DBD7A92C5FC73BAC1234F29B2A9F0DCA47E36CC304B847D00AD1F182ED1B2B8D8558BF8B1C19
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.267 1e08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/08/23-10:51:55.268 1e08 Recovering log #3.2024/08/23-10:51:55.269 1e08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):324
                                                                            Entropy (8bit):5.175590487409917
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPejYN+q2P923oH+Tcwt8aPrqIFUt88PekEZmw+8PeCnVkwO923oH+Tcwt8amLJ:NPDIv4YebL3FUt88PrE/+8PTV5LYebQJ
                                                                            MD5:8DF3F7623A9A69C46E33098404E9EA2E
                                                                            SHA1:8A3D2549843D56BAE64AEB0798BCC7E85EBD2F06
                                                                            SHA-256:35AC4809110F3EC606E88654810891FEC1525B2FAA6A3F5E9E1F24238A4DD838
                                                                            SHA-512:D506426364D01B783EDB6B290760617B14B978AF962B89476D18DBD7A92C5FC73BAC1234F29B2A9F0DCA47E36CC304B847D00AD1F182ED1B2B8D8558BF8B1C19
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.267 1e08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/08/23-10:51:55.268 1e08 Recovering log #3.2024/08/23-10:51:55.269 1e08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):418
                                                                            Entropy (8bit):1.8784775129881184
                                                                            Encrypted:false
                                                                            SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                            MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                            SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                            SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                            SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                            Malicious:false
                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):328
                                                                            Entropy (8bit):5.167103351852216
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPes3+q2P923oH+Tcwt865IFUt88Pe7PHZmw+8PeSoFNVkwO923oH+Tcwt86+ULJ:NPEv4Yeb/WFUt88PcPH/+8PmF5LYeb/L
                                                                            MD5:5582ACEE45B6C64020BF1202537DD6EA
                                                                            SHA1:5C3E445CBE1AE7B3C478FCB686BACDDC76D59945
                                                                            SHA-256:F9CBA22CFE8C14704DF24F28790AC64FDB4C2AA933393FF8B2BCAC4A302E0AC0
                                                                            SHA-512:3E7B9A768D677D09E828376E21EDBB776E0DF6AA11B66877744EB9D90DB5254E04E72ADC83D997A7C9CB36EF64810A6F79293094118F585AAA3815A435E72122
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.278 1e08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/08/23-10:51:55.279 1e08 Recovering log #3.2024/08/23-10:51:55.280 1e08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):328
                                                                            Entropy (8bit):5.167103351852216
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPes3+q2P923oH+Tcwt865IFUt88Pe7PHZmw+8PeSoFNVkwO923oH+Tcwt86+ULJ:NPEv4Yeb/WFUt88PcPH/+8PmF5LYeb/L
                                                                            MD5:5582ACEE45B6C64020BF1202537DD6EA
                                                                            SHA1:5C3E445CBE1AE7B3C478FCB686BACDDC76D59945
                                                                            SHA-256:F9CBA22CFE8C14704DF24F28790AC64FDB4C2AA933393FF8B2BCAC4A302E0AC0
                                                                            SHA-512:3E7B9A768D677D09E828376E21EDBB776E0DF6AA11B66877744EB9D90DB5254E04E72ADC83D997A7C9CB36EF64810A6F79293094118F585AAA3815A435E72122
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.278 1e08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/08/23-10:51:55.279 1e08 Recovering log #3.2024/08/23-10:51:55.280 1e08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):1254
                                                                            Entropy (8bit):1.8784775129881184
                                                                            Encrypted:false
                                                                            SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                            MD5:826B4C0003ABB7604485322423C5212A
                                                                            SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                            SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                            SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                            Malicious:false
                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):324
                                                                            Entropy (8bit):5.199216393123079
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPeqD+q2P923oH+Tcwt8NIFUt88Peq6mWZmw+8Peq6NVkwO923oH+Tcwt8+eLJ:NP/D+v4YebpFUt88P/6mW/+8P/6NV5LO
                                                                            MD5:9AA78D57A8B792BB9E260899A2910145
                                                                            SHA1:DE20DEA9220DDA71DBDEB3035ECE517B26D5265C
                                                                            SHA-256:131DEB3634D10A9C7C92F0C7B4B7888A3881FB09F5797BDBAAC6D32D0F8D0B40
                                                                            SHA-512:D1EC3AC550D7D007CAE07F3DA422AA7BA12CEF13788E5A096E2916C6E3044E7A79B067D728D1F43BFC66A6AD68D3C3BD44B6D3E8FA3E028AA56226CD72A94E09
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:56.177 1dcc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/08/23-10:51:56.178 1dcc Recovering log #3.2024/08/23-10:51:56.178 1dcc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):324
                                                                            Entropy (8bit):5.199216393123079
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPeqD+q2P923oH+Tcwt8NIFUt88Peq6mWZmw+8Peq6NVkwO923oH+Tcwt8+eLJ:NP/D+v4YebpFUt88P/6mW/+8P/6NV5LO
                                                                            MD5:9AA78D57A8B792BB9E260899A2910145
                                                                            SHA1:DE20DEA9220DDA71DBDEB3035ECE517B26D5265C
                                                                            SHA-256:131DEB3634D10A9C7C92F0C7B4B7888A3881FB09F5797BDBAAC6D32D0F8D0B40
                                                                            SHA-512:D1EC3AC550D7D007CAE07F3DA422AA7BA12CEF13788E5A096E2916C6E3044E7A79B067D728D1F43BFC66A6AD68D3C3BD44B6D3E8FA3E028AA56226CD72A94E09
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:56.177 1dcc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/08/23-10:51:56.178 1dcc Recovering log #3.2024/08/23-10:51:56.178 1dcc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):429
                                                                            Entropy (8bit):5.809210454117189
                                                                            Encrypted:false
                                                                            SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                            MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                            SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                            SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                            SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                            Malicious:false
                                                                            Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                            Category:dropped
                                                                            Size (bytes):20480
                                                                            Entropy (8bit):2.4461394910477714
                                                                            Encrypted:false
                                                                            SSDEEP:96:0BCyGNWBkelS9nsH4/AztckuuoKwnXNW7:mNGEBssHXzCkPo1nXE7
                                                                            MD5:1AAAA759E92C1DE891F2DFAAA845E85A
                                                                            SHA1:6537ADAC9A427D368CDB50077215AD4D5B7B82F5
                                                                            SHA-256:72322C6D1E501D35BA3D0E200E6663320EA3B8DD534EEBFADDE54FAED1679789
                                                                            SHA-512:11F0A3DE27AFF0420E08443F6D8924DF00FC3190288DBDF6C424BE14E4B422ACF8B44EC34AB7F0EF6E3AFE611426F0973A9D7FD5A1F3BFDA3235D9B17E343534
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                            Category:dropped
                                                                            Size (bytes):155648
                                                                            Entropy (8bit):0.6769296133158311
                                                                            Encrypted:false
                                                                            SSDEEP:96:nNWXwYxWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kEpEDXNWv:nEXdQhH+bDo3iN0Z2TVJkXBBE3ybNXEv
                                                                            MD5:2E57F0806F33FD7D646BCB1A320792B0
                                                                            SHA1:4D19AA8528DA0AC1D4092F5B07AC70FA41D91B58
                                                                            SHA-256:C9D9610F13BB0A94D97052B93497242865AFE2B1BB9481D34C8BE4DF4ADE2928
                                                                            SHA-512:0EF9A1417F5F00C32C98E0889C0DE9C0CE4F47E4839FD0A55107BD5135E507549C3CE11644A935093F9AC594C6889EFE445631C4D6C8376D01B4A1F76C5B820F
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):8720
                                                                            Entropy (8bit):0.2191763562065486
                                                                            Encrypted:false
                                                                            SSDEEP:3:B+tD/ntFlljq7A/mhWJFuQ3yy7IOWUJGtn4/dweytllrE9SFcTp4AGbNCV9RUIv:YtI75fOjC4/d0Xi99pEYt
                                                                            MD5:F7AD9EFDCD2024CDF5F8F70A91034648
                                                                            SHA1:3579B991DCF8CBA55BB96F2E032666F69E7AC6C8
                                                                            SHA-256:573987391CF64519C75FCE71AF30A53BE1D70D3A8404B76F3DD759BEB5B4AA4A
                                                                            SHA-512:362A39ECDF7C3E774BF259CFB2DC9F935C894692F5E324416A298B163A25386CD00E9EE22841DE88344C43706B0DF61BD9024DBD3A2115CD27AC788FD3983F23
                                                                            Malicious:false
                                                                            Preview:............,..{...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):408
                                                                            Entropy (8bit):5.290786824672499
                                                                            Encrypted:false
                                                                            SSDEEP:12:NPzPv4Yeb8rcHEZrELFUt88Pzhh1/+8Pzhh5LYeb8rcHEZrEZSJ:NPr4Yeb8nZrExg88PjPBLYeb8nZrEZe
                                                                            MD5:76798B421FADABF1E621D29FF3F47650
                                                                            SHA1:13E6E42740AEA68A35E9ECBCC2926F3086726136
                                                                            SHA-256:56C171BABA6918A8DFCAA92198EB72673896167ED7AEB1FA7FF48FECC43CD15B
                                                                            SHA-512:2692AD03E91856F21833C571531CD560D13866F7180ADE48B6FCB777FE89B42881EF6072FFAB4812FD70F5B63519E3A5ACFCBBD92319BB2F42107B99D2404A2A
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:59.576 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/08/23-10:51:59.577 1dc0 Recovering log #3.2024/08/23-10:51:59.577 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):408
                                                                            Entropy (8bit):5.290786824672499
                                                                            Encrypted:false
                                                                            SSDEEP:12:NPzPv4Yeb8rcHEZrELFUt88Pzhh1/+8Pzhh5LYeb8rcHEZrEZSJ:NPr4Yeb8nZrExg88PjPBLYeb8nZrEZe
                                                                            MD5:76798B421FADABF1E621D29FF3F47650
                                                                            SHA1:13E6E42740AEA68A35E9ECBCC2926F3086726136
                                                                            SHA-256:56C171BABA6918A8DFCAA92198EB72673896167ED7AEB1FA7FF48FECC43CD15B
                                                                            SHA-512:2692AD03E91856F21833C571531CD560D13866F7180ADE48B6FCB777FE89B42881EF6072FFAB4812FD70F5B63519E3A5ACFCBBD92319BB2F42107B99D2404A2A
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:59.576 1dc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/08/23-10:51:59.577 1dc0 Recovering log #3.2024/08/23-10:51:59.577 1dc0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):336
                                                                            Entropy (8bit):5.167801585378431
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPelcSQL+q2P923oH+Tcwt8a2jMGIFUt88PeovGKWZmw+8PesQLVkwO923oH+TcL:NPyvQ+v4Yeb8EFUt88PXGKW/+8PzQV5U
                                                                            MD5:FAAAC6C7BE17938AB62434A542E6376B
                                                                            SHA1:327C7290FB12CA52D30639FB2A52B43940DCCF4A
                                                                            SHA-256:8A4EBBCA0D5DE5CC73B8E6DE44000425EA6F51ED506E3183A8AC587E29FFCC10
                                                                            SHA-512:DB1B04897889190CCFFD6CEC594B617A73E382F695576E87E7240DFC65F0EADAA85ED0BFC5B6655C645D2C7836439579D9B09ADF647B0A7F115719C37603D465
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.760 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/08/23-10:51:55.765 1eec Recovering log #3.2024/08/23-10:51:55.769 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):336
                                                                            Entropy (8bit):5.167801585378431
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPelcSQL+q2P923oH+Tcwt8a2jMGIFUt88PeovGKWZmw+8PesQLVkwO923oH+TcL:NPyvQ+v4Yeb8EFUt88PXGKW/+8PzQV5U
                                                                            MD5:FAAAC6C7BE17938AB62434A542E6376B
                                                                            SHA1:327C7290FB12CA52D30639FB2A52B43940DCCF4A
                                                                            SHA-256:8A4EBBCA0D5DE5CC73B8E6DE44000425EA6F51ED506E3183A8AC587E29FFCC10
                                                                            SHA-512:DB1B04897889190CCFFD6CEC594B617A73E382F695576E87E7240DFC65F0EADAA85ED0BFC5B6655C645D2C7836439579D9B09ADF647B0A7F115719C37603D465
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.760 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/08/23-10:51:55.765 1eec Recovering log #3.2024/08/23-10:51:55.769 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\MediaDeviceSalts

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 6, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                            Category:dropped
                                                                            Size (bytes):24576
                                                                            Entropy (8bit):0.40413730086653066
                                                                            Encrypted:false
                                                                            SSDEEP:24:TLiCwbvwsw9VwLwcORslcDw3wJ6UwccI5fB5IO0ed+:TxKX0wxORAmA/U1cEB5Iad+
                                                                            MD5:ED5F8397EC1A0110AA55F5AEDB4EEE36
                                                                            SHA1:D93BFCA28260989B01EED8367029655ED54628F9
                                                                            SHA-256:14066876E7054EBCBEAA735CEDCEA3C7A28C76938248297945B926C8E2828891
                                                                            SHA-512:6E19A9786D9C6F94BA3BB673100003D6F41DCCA04389A49F10F39C6BCF97067072ADC912C2377C801DE1CFDAE2D618A187171D92DBBFD3AF3701367FF333A38E
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...p."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\10dc124b-44f7-43cc-9312-ba68897bce91.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):188
                                                                            Entropy (8bit):5.2829982918088
                                                                            Encrypted:false
                                                                            SSDEEP:3:YWRAWNj6TNRTPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqYRXRaJzu:YWyWNOTTTBv31dB8wXwlmUUAnIMp5YRn
                                                                            MD5:4DC7DFECD2CC222D255AEF7DD123572A
                                                                            SHA1:D3DF8DFBB51713925EBC9B1BBBB9BD89B8D8D3C7
                                                                            SHA-256:EA22CEBB2CCEF71589B5C9E3138EDE81BE07DB294BF7BC0244D2905D6C69F3EE
                                                                            SHA-512:5230D7D75F603471FE47CDD473013F89F4A2A1F0DBDCB981078330672DAE9E5459CBEE308BA4F8D56007242A119FA27205418E9267E326DB352CCA813498607B
                                                                            Malicious:false
                                                                            Preview:{"sts":[{"expiry":1755960726.724097,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1724424726.724104}],"version":2}

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2c26bf84-7059-43d9-8f6a-ebaacc34bd89.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:modified
                                                                            Size (bytes):2917
                                                                            Entropy (8bit):5.314257346251237
                                                                            Encrypted:false
                                                                            SSDEEP:48:YcgCzsPtsigs+7C5soJfcKs+acsBJ4aleeBkEsaL+Hp3sYW+HXes84bx9+:FQB0AJpaFJ4akeBkeL4o4+4V9+
                                                                            MD5:99BC64896BDCA6E7F3C0A6D51CA9E952
                                                                            SHA1:97AD78BF38AE81856D7C55606CE6F12F1DE84C3F
                                                                            SHA-256:2F47A9F4A51CB81F32E80C0B1F8019EFF9DF438060C7BAA0A454BA59107BAEDF
                                                                            SHA-512:9D6A015077EE53DEA0D447A2DF6C935A9568493BB259C5078E469BB7F2E6675D7C22FCB7781D559A164C299D334914DE5E934FD424DEBEB94040B0A40C564ED4
                                                                            Malicious:false
                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490317176662","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490320461257","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13368991920536407","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490320729216","port":443,"protocol_str":"quic"}],"anonymization":["

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\557cb95f-f61a-4832-bd89-fc639ae7f371.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):40
                                                                            Entropy (8bit):4.1275671571169275
                                                                            Encrypted:false
                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                            Malicious:false
                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\82acb36f-1c67-44c2-8291-2bd913468efd.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2
                                                                            Entropy (8bit):1.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:H:H
                                                                            MD5:D751713988987E9331980363E24189CE
                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                            Malicious:false
                                                                            Preview:[]

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\927cbab6-0493-4f6b-9b0e-b1900ae2079b.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2
                                                                            Entropy (8bit):1.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:H:H
                                                                            MD5:D751713988987E9331980363E24189CE
                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                            Malicious:false
                                                                            Preview:[]

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                            Category:dropped
                                                                            Size (bytes):20480
                                                                            Entropy (8bit):1.0818549079963338
                                                                            Encrypted:false
                                                                            SSDEEP:48:T2dKLopF+SawLUO1Xj8Bm9clKZR6BiojCJTy9OFyPr:ige+AumCljCJTqr
                                                                            MD5:C04EB260E3471A50A249293D3365FDE1
                                                                            SHA1:354B548C2CFBD8BEE20B5B0C83E7E792457B6E36
                                                                            SHA-256:1E5B87D5452DCE09457613100824285FB80D722D67CD5439B20869D12945DED7
                                                                            SHA-512:903EA9D347A14101DA14377B48876E54D0CAA1A1E350271ABF8596DEDFB98AD10BFC440261C7EF43B2046E1B66C172318FFD38CAB5F54AD5104CFC4099EE2015
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2917
                                                                            Entropy (8bit):5.3145352938930746
                                                                            Encrypted:false
                                                                            SSDEEP:48:YcgCzsPtsigs+7C5soJfcKs+acsBJ4aleeBkEsaL+Hp3sYW+HXes84bxo+:FQB0AJpaFJ4akeBkeL4o4+4Vo+
                                                                            MD5:6A5CDF0603612389420D38AB01BBC05E
                                                                            SHA1:46CD47B23B65B0A44DEF4EAE03B1D76F79C962E9
                                                                            SHA-256:1411A4039841EB7B11176088098CF61EE536B3BD980A9C65F906637EA0129E00
                                                                            SHA-512:6F682CD1960A522F7B7A34AE3D18B82419F4B077A2D526009E9115AA7DF8FF8FBDBFDB2DD9EAC3C8576AB1D8C0BEF339363891061D7E8F29F4D9412FC09E200A
                                                                            Malicious:false
                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490317176662","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490320461257","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13368991920536407","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490320729216","port":443,"protocol_str":"quic"}],"anonymization":["

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4ba53.TMP (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2917
                                                                            Entropy (8bit):5.3145352938930746
                                                                            Encrypted:false
                                                                            SSDEEP:48:YcgCzsPtsigs+7C5soJfcKs+acsBJ4aleeBkEsaL+Hp3sYW+HXes84bxo+:FQB0AJpaFJ4akeBkeL4o4+4Vo+
                                                                            MD5:6A5CDF0603612389420D38AB01BBC05E
                                                                            SHA1:46CD47B23B65B0A44DEF4EAE03B1D76F79C962E9
                                                                            SHA-256:1411A4039841EB7B11176088098CF61EE536B3BD980A9C65F906637EA0129E00
                                                                            SHA-512:6F682CD1960A522F7B7A34AE3D18B82419F4B077A2D526009E9115AA7DF8FF8FBDBFDB2DD9EAC3C8576AB1D8C0BEF339363891061D7E8F29F4D9412FC09E200A
                                                                            Malicious:false
                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490317176662","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490320461257","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13368991920536407","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490320729216","port":443,"protocol_str":"quic"}],"anonymization":["

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                            Category:dropped
                                                                            Size (bytes):36864
                                                                            Entropy (8bit):1.3309153616984977
                                                                            Encrypted:false
                                                                            SSDEEP:96:uIEumQv8m1ccnvS6qDo2dQF2YQ9UZOm1rRVkI:uIEumQv8m1ccnvS6D282rUZOmNd
                                                                            MD5:796B5131D73847E6E023E35EF96E06FD
                                                                            SHA1:A80AC9D5AFC53AE2119459B59BA94DE94EBFDE01
                                                                            SHA-256:41481D98E037A21EA6F722B884045850D217FDCFD7B5C25DCC02DB04D975BBA7
                                                                            SHA-512:329E1341EBF84D7BA8FD4903EB384CA8A10FC7D44A3588ADE141343F0DF7D167AE7AC012B8B5A72392B147129F2E27389AF7911BF435661C483B8D19001E3A08
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2
                                                                            Entropy (8bit):1.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:H:H
                                                                            MD5:D751713988987E9331980363E24189CE
                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                            Malicious:false
                                                                            Preview:[]

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF328e6.TMP (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2
                                                                            Entropy (8bit):1.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:H:H
                                                                            MD5:D751713988987E9331980363E24189CE
                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                            Malicious:false
                                                                            Preview:[]

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF33efe.TMP (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2
                                                                            Entropy (8bit):1.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:H:H
                                                                            MD5:D751713988987E9331980363E24189CE
                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                            Malicious:false
                                                                            Preview:[]

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):40
                                                                            Entropy (8bit):4.1275671571169275
                                                                            Encrypted:false
                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                            Malicious:false
                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):188
                                                                            Entropy (8bit):5.2829982918088
                                                                            Encrypted:false
                                                                            SSDEEP:3:YWRAWNj6TNRTPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqYRXRaJzu:YWyWNOTTTBv31dB8wXwlmUUAnIMp5YRn
                                                                            MD5:4DC7DFECD2CC222D255AEF7DD123572A
                                                                            SHA1:D3DF8DFBB51713925EBC9B1BBBB9BD89B8D8D3C7
                                                                            SHA-256:EA22CEBB2CCEF71589B5C9E3138EDE81BE07DB294BF7BC0244D2905D6C69F3EE
                                                                            SHA-512:5230D7D75F603471FE47CDD473013F89F4A2A1F0DBDCB981078330672DAE9E5459CBEE308BA4F8D56007242A119FA27205418E9267E326DB352CCA813498607B
                                                                            Malicious:false
                                                                            Preview:{"sts":[{"expiry":1755960726.724097,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1724424726.724104}],"version":2}

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF44e2c.TMP (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):188
                                                                            Entropy (8bit):5.2829982918088
                                                                            Encrypted:false
                                                                            SSDEEP:3:YWRAWNj6TNRTPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqYRXRaJzu:YWyWNOTTTBv31dB8wXwlmUUAnIMp5YRn
                                                                            MD5:4DC7DFECD2CC222D255AEF7DD123572A
                                                                            SHA1:D3DF8DFBB51713925EBC9B1BBBB9BD89B8D8D3C7
                                                                            SHA-256:EA22CEBB2CCEF71589B5C9E3138EDE81BE07DB294BF7BC0244D2905D6C69F3EE
                                                                            SHA-512:5230D7D75F603471FE47CDD473013F89F4A2A1F0DBDCB981078330672DAE9E5459CBEE308BA4F8D56007242A119FA27205418E9267E326DB352CCA813498607B
                                                                            Malicious:false
                                                                            Preview:{"sts":[{"expiry":1755960726.724097,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1724424726.724104}],"version":2}

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a3c1f9c7-681e-42f3-998d-c49b7029922e.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):188
                                                                            Entropy (8bit):5.298873909387602
                                                                            Encrypted:false
                                                                            SSDEEP:3:YWRAWNj6TE5dJNKWlPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqYRE:YWyWNOTE5zNDlBv31dB8wXwlmUUAnIM5
                                                                            MD5:E6F9461AF26D0E4E31D24971344E7B60
                                                                            SHA1:2B112BC2E73D862E7C067BD424CFE8CFC553D83C
                                                                            SHA-256:121C07E2C375F1C5DB763867D0E287939A97BF624542C0B45B1A13F97BE1E3CB
                                                                            SHA-512:D90426F2CF8D1511397907ACAD1D8E6A747DED3719955061F5AF680C9B93CBFAC4078EE638D615B5E256D44B40B3D47C2EE6B4467322951C5EA3B19760A41DB5
                                                                            Malicious:false
                                                                            Preview:{"sts":[{"expiry":1755960786.576118,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1724424786.576124}],"version":2}

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b7e08674-6e17-48cb-815c-809b1c0b4bc2.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2
                                                                            Entropy (8bit):1.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:H:H
                                                                            MD5:D751713988987E9331980363E24189CE
                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                            Malicious:false
                                                                            Preview:[]

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b8105376-8f06-410b-9a08-d945aea23ee5.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2917
                                                                            Entropy (8bit):5.3145352938930746
                                                                            Encrypted:false
                                                                            SSDEEP:48:YcgCzsPtsigs+7C5soJfcKs+acsBJ4aleeBkEsaL+Hp3sYW+HXes84bxo+:FQB0AJpaFJ4akeBkeL4o4+4Vo+
                                                                            MD5:6A5CDF0603612389420D38AB01BBC05E
                                                                            SHA1:46CD47B23B65B0A44DEF4EAE03B1D76F79C962E9
                                                                            SHA-256:1411A4039841EB7B11176088098CF61EE536B3BD980A9C65F906637EA0129E00
                                                                            SHA-512:6F682CD1960A522F7B7A34AE3D18B82419F4B077A2D526009E9115AA7DF8FF8FBDBFDB2DD9EAC3C8576AB1D8C0BEF339363891061D7E8F29F4D9412FC09E200A
                                                                            Malicious:false
                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490317176662","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490320461257","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13368991920536407","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371490320729216","port":443,"protocol_str":"quic"}],"anonymization":["

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                            Category:dropped
                                                                            Size (bytes):20480
                                                                            Entropy (8bit):0.8307038620100359
                                                                            Encrypted:false
                                                                            SSDEEP:24:TLSOUOq0afDdWec9sJlAz7Nm2z8ZI7J5fc:T+OUzDbg3eAzA2ztc
                                                                            MD5:B18967139991D9CA13DF7E493540A358
                                                                            SHA1:97411C14A8503C11248BE7404C9A79BA5146D40C
                                                                            SHA-256:CCC36F21951B4CB357C57DA0CCA1FFF3B4C7027230C10FD8BCB72C0AFF66141F
                                                                            SHA-512:473AE1B215B181785EA65F87E34155D5976C7AD1FA487B025E1C8711BFD127E99066990105CDA8D6F4804459118361217455AB1644803D22E6ECB164EEEFD630
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):9749
                                                                            Entropy (8bit):5.117271166490843
                                                                            Encrypted:false
                                                                            SSDEEP:192:stYkdLsOTgsZihUkH83v8ibV+FmmQA66WhRaFIMYS+P+YJ:stYYsOTgfhPGbGHQx6WhRaTYSA
                                                                            MD5:B3C9B2174DD795F24ED8AA9F2F5C3F4B
                                                                            SHA1:C3E5F62EE436778E48D671430F5F3CE22D284E4A
                                                                            SHA-256:E96F5EA7AA7C4C7849EDD37694FB6F7FC0BDDEED54367B9A07F033A4CBB38B79
                                                                            SHA-512:DDA2832E6FA9C9DBB057A9EC446DE8584623E9E6C2FE699BE734D40CC83F6F6C2E31A319B62348248B309B6017E882445F5B9CA1FAC7A01350C249D9332C212C
                                                                            Malicious:false
                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368898315804871","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3ab54.TMP (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):9749
                                                                            Entropy (8bit):5.117271166490843
                                                                            Encrypted:false
                                                                            SSDEEP:192:stYkdLsOTgsZihUkH83v8ibV+FmmQA66WhRaFIMYS+P+YJ:stYYsOTgfhPGbGHQx6WhRaTYSA
                                                                            MD5:B3C9B2174DD795F24ED8AA9F2F5C3F4B
                                                                            SHA1:C3E5F62EE436778E48D671430F5F3CE22D284E4A
                                                                            SHA-256:E96F5EA7AA7C4C7849EDD37694FB6F7FC0BDDEED54367B9A07F033A4CBB38B79
                                                                            SHA-512:DDA2832E6FA9C9DBB057A9EC446DE8584623E9E6C2FE699BE734D40CC83F6F6C2E31A319B62348248B309B6017E882445F5B9CA1FAC7A01350C249D9332C212C
                                                                            Malicious:false
                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368898315804871","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3d2c2.TMP (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):9749
                                                                            Entropy (8bit):5.117271166490843
                                                                            Encrypted:false
                                                                            SSDEEP:192:stYkdLsOTgsZihUkH83v8ibV+FmmQA66WhRaFIMYS+P+YJ:stYYsOTgfhPGbGHQx6WhRaTYSA
                                                                            MD5:B3C9B2174DD795F24ED8AA9F2F5C3F4B
                                                                            SHA1:C3E5F62EE436778E48D671430F5F3CE22D284E4A
                                                                            SHA-256:E96F5EA7AA7C4C7849EDD37694FB6F7FC0BDDEED54367B9A07F033A4CBB38B79
                                                                            SHA-512:DDA2832E6FA9C9DBB057A9EC446DE8584623E9E6C2FE699BE734D40CC83F6F6C2E31A319B62348248B309B6017E882445F5B9CA1FAC7A01350C249D9332C212C
                                                                            Malicious:false
                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368898315804871","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF42bfe.TMP (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):9749
                                                                            Entropy (8bit):5.117271166490843
                                                                            Encrypted:false
                                                                            SSDEEP:192:stYkdLsOTgsZihUkH83v8ibV+FmmQA66WhRaFIMYS+P+YJ:stYYsOTgfhPGbGHQx6WhRaTYSA
                                                                            MD5:B3C9B2174DD795F24ED8AA9F2F5C3F4B
                                                                            SHA1:C3E5F62EE436778E48D671430F5F3CE22D284E4A
                                                                            SHA-256:E96F5EA7AA7C4C7849EDD37694FB6F7FC0BDDEED54367B9A07F033A4CBB38B79
                                                                            SHA-512:DDA2832E6FA9C9DBB057A9EC446DE8584623E9E6C2FE699BE734D40CC83F6F6C2E31A319B62348248B309B6017E882445F5B9CA1FAC7A01350C249D9332C212C
                                                                            Malicious:false
                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368898315804871","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000001.dbtmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):16
                                                                            Entropy (8bit):3.2743974703476995
                                                                            Encrypted:false
                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                            Malicious:false
                                                                            Preview:MANIFEST-000001.

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000003.log

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:modified
                                                                            Size (bytes):83572
                                                                            Entropy (8bit):5.664203855937177
                                                                            Encrypted:false
                                                                            SSDEEP:1536:cL0/Ry7vm2lhq4ljc+PjfOzBu+RMDVogUlcPCcBjjmny8dLA8j7baD7:cL6yLm2fq4pc+rCAogU2CcBjj3YAg7mn
                                                                            MD5:9F1B560C654F38E64F134E83BD4E794E
                                                                            SHA1:089A5FC670C8CA71028845EEA240C61EDE97ECBB
                                                                            SHA-256:2A61E3E1A2F7AC6C9730DDA7A74AEB8C9A566F97A0A45DF2478AAA3F0DB99EE8
                                                                            SHA-512:54FC20482AD7F65F57F3E3D0FE8240525B13F2D0AFAEA5CB2E25BBE7C4DF140187A586D39B4F4837EDD89EC3396310610B16D2631890E4C4456DA144CDBE9F9C
                                                                            Malicious:false
                                                                            Preview:...m.................DB_VERSION.1.<j.j...............(QUERY_TIMESTAMP:product_category_en1.*.*.13368898326766808..QUERY:product_category_en1.*.*..[{"name":"product_category_en","url":"https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories","version":{"major":1,"minor":0,"patch":0},"hash":"r2jWYy3aqoi3+S+aPyOSfXOCPeLSy5AmAjNHvYRv9Hg=","size":82989}]...yg~..............!ASSET_VERSION:product_category_en.1.0.0..ASSET:product_category_en...."..3....Car & Garage..Belts & Hoses.#..+....Sports & Outdoors..Air Pumps.!.."....Car & Garage..Body Styling.4..5./..Gourmet Food & Chocolate..Spices & Seasonings.'..,."..Sports & Outdoors..Sleeping Gear.!..6....Lawn & Garden..Hydroponics.9.a.5..Books & Magazines. Gay & Lesbian Interest Magazines....+....Office Products..Pins.,..3.'..Kitchen & Housewares..Coffee Grinders.$..#....Computing..Enterprise Servers.#..&....Home Furnishings..Footboards.6...2..Books & Magazines..Computer & Internet Magazines.)..

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\CURRENT (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):16
                                                                            Entropy (8bit):3.2743974703476995
                                                                            Encrypted:false
                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                            Malicious:false
                                                                            Preview:MANIFEST-000001.

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):309
                                                                            Entropy (8bit):5.171411186181129
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPeDRq1923oH+TcwtgctZQInvB2KLlLPeWq2P923oH+TcwtgctZQInvIFUv:NPqfYebgGZznvFL1Prv4YebgGZznQFUv
                                                                            MD5:B50F59485DBEBBCC9636D0E736670D33
                                                                            SHA1:A4E834D625018BDBA4C9B1A9BA4F93C8E757175D
                                                                            SHA-256:E0273A8AE21D342D32EF80B6A80A1AD42EC437A2500150BFD531D26B91216B55
                                                                            SHA-512:AD76B80A94C1CAFC0C7182A3842F5A3D81395C1F2A17D744ED3EE44D96746097F716483E75E550088F9078A9602C89B268F5CA713358AF323BDBF467E4550272
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:52:05.860 2540 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/08/23-10:52:05.986 2540 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\MANIFEST-000001

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:OpenPGP Secret Key
                                                                            Category:dropped
                                                                            Size (bytes):41
                                                                            Entropy (8bit):4.704993772857998
                                                                            Encrypted:false
                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                            Malicious:false
                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):28366
                                                                            Entropy (8bit):5.5575600020747675
                                                                            Encrypted:false
                                                                            SSDEEP:768:CBCOGD7pLGLvtIWPZVfEX8F1+UoAYDCx9Tuqh0VfUC9xbog/OVCL7G+rwPpQtuT:CBCOG1cvtIWPZVfEXu1jaH/GbWto
                                                                            MD5:8E4CD01E70D00B69D1170B63A4C3CE32
                                                                            SHA1:5E534DB4BDF5204B31637F59C3E243D8324101B5
                                                                            SHA-256:DEB5E014A27F50D5210382AA9CEECD02883FD4BC54EDF7FECE14C2AD33BBF176
                                                                            SHA-512:8736F24DBE1622B7A0008FB07DC5FB23F5CD2D7161A08FBDCC9B58BB4AD63394E55DF660B5F3C173C5633144FB9305AA02737217310F4429BB73486C1739E3D8
                                                                            Malicious:false
                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368898315169275","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368898315169275","location":5,"ma

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF38cdf.TMP (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):28366
                                                                            Entropy (8bit):5.5575600020747675
                                                                            Encrypted:false
                                                                            SSDEEP:768:CBCOGD7pLGLvtIWPZVfEX8F1+UoAYDCx9Tuqh0VfUC9xbog/OVCL7G+rwPpQtuT:CBCOG1cvtIWPZVfEXu1jaH/GbWto
                                                                            MD5:8E4CD01E70D00B69D1170B63A4C3CE32
                                                                            SHA1:5E534DB4BDF5204B31637F59C3E243D8324101B5
                                                                            SHA-256:DEB5E014A27F50D5210382AA9CEECD02883FD4BC54EDF7FECE14C2AD33BBF176
                                                                            SHA-512:8736F24DBE1622B7A0008FB07DC5FB23F5CD2D7161A08FBDCC9B58BB4AD63394E55DF660B5F3C173C5633144FB9305AA02737217310F4429BB73486C1739E3D8
                                                                            Malicious:false
                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368898315169275","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368898315169275","location":5,"ma

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):440
                                                                            Entropy (8bit):4.653241259728483
                                                                            Encrypted:false
                                                                            SSDEEP:12:S+a8ljljljljlWGUlcPDgB+CtQ3lcPDgwnGz3A/XkAvkAvkAv:Ra0ZZZZWGUc6OcvG0Xk8k8k8
                                                                            MD5:C6C034CC2802930CB15A806414924A22
                                                                            SHA1:800FFE97E7D112401F9BDC4EB3542951C30B84E8
                                                                            SHA-256:D892E4D1DD41FDE2DC612104A2B60972698F6430E59842BB5619D06508E87507
                                                                            SHA-512:A42684727122645E710F4FA1FB5C85A2F31B37DE4A4B2228B66F6642E60EF18054E5EC8443F3E6D9E49C50C033A62B8402B9325B978F480F29A5A386FB113354
                                                                            Malicious:false
                                                                            Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f................]..j................next-map-id.1.Knamespace-8502f244_1299_4139_a5bc_aba7ad94af69-https://accounts.google.com/.0..Gk................next-map-id.2.Lnamespace-8502f244_1299_4139_a5bc_aba7ad94af69-https://accounts.youtube.com/.1. .................. .................. .................. .................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):324
                                                                            Entropy (8bit):5.131121051489143
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPe74pQL+q2P923oH+TcwtrQMxIFUt88PefvGKWZmw+8PeiQLVkwO923oH+Tcwtf:NPRQ+v4YebCFUt88PwGKW/+8PdQV5LYM
                                                                            MD5:9493BFF997A3A6EFA6E7E8F80CC06A19
                                                                            SHA1:1525286FD2561A0634724204C6E8FD2259A7A762
                                                                            SHA-256:538BFBD076EB556E3640D8A0CA5972A9FCCBBA73218196946AAAFE8493C7AEED
                                                                            SHA-512:C27F3695DC5A1B19977C9CEF901FE016B07133194F04D4690E22D3BC24E9A24A6E7B0CF62B88DB40FB81151A6677828A88A9E6BE41FCBFE29B07210C3C432506
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.859 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/08/23-10:51:55.861 1eec Recovering log #3.2024/08/23-10:51:55.864 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):324
                                                                            Entropy (8bit):5.131121051489143
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPe74pQL+q2P923oH+TcwtrQMxIFUt88PefvGKWZmw+8PeiQLVkwO923oH+Tcwtf:NPRQ+v4YebCFUt88PwGKW/+8PdQV5LYM
                                                                            MD5:9493BFF997A3A6EFA6E7E8F80CC06A19
                                                                            SHA1:1525286FD2561A0634724204C6E8FD2259A7A762
                                                                            SHA-256:538BFBD076EB556E3640D8A0CA5972A9FCCBBA73218196946AAAFE8493C7AEED
                                                                            SHA-512:C27F3695DC5A1B19977C9CEF901FE016B07133194F04D4690E22D3BC24E9A24A6E7B0CF62B88DB40FB81151A6677828A88A9E6BE41FCBFE29B07210C3C432506
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.859 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/08/23-10:51:55.861 1eec Recovering log #3.2024/08/23-10:51:55.864 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13368898317734783

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):9281
                                                                            Entropy (8bit):4.090494913525018
                                                                            Encrypted:false
                                                                            SSDEEP:192:3ttXeEg3PkZoEy3PkZ0EQ3bA9teSDK3PkZIwy:dtXQkZgkZKk9/D6kZu
                                                                            MD5:AB1B8125114BDB58B128B2BA6EE0D704
                                                                            SHA1:6F2AEDCE062E8655108336E79E5DEB39B5C6438C
                                                                            SHA-256:02EE565F78CE43083A436C52E732EEBE47F7137A1D60443244CA0656E17429F2
                                                                            SHA-512:B0DC6C596D49F5C493330A6CF1F89D36F941B2FFE3A291D0C3DDE4F72C8220A4F3D7108D9534095B91751A918B93EBE49818877238B33BD15AB0C78E296EE2D8
                                                                            Malicious:false
                                                                            Preview:SNSS..........^..............^......"...^..............^..........^..........^..........^....!.....^..................................^...^1..,......^$...8502f244_1299_4139_a5bc_aba7ad94af69......^..........^......*...........^......^..........................^....................5..0......^&...{98952893-68FF-4A5D-A164-705C709ED3DB}........^..........^..............................^..................^o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.......117.........Not;A=Brand.....8.0.0.0.....Chromium....117.0.5938.132......Google Chrome.......117.0.5938.132......117.0.5938.132......Windows.....10.0.0......x86.............64.......................^..................^o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium...

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                            Category:dropped
                                                                            Size (bytes):20480
                                                                            Entropy (8bit):0.44194574462308833
                                                                            Encrypted:false
                                                                            SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                            MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                            SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                            SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                            SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):352
                                                                            Entropy (8bit):5.148899777628347
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPeYqM+q2P923oH+Tcwt7Uh2ghZIFUt88Pe7YOZZmw+8Pe7YOMMVkwO923oH+Tcz:NPcM+v4YebIhHh2FUt88PFq/+8PF1MVa
                                                                            MD5:42E5A4351A8B549C882958C97C8EBC62
                                                                            SHA1:8B8CDB91FF63FC64351C44CB04D740D49C25980C
                                                                            SHA-256:F776611466D2E6BE63A602CEFAA3B9AC803B88FD90B38D4C52787103AF0B7E91
                                                                            SHA-512:1DA84CAC95B1BA21417C0F77D6C4ECE74B6E548EDA8B39A7D8C3B47DC4385372661DC6E72D2693DA722CA938CDFCFB5112D66A9124CBA30AB179B542DD5EE956
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.245 1dfc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/08/23-10:51:55.246 1dfc Recovering log #3.2024/08/23-10:51:55.246 1dfc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):352
                                                                            Entropy (8bit):5.148899777628347
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPeYqM+q2P923oH+Tcwt7Uh2ghZIFUt88Pe7YOZZmw+8Pe7YOMMVkwO923oH+Tcz:NPcM+v4YebIhHh2FUt88PFq/+8PF1MVa
                                                                            MD5:42E5A4351A8B549C882958C97C8EBC62
                                                                            SHA1:8B8CDB91FF63FC64351C44CB04D740D49C25980C
                                                                            SHA-256:F776611466D2E6BE63A602CEFAA3B9AC803B88FD90B38D4C52787103AF0B7E91
                                                                            SHA-512:1DA84CAC95B1BA21417C0F77D6C4ECE74B6E548EDA8B39A7D8C3B47DC4385372661DC6E72D2693DA722CA938CDFCFB5112D66A9124CBA30AB179B542DD5EE956
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.245 1dfc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/08/23-10:51:55.246 1dfc Recovering log #3.2024/08/23-10:51:55.246 1dfc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):270336
                                                                            Entropy (8bit):0.0012471779557650352
                                                                            Encrypted:false
                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                            Malicious:false
                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):270336
                                                                            Entropy (8bit):0.0012471779557650352
                                                                            Encrypted:false
                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                            Malicious:false
                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):434
                                                                            Entropy (8bit):5.221429159475158
                                                                            Encrypted:false
                                                                            SSDEEP:12:NP/WuQ+v4YebvqBQFUt88P/WMGKW/+8P/FQV5LYebvqBvJ:NP/Wu54YebvZg88P/DGKUP/FSLYebvk
                                                                            MD5:EAD9347FCD7F2720DE117CDB8AA7577F
                                                                            SHA1:40FB6EED8A20F002AAB50595064C51660074F4FF
                                                                            SHA-256:3D27583C21CB459BBB406150CFCD602359660DDA40C5F609ED7ED898BE6626F5
                                                                            SHA-512:3800F22BAFCA91103B61A98125EF6612360B811B43F3B000A0DDCF5DBF8E994B53439B2AD3210E86DCEAA5F80101A9100D430F4BD5F25FD47C0370161972FABD
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:56.225 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/08/23-10:51:56.227 1eec Recovering log #3.2024/08/23-10:51:56.247 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):434
                                                                            Entropy (8bit):5.221429159475158
                                                                            Encrypted:false
                                                                            SSDEEP:12:NP/WuQ+v4YebvqBQFUt88P/WMGKW/+8P/FQV5LYebvqBvJ:NP/Wu54YebvZg88P/DGKUP/FSLYebvk
                                                                            MD5:EAD9347FCD7F2720DE117CDB8AA7577F
                                                                            SHA1:40FB6EED8A20F002AAB50595064C51660074F4FF
                                                                            SHA-256:3D27583C21CB459BBB406150CFCD602359660DDA40C5F609ED7ED898BE6626F5
                                                                            SHA-512:3800F22BAFCA91103B61A98125EF6612360B811B43F3B000A0DDCF5DBF8E994B53439B2AD3210E86DCEAA5F80101A9100D430F4BD5F25FD47C0370161972FABD
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:56.225 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/08/23-10:51:56.227 1eec Recovering log #3.2024/08/23-10:51:56.247 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\455dcbba-bec4-416a-91c2-9e876113ba20.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):144
                                                                            Entropy (8bit):4.842082263530856
                                                                            Encrypted:false
                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                            MD5:ABE81C38891A875B52127ACE9C314105
                                                                            SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                            SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                            SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                            Malicious:false
                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):144
                                                                            Entropy (8bit):4.842082263530856
                                                                            Encrypted:false
                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                            MD5:ABE81C38891A875B52127ACE9C314105
                                                                            SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                            SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                            SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                            Malicious:false
                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2
                                                                            Entropy (8bit):1.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:H:H
                                                                            MD5:D751713988987E9331980363E24189CE
                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                            Malicious:false
                                                                            Preview:[]

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF33efe.TMP (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2
                                                                            Entropy (8bit):1.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:H:H
                                                                            MD5:D751713988987E9331980363E24189CE
                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                            Malicious:false
                                                                            Preview:[]

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):40
                                                                            Entropy (8bit):4.1275671571169275
                                                                            Encrypted:false
                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                            Malicious:false
                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                            Category:dropped
                                                                            Size (bytes):36864
                                                                            Entropy (8bit):0.3886039372934488
                                                                            Encrypted:false
                                                                            SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                            MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                            SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                            SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                            SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c905afd1-41c6-4c94-9352-367d8cb1b98a.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2
                                                                            Entropy (8bit):1.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:H:H
                                                                            MD5:D751713988987E9331980363E24189CE
                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                            Malicious:false
                                                                            Preview:[]

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d8aab097-9fee-47ec-affc-b9226d8fb365.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):40
                                                                            Entropy (8bit):4.1275671571169275
                                                                            Encrypted:false
                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                            Malicious:false
                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e6c3cf90-23f5-4db3-ad28-cd414b55ff58.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2
                                                                            Entropy (8bit):1.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:H:H
                                                                            MD5:D751713988987E9331980363E24189CE
                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                            Malicious:false
                                                                            Preview:[]

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):80
                                                                            Entropy (8bit):3.4921535629071894
                                                                            Encrypted:false
                                                                            SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                            MD5:69449520FD9C139C534E2970342C6BD8
                                                                            SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                            SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                            SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                            Malicious:false
                                                                            Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):422
                                                                            Entropy (8bit):5.213365707016595
                                                                            Encrypted:false
                                                                            SSDEEP:12:NPBQ+v4YebvqBZFUt88PYSGKW/+8PlQV5LYebvqBaJ:NPB54Yebvyg88PYSGKUPlSLYebvL
                                                                            MD5:043D4AAF4BFA87DD8B84ED44E2F75542
                                                                            SHA1:E23854D105FF9E1F314E5B9C272408B9C861526D
                                                                            SHA-256:E630E94AC79E6B21F9C01976F6A5D9A41D5FDB598D2738A875742B61CE75678D
                                                                            SHA-512:9F5D3EE2D8A98FC9D85BAB2ADBD0AFD59EB8EA92B97E836D7489ED420032ADD6B3754DE89FAB4786DD05CC1F00C56AD6EFF1F482E2D409050195DFB2B6532165
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:52:14.464 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/08/23-10:52:14.466 1eec Recovering log #3.2024/08/23-10:52:14.468 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):422
                                                                            Entropy (8bit):5.213365707016595
                                                                            Encrypted:false
                                                                            SSDEEP:12:NPBQ+v4YebvqBZFUt88PYSGKW/+8PlQV5LYebvqBaJ:NPB54Yebvyg88PYSGKUPlSLYebvL
                                                                            MD5:043D4AAF4BFA87DD8B84ED44E2F75542
                                                                            SHA1:E23854D105FF9E1F314E5B9C272408B9C861526D
                                                                            SHA-256:E630E94AC79E6B21F9C01976F6A5D9A41D5FDB598D2738A875742B61CE75678D
                                                                            SHA-512:9F5D3EE2D8A98FC9D85BAB2ADBD0AFD59EB8EA92B97E836D7489ED420032ADD6B3754DE89FAB4786DD05CC1F00C56AD6EFF1F482E2D409050195DFB2B6532165
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:52:14.464 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/08/23-10:52:14.466 1eec Recovering log #3.2024/08/23-10:52:14.468 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):328
                                                                            Entropy (8bit):5.15930670707964
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPeBq2P923oH+TcwtpIFUt88Pe7Zmw+8PeRkwO923oH+Tcwta/WLJ:NPgv4YebmFUt88Pi/+8PO5LYebaUJ
                                                                            MD5:28BD0E7E11D7CE5D1A332374BF447171
                                                                            SHA1:76A1B0444E89CDC970030B85A0F023E37D16F9C3
                                                                            SHA-256:C8A03EC6DA90093FF6937CBB490065B10F0967CB7CEAA497911F71E7A32F0139
                                                                            SHA-512:DB8F6CB752B72BB625401853AAF69DD2F108A1AAB329A59C9BC26E4F151D2EC65AF5B4B28C31A2452CFCC6ABA32536BCD3B9B7BEC0E89A6F815AB15D1ADD6516
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.222 1df0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/08/23-10:51:55.223 1df0 Recovering log #3.2024/08/23-10:51:55.223 1df0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):328
                                                                            Entropy (8bit):5.15930670707964
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPeBq2P923oH+TcwtpIFUt88Pe7Zmw+8PeRkwO923oH+Tcwta/WLJ:NPgv4YebmFUt88Pi/+8PO5LYebaUJ
                                                                            MD5:28BD0E7E11D7CE5D1A332374BF447171
                                                                            SHA1:76A1B0444E89CDC970030B85A0F023E37D16F9C3
                                                                            SHA-256:C8A03EC6DA90093FF6937CBB490065B10F0967CB7CEAA497911F71E7A32F0139
                                                                            SHA-512:DB8F6CB752B72BB625401853AAF69DD2F108A1AAB329A59C9BC26E4F151D2EC65AF5B4B28C31A2452CFCC6ABA32536BCD3B9B7BEC0E89A6F815AB15D1ADD6516
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.222 1df0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/08/23-10:51:55.223 1df0 Recovering log #3.2024/08/23-10:51:55.223 1df0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):131072
                                                                            Entropy (8bit):0.005567161523650777
                                                                            Encrypted:false
                                                                            SSDEEP:3:ImtVF+R5I/5gz1cyGldt/:IiVEY2zi
                                                                            MD5:8EB3255621CD5BD6E19E9C8799B261C4
                                                                            SHA1:424B35BDC30F0F6462CD2ED1DE3DD4368FE4DD82
                                                                            SHA-256:122080A6D0871F1332DAFD46BBEA1727042ED3BBB7FCC058C4D0629942AB0419
                                                                            SHA-512:4619197C6961EEDEC4E77FC77BDFC230ED9A6F1C7E9F4FFBB3F36A103EA93A8A67E1EDB0BE3E162585FE7EAF70C5D326C8B70F746D3331EDE7BF877CA7173996
                                                                            Malicious:false
                                                                            Preview:VLnk.....?......?......+................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                            Category:dropped
                                                                            Size (bytes):196608
                                                                            Entropy (8bit):1.2649500280815151
                                                                            Encrypted:false
                                                                            SSDEEP:384:8/2qOB1nxCkMYSAELyKOMq+8yC8F/YfU5m+OlTLVumV:Bq+n0JY9ELyKOMq+8y9/OwG
                                                                            MD5:1A77DD6D11F5764C13188782C42AD451
                                                                            SHA1:08A59589472CBC33D2D4AD45895B31C4A9FA89CB
                                                                            SHA-256:2FC86FC527B77FFEDC5C8EFC627C0A5BFC3849CEF37E6AF1BEAC1EB594B255B9
                                                                            SHA-512:8268E60739687322D9D4E089325732E2253C912CC2105D670951EA673C5EE2D9E408FDC06A67F1671E3CA4211B117C7FDC7454A5A9F3C07BB87BE8A617669FB5
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 11
                                                                            Category:dropped
                                                                            Size (bytes):14336
                                                                            Entropy (8bit):1.4169881893747978
                                                                            Encrypted:false
                                                                            SSDEEP:48:fK3tjkSdj5IUltGhp22iSBgEa2RyqWqKyyF/g2RyqWqKyGxj/:ftSjGhp22iSRVNWVNWH
                                                                            MD5:EA1BCDDD50D2A74500DB8A78673BEFAA
                                                                            SHA1:0DD48C003A82F0B95D87E25BBC530095EDAC278C
                                                                            SHA-256:914A4B4241AD9929553F0D64847B1FCC263C4C8BF78BA90D50E50E423CEDE1A3
                                                                            SHA-512:48D8019B0CB74B1F809B3B6ECB22A1BB1C92AE84CB78FF3726410627C6D52BA8043C740AAB13B36F11ED7E74DBE9AE8C974235D21BDE7BB4077230AD6D97D9C1
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                            Category:dropped
                                                                            Size (bytes):40960
                                                                            Entropy (8bit):0.41235120905181716
                                                                            Encrypted:false
                                                                            SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                            MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                            SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                            SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                            SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):11755
                                                                            Entropy (8bit):5.190465908239046
                                                                            Encrypted:false
                                                                            SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                            MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                            SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                            SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                            SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                            Malicious:false
                                                                            Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b3ceb41b-e511-4b01-865b-ca889508d8e6.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):10507
                                                                            Entropy (8bit):5.212544851190619
                                                                            Encrypted:false
                                                                            SSDEEP:192:stYkdLsOTgsZihqIOkH83v8ibV+FmmQA66Wh4laFIMYS+P+YJ:stYYsOTgfhqAGbGHQx6Wh4laTYSA
                                                                            MD5:CB918AF7801710F007E22F5825C22D69
                                                                            SHA1:E7E53F7507E7FAFD3D482D9594FA1BCBF2807115
                                                                            SHA-256:2CBEF9C565556501A5613F1D40B73272398CC0EA624999E0A0585984271BB155
                                                                            SHA-512:CA00823F93513625C6DEB139E89334CDC43B259522F8AAF801C8436EE6F3DDBBADE32BEA893C69A9D3C787627887A35FBA397E7BE41EDABABD7401F158D299F7
                                                                            Malicious:false
                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368898315804871","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\be7a7e08-e863-4ed8-9227-d42b26a35ebd.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):28366
                                                                            Entropy (8bit):5.5575600020747675
                                                                            Encrypted:false
                                                                            SSDEEP:768:CBCOGD7pLGLvtIWPZVfEX8F1+UoAYDCx9Tuqh0VfUC9xbog/OVCL7G+rwPpQtuT:CBCOG1cvtIWPZVfEXu1jaH/GbWto
                                                                            MD5:8E4CD01E70D00B69D1170B63A4C3CE32
                                                                            SHA1:5E534DB4BDF5204B31637F59C3E243D8324101B5
                                                                            SHA-256:DEB5E014A27F50D5210382AA9CEECD02883FD4BC54EDF7FECE14C2AD33BBF176
                                                                            SHA-512:8736F24DBE1622B7A0008FB07DC5FB23F5CD2D7161A08FBDCC9B58BB4AD63394E55DF660B5F3C173C5633144FB9305AA02737217310F4429BB73486C1739E3D8
                                                                            Malicious:false
                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368898315169275","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368898315169275","location":5,"ma

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                            Category:dropped
                                                                            Size (bytes):28672
                                                                            Entropy (8bit):0.3410017321959524
                                                                            Encrypted:false
                                                                            SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                            MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                            SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                            SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                            SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\df83ceae-c4e1-46b7-ab9b-586b55e61832.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):10507
                                                                            Entropy (8bit):5.212561035965039
                                                                            Encrypted:false
                                                                            SSDEEP:192:stYkdLsOTgsZihqIOkH83v8ibV+FmmQA66Wh8laFIMYS+P+YJ:stYYsOTgfhqAGbGHQx6Wh8laTYSA
                                                                            MD5:F509951C16BA8FBF74A6CE992FC851BB
                                                                            SHA1:86B64977D885C840C1187D94BC835734746A1215
                                                                            SHA-256:65FB2AC0D982C91B98C1C70B53D0DF1FE459E7F2BF0246C8394FD948DB9E2FBD
                                                                            SHA-512:F06A813108A46BE1F2A4F02F8F867EF0D7145907C809E819EF002937A5D4BA0D409179D62F33BD6011A7CBB13436C90390C4D16936B9A081B5217091C3F3FE64
                                                                            Malicious:false
                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368898315804871","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e0873a68-f710-4b8d-9a8d-42aff49707ad.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):10342
                                                                            Entropy (8bit):5.215317627715406
                                                                            Encrypted:false
                                                                            SSDEEP:192:stYkdLsOTgsZihqIOkH83v8ibV+FmmQA66Wh/aFIMYS+P+YJ:stYYsOTgfhqAGbGHQx6Wh/aTYSA
                                                                            MD5:A50100840DF38848729D6BB69A999972
                                                                            SHA1:A84CCC574F4B05B9A2C25833B04C912252A94345
                                                                            SHA-256:AF5AD59CF1A4AFCB868136B259B49D2E381EBB85941B5D335A4E27DF99DFDC25
                                                                            SHA-512:5006BBA47403CFBC89DAEA9506A306EDE3CBEDCAD6ABFB7DDAE97F2167224AA4D92E48C30BA4DBE42CFD2D92D5BBE654F6DF49EDDA80CD2CEEAADB74674C9946
                                                                            Malicious:false
                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368898315804871","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e375ddf2-7e0f-4280-847a-305c14753b4e.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):9749
                                                                            Entropy (8bit):5.117271166490843
                                                                            Encrypted:false
                                                                            SSDEEP:192:stYkdLsOTgsZihUkH83v8ibV+FmmQA66WhRaFIMYS+P+YJ:stYYsOTgfhPGbGHQx6WhRaTYSA
                                                                            MD5:B3C9B2174DD795F24ED8AA9F2F5C3F4B
                                                                            SHA1:C3E5F62EE436778E48D671430F5F3CE22D284E4A
                                                                            SHA-256:E96F5EA7AA7C4C7849EDD37694FB6F7FC0BDDEED54367B9A07F033A4CBB38B79
                                                                            SHA-512:DDA2832E6FA9C9DBB057A9EC446DE8584623E9E6C2FE699BE734D40CC83F6F6C2E31A319B62348248B309B6017E882445F5B9CA1FAC7A01350C249D9332C212C
                                                                            Malicious:false
                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13368898315804871","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):32768
                                                                            Entropy (8bit):0.11600837519554545
                                                                            Encrypted:false
                                                                            SSDEEP:12:Wt0ztOpEjVl/PnnnnnnnnnnnnnnnvoQsUQo8AGS:Wt0zt+oPnnnnnnnnnnnnnnnvN3zd
                                                                            MD5:130D5D7D4007DCC04EDDE98754A474F6
                                                                            SHA1:06AC6C9442699038AD7BBE31BBFB5D28DB0C4CA1
                                                                            SHA-256:DD02127AA56D9ADEAFC285F81BBCE9A380FD1A97D21A2DFB61D23A8D435A4823
                                                                            SHA-512:211A0F0763FA4AD184DB6D3156E7CCA16ACF301EA5FE2C500812D33B55D911A04583B24B0F0FF2BD799349D262F49F0E102B78F46C0A8E14D93B3E236381E75C
                                                                            Malicious:false
                                                                            Preview:..-.............].......8.EXVui..4..}.........-.............].......8.EXVui..4..}...............Y...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite Write-Ahead Log, version 3007000
                                                                            Category:dropped
                                                                            Size (bytes):383192
                                                                            Entropy (8bit):1.0829326518377878
                                                                            Encrypted:false
                                                                            SSDEEP:768:/YqcOdVijjFjshjjZjR7jQJjSWj7Rjadj27jjWAj0:ziPFohPZl7UJeWnRmdYjSAo
                                                                            MD5:B8B23CA924F218A509A4E18F9A25053F
                                                                            SHA1:95EAFC2131501081A475BB153A6666CA88B64CB0
                                                                            SHA-256:A1E3950A4E2B3F7D920DCDE4C0F3D60A20748AFFDC41D62DDD67C96C51CDD8B8
                                                                            SHA-512:AE5861AE498D8203443730D69AF5CC0B816A7E6D19BB263B6884D3A55A91FB414B86E14BD50D9E154EABC72399D4D9A47788049F39B72422DDE8D3EA0FE691E0
                                                                            Malicious:false
                                                                            Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:modified
                                                                            Size (bytes):723
                                                                            Entropy (8bit):3.2142587564020766
                                                                            Encrypted:false
                                                                            SSDEEP:12:Wlc8NOuuuuuuuuuuuuuuuuuuuuuuuTI8RU:iDrP
                                                                            MD5:A22C8A1EA02946590971281FB5750E81
                                                                            SHA1:AF31F2DB0F51A47AD38C39F985BA6901336A0F74
                                                                            SHA-256:D983CC5E0B1EC3A7FF374841C3E88F55B4E580696F69F32CB590CAA40FF66D0D
                                                                            SHA-512:F8CA9D40B64172D133D9F47147BE7DDFEC63FA2072911D31EBBCD7E402FE955DC591F9AC97505D2544EF324DF39427BC4AE1C9BDD06394489B604142776E0D53
                                                                            Malicious:false
                                                                            Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=................JC90................39_config..........6.....n ....1V.e................V.e................V.e................V.e................V.e................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):324
                                                                            Entropy (8bit):5.223620345903277
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPeMx+q2P923oH+TcwtfrK+IFUt88PeMSWZmw+8PePVkwO923oH+TcwtfrUeLJ:NPDx+v4Yeb23FUt88PDSW/+8PuV5LYet
                                                                            MD5:43B02EA008E6CB8C30702C20946215BD
                                                                            SHA1:35B29AC6F270C3B86B2C5911975022630678EA79
                                                                            SHA-256:A2DE21052D5832C5C0F7F617D7B3225944F276AE1156A107656062981D8D8007
                                                                            SHA-512:CCC9952296E5959AB258DC9250AB6D2440A8EB8B1FC5EA1825B6BF9A2A175FF74AE8EB5F95F5BDE836A21A6877E183DB699469AC7269A65C55397C4A92921D3B
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.826 1dec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/08/23-10:51:55.826 1dec Recovering log #3.2024/08/23-10:51:55.827 1dec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):324
                                                                            Entropy (8bit):5.223620345903277
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPeMx+q2P923oH+TcwtfrK+IFUt88PeMSWZmw+8PePVkwO923oH+TcwtfrUeLJ:NPDx+v4Yeb23FUt88PDSW/+8PuV5LYet
                                                                            MD5:43B02EA008E6CB8C30702C20946215BD
                                                                            SHA1:35B29AC6F270C3B86B2C5911975022630678EA79
                                                                            SHA-256:A2DE21052D5832C5C0F7F617D7B3225944F276AE1156A107656062981D8D8007
                                                                            SHA-512:CCC9952296E5959AB258DC9250AB6D2440A8EB8B1FC5EA1825B6BF9A2A175FF74AE8EB5F95F5BDE836A21A6877E183DB699469AC7269A65C55397C4A92921D3B
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.826 1dec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/08/23-10:51:55.826 1dec Recovering log #3.2024/08/23-10:51:55.827 1dec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):787
                                                                            Entropy (8bit):4.059252238767438
                                                                            Encrypted:false
                                                                            SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                                            MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                                            SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                                            SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                                            SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                                            Malicious:false
                                                                            Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):342
                                                                            Entropy (8bit):5.167028725354475
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPeax+q2P923oH+TcwtfrzAdIFUt88PevmWZmw+8PevNVkwO923oH+TcwtfrzILJ:NP1x+v4Yeb9FUt88PFW/+8PoV5LYeb2J
                                                                            MD5:E6880309E2F0A9F1B7564F5F559E8A90
                                                                            SHA1:1CCE5A801614EC85F1F1668A027E8A7A1700AE3F
                                                                            SHA-256:4D1EFBEC2661CFCE9A27CA4FC1FBE44C1D5B4A937DA45D54D5A7A5936911EEB4
                                                                            SHA-512:05E881F459FAF24EF01E86AC0EDB4B5CF872E47E3B444AC69781FFD7BD9331789647E28A98E391A6133E7C92C13E57949681E4B847D95A4A749EE92C82C2DF73
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.820 1dec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/08/23-10:51:55.821 1dec Recovering log #3.2024/08/23-10:51:55.821 1dec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):342
                                                                            Entropy (8bit):5.167028725354475
                                                                            Encrypted:false
                                                                            SSDEEP:6:NPeax+q2P923oH+TcwtfrzAdIFUt88PevmWZmw+8PevNVkwO923oH+TcwtfrzILJ:NP1x+v4Yeb9FUt88PFW/+8PoV5LYeb2J
                                                                            MD5:E6880309E2F0A9F1B7564F5F559E8A90
                                                                            SHA1:1CCE5A801614EC85F1F1668A027E8A7A1700AE3F
                                                                            SHA-256:4D1EFBEC2661CFCE9A27CA4FC1FBE44C1D5B4A937DA45D54D5A7A5936911EEB4
                                                                            SHA-512:05E881F459FAF24EF01E86AC0EDB4B5CF872E47E3B444AC69781FFD7BD9331789647E28A98E391A6133E7C92C13E57949681E4B847D95A4A749EE92C82C2DF73
                                                                            Malicious:false
                                                                            Preview:2024/08/23-10:51:55.820 1dec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/08/23-10:51:55.821 1dec Recovering log #3.2024/08/23-10:51:55.821 1dec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):120
                                                                            Entropy (8bit):3.32524464792714
                                                                            Encrypted:false
                                                                            SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                            MD5:A397E5983D4A1619E36143B4D804B870
                                                                            SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                            SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                            SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                            Malicious:false
                                                                            Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):13
                                                                            Entropy (8bit):2.7192945256669794
                                                                            Encrypted:false
                                                                            SSDEEP:3:NYLFRQI:ap2I
                                                                            MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                            SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                            SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                            SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                            Malicious:false
                                                                            Preview:117.0.2045.47

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):44137
                                                                            Entropy (8bit):6.090749555104923
                                                                            Encrypted:false
                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMswuF9hDO6vP6O+4tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Vtbz8hu3VlXr4CRo1
                                                                            MD5:9422F5E8ED0AA8DF97373E681E786791
                                                                            SHA1:496942CDE6970077EC6CA7186AAFE68AAAD03000
                                                                            SHA-256:A9994A00418792993E2AFB3CA95A11BB3FB12052EFB97D0A345A383F98641277
                                                                            SHA-512:AC6668D9099C1DB40711DF31C71C355584EB47B5F6DB5FB440A25C5E07485588DD85FDA40A06E624C78EEFEBF00D3623ACAF3E7DE2A284F0D12C52BF7A720585
                                                                            Malicious:false
                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31790.TMP (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):44137
                                                                            Entropy (8bit):6.090749555104923
                                                                            Encrypted:false
                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMswuF9hDO6vP6O+4tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Vtbz8hu3VlXr4CRo1
                                                                            MD5:9422F5E8ED0AA8DF97373E681E786791
                                                                            SHA1:496942CDE6970077EC6CA7186AAFE68AAAD03000
                                                                            SHA-256:A9994A00418792993E2AFB3CA95A11BB3FB12052EFB97D0A345A383F98641277
                                                                            SHA-512:AC6668D9099C1DB40711DF31C71C355584EB47B5F6DB5FB440A25C5E07485588DD85FDA40A06E624C78EEFEBF00D3623ACAF3E7DE2A284F0D12C52BF7A720585
                                                                            Malicious:false
                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF317af.TMP (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):44137
                                                                            Entropy (8bit):6.090749555104923
                                                                            Encrypted:false
                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMswuF9hDO6vP6O+4tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Vtbz8hu3VlXr4CRo1
                                                                            MD5:9422F5E8ED0AA8DF97373E681E786791
                                                                            SHA1:496942CDE6970077EC6CA7186AAFE68AAAD03000
                                                                            SHA-256:A9994A00418792993E2AFB3CA95A11BB3FB12052EFB97D0A345A383F98641277
                                                                            SHA-512:AC6668D9099C1DB40711DF31C71C355584EB47B5F6DB5FB440A25C5E07485588DD85FDA40A06E624C78EEFEBF00D3623ACAF3E7DE2A284F0D12C52BF7A720585
                                                                            Malicious:false
                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31afb.TMP (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):44137
                                                                            Entropy (8bit):6.090749555104923
                                                                            Encrypted:false
                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMswuF9hDO6vP6O+4tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Vtbz8hu3VlXr4CRo1
                                                                            MD5:9422F5E8ED0AA8DF97373E681E786791
                                                                            SHA1:496942CDE6970077EC6CA7186AAFE68AAAD03000
                                                                            SHA-256:A9994A00418792993E2AFB3CA95A11BB3FB12052EFB97D0A345A383F98641277
                                                                            SHA-512:AC6668D9099C1DB40711DF31C71C355584EB47B5F6DB5FB440A25C5E07485588DD85FDA40A06E624C78EEFEBF00D3623ACAF3E7DE2A284F0D12C52BF7A720585
                                                                            Malicious:false
                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF34363.TMP (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):44137
                                                                            Entropy (8bit):6.090749555104923
                                                                            Encrypted:false
                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMswuF9hDO6vP6O+4tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Vtbz8hu3VlXr4CRo1
                                                                            MD5:9422F5E8ED0AA8DF97373E681E786791
                                                                            SHA1:496942CDE6970077EC6CA7186AAFE68AAAD03000
                                                                            SHA-256:A9994A00418792993E2AFB3CA95A11BB3FB12052EFB97D0A345A383F98641277
                                                                            SHA-512:AC6668D9099C1DB40711DF31C71C355584EB47B5F6DB5FB440A25C5E07485588DD85FDA40A06E624C78EEFEBF00D3623ACAF3E7DE2A284F0D12C52BF7A720585
                                                                            Malicious:false
                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF42a87.TMP (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):44137
                                                                            Entropy (8bit):6.090749555104923
                                                                            Encrypted:false
                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMswuF9hDO6vP6O+4tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Vtbz8hu3VlXr4CRo1
                                                                            MD5:9422F5E8ED0AA8DF97373E681E786791
                                                                            SHA1:496942CDE6970077EC6CA7186AAFE68AAAD03000
                                                                            SHA-256:A9994A00418792993E2AFB3CA95A11BB3FB12052EFB97D0A345A383F98641277
                                                                            SHA-512:AC6668D9099C1DB40711DF31C71C355584EB47B5F6DB5FB440A25C5E07485588DD85FDA40A06E624C78EEFEBF00D3623ACAF3E7DE2A284F0D12C52BF7A720585
                                                                            Malicious:false
                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF489dd.TMP (copy)

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):44137
                                                                            Entropy (8bit):6.090749555104923
                                                                            Encrypted:false
                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMswuF9hDO6vP6O+4tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Vtbz8hu3VlXr4CRo1
                                                                            MD5:9422F5E8ED0AA8DF97373E681E786791
                                                                            SHA1:496942CDE6970077EC6CA7186AAFE68AAAD03000
                                                                            SHA-256:A9994A00418792993E2AFB3CA95A11BB3FB12052EFB97D0A345A383F98641277
                                                                            SHA-512:AC6668D9099C1DB40711DF31C71C355584EB47B5F6DB5FB440A25C5E07485588DD85FDA40A06E624C78EEFEBF00D3623ACAF3E7DE2A284F0D12C52BF7A720585
                                                                            Malicious:false
                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                            Category:dropped
                                                                            Size (bytes):20480
                                                                            Entropy (8bit):0.5963118027796015
                                                                            Encrypted:false
                                                                            SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                                            MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                                            SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                                            SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                                            SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):47
                                                                            Entropy (8bit):4.3818353308528755
                                                                            Encrypted:false
                                                                            SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                            MD5:48324111147DECC23AC222A361873FC5
                                                                            SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                            SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                            SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                            Malicious:false
                                                                            Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):35
                                                                            Entropy (8bit):4.014438730983427
                                                                            Encrypted:false
                                                                            SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                            MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                            SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                            SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                            SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                            Malicious:false
                                                                            Preview:{"forceServiceDetermination":false}

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):50
                                                                            Entropy (8bit):3.9904355005135823
                                                                            Encrypted:false
                                                                            SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                            MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                            SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                            SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                            SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                            Malicious:false
                                                                            Preview:topTraffic_170540185939602997400506234197983529371

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):575056
                                                                            Entropy (8bit):7.999649474060713
                                                                            Encrypted:true
                                                                            SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                            MD5:BE5D1A12C1644421F877787F8E76642D
                                                                            SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                            SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                            SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                            Malicious:false
                                                                            Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):86
                                                                            Entropy (8bit):4.3751917412896075
                                                                            Encrypted:false
                                                                            SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                            MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                            SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                            SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                            SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                            Malicious:false
                                                                            Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d016754c-b1d9-44ee-b8ab-24852463b891.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):44652
                                                                            Entropy (8bit):6.096797970095362
                                                                            Encrypted:false
                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkB4wuIhDO6vP6OXnr6iZWy3YHcGoup1Xl3jVzXr4CW:z/Ps+wsI7yOEY6XOchu3VlXr4CRo1
                                                                            MD5:2FEC28AA7300CC8845724714C21075E8
                                                                            SHA1:4722111D98F04EDA2AB2A3394CF909263DA249D4
                                                                            SHA-256:AC64B163D29966F2AB9069DC157A62D4C3E658FB8AA3489464D87D8CA73D0822
                                                                            SHA-512:DCE749EFE5A824561EBD0FB072D17719EE50408531CFA082D2DA53D1FFF034A8D9DBCE0CA78279DB4D4B63D45276041BCE5DEECBFB62FF7CAABB30793DCEE2E0
                                                                            Malicious:false
                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d68e27c6-99ff-4f6c-a372-26a7f70da01e.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):45675
                                                                            Entropy (8bit):6.089239807507983
                                                                            Encrypted:false
                                                                            SSDEEP:768:2M7X2zt1jKYqHkZeM9K1D1hDO6vP6OXnr6iZWy3YHK/pIOyFsTJCAoNGoup1Xl3E:2MSzvKYqst9K06XOWpIOyFstRoNhu3VU
                                                                            MD5:0305D6F54D6876422C866A9203001995
                                                                            SHA1:F387BAF2775F408DD9DBE23F05015315CB523748
                                                                            SHA-256:121E8403E2BBFEA60F64329770FD441BC6EC5D85C08B03842E420E12DF02585C
                                                                            SHA-512:26367E3D3260E9453C0831F6FFC91CB9B087E65A692997A0E5DBCBA38EA9D2B7C769EC006FB1A7B607912CA68F4DD115FBFFAA1860EEAEAAD1FD01616B4BE0D9
                                                                            Malicious:false
                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ed9e6b65-8108-4496-a441-3ce738eee456.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):44596
                                                                            Entropy (8bit):6.0967136335256855
                                                                            Encrypted:false
                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBRwuIhDO6vP6OXnrCDZX/F98cGoup1Xl3jVzXr4CW:z/Ps+wsI7ynEL6Xrchu3VlXr4CRo1
                                                                            MD5:AFB4EFF7039D2B06FE50827E44F32C1B
                                                                            SHA1:D0FAED068F495E403F436793AD09637DD9348188
                                                                            SHA-256:66ECD448F4C76998AA1391270E43367FD02488049C6E4082C943DCB7C831EFB4
                                                                            SHA-512:3D3A077B7A99E5837E1118AC42D96F24F6950147266B82C3FF214E84A1FD9BDF85ACDF23C0301EDA51A6842ADD7BD2DE4C80A76772A19AA98D6858DD3520524E
                                                                            Malicious:false
                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\edcbf2a3-00d2-4165-9835-c6091d71d002.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):45752
                                                                            Entropy (8bit):6.089192385513533
                                                                            Encrypted:false
                                                                            SSDEEP:768:2M7X2zt1jKYqHkZehoK1D1hDO6vP6OXnr6iZWy3YHK/pIOyFsTJCAoNGoup1Xl3E:2MSzvKYqsaoK06XuWpIOyFstRoNhu3VU
                                                                            MD5:6D6F8C8A590991B9CC1ED9E36F263BF9
                                                                            SHA1:AC6364B3AB9939637242BD1BE360CB96DC60AC93
                                                                            SHA-256:B652046914D60DD4AB0233907BE3E20D276FC7AC6D278991F887F35D0420C85A
                                                                            SHA-512:50478910DDCDBEBA2D5ABA0E06310E91DE393D78DAF10FE147046FC745C44B571E82202485CA13AD55957473FB170DB717D136E550DBA1C89BB242E753D4C964
                                                                            Malicious:false
                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f5b776c1-5b36-4243-93c7-93826cec4cad.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):44137
                                                                            Entropy (8bit):6.090749555104923
                                                                            Encrypted:false
                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMswuF9hDO6vP6O+4tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Vtbz8hu3VlXr4CRo1
                                                                            MD5:9422F5E8ED0AA8DF97373E681E786791
                                                                            SHA1:496942CDE6970077EC6CA7186AAFE68AAAD03000
                                                                            SHA-256:A9994A00418792993E2AFB3CA95A11BB3FB12052EFB97D0A345A383F98641277
                                                                            SHA-512:AC6668D9099C1DB40711DF31C71C355584EB47B5F6DB5FB440A25C5E07485588DD85FDA40A06E624C78EEFEBF00D3623ACAF3E7DE2A284F0D12C52BF7A720585
                                                                            Malicious:false
                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                            C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):2278
                                                                            Entropy (8bit):3.864012253102239
                                                                            Encrypted:false
                                                                            SSDEEP:48:uiTrlKxrgxoxl9Il8uffHNBrU7jHEPZ8kA9ZLn1d1rc:mFYRDrQjzkALLn+
                                                                            MD5:706E6BBA7F451BC5C6A992C134025DF3
                                                                            SHA1:6BADC22B2F350DEDD9148B5E916B4B01DB55690E
                                                                            SHA-256:5B1F6129B02819AD943C21B8C55CE973E65D5BF0AA6696AE6184C4ACFAB54CBE
                                                                            SHA-512:949B346EF996528026AAA78B5C791966276B01B9C1A66AF5931289E2B4DE9965194411B94B9C689A2EE08AAF53409B66CBDE180EC19C17D35629FBDA12625814
                                                                            Malicious:false
                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.C.O.Y.Y.n.T.1.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.P.X.S.I.n.0.

                                                                            C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):4622
                                                                            Entropy (8bit):4.0002611835769954
                                                                            Encrypted:false
                                                                            SSDEEP:96:EHYRQWjJlPmXcD3+XsscS5hW+jMUehE5jB4sy8E:EHKjbPmsyvW+jMs5tT0
                                                                            MD5:E4BB1753FDF281148AF9C38304642F50
                                                                            SHA1:4C72F41DB918029D02AAB1BAD8DB3829E52BD150
                                                                            SHA-256:0C6055ECCED95A08F5740858456ECB53C2027C4D234624A736CCF4D71533A8E3
                                                                            SHA-512:A388B9EBA3B9478C7D9F5FEA9849B59051E767F7B194613168ED9E14EC54DD25D4BFC4DBB5F23BA7CB60CD8841061071DE46724C8DC955AD307166F3A6CA7ACB
                                                                            Malicious:false
                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.n.i.E.S.G.z.1.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.P.X.S.I.n.0.

                                                                            C:\Users\user\AppData\Local\Temp\159c68d4-5a4c-4989-bc80-011259499b93.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:Google Chrome extension, version 3
                                                                            Category:dropped
                                                                            Size (bytes):11185
                                                                            Entropy (8bit):7.951995436832936
                                                                            Encrypted:false
                                                                            SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                            MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                            SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                            SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                            SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                            Malicious:false
                                                                            Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                            C:\Users\user\AppData\Local\Temp\266f9403-b115-4128-9a19-3c97a93941ea.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:very short file (no magic)
                                                                            Category:dropped
                                                                            Size (bytes):1
                                                                            Entropy (8bit):0.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:L:L
                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                            Malicious:false
                                                                            Preview:.

                                                                            C:\Users\user\AppData\Local\Temp\2740131b-73c9-4b33-b3c3-20cf7d4aa7cf.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                            Category:dropped
                                                                            Size (bytes):206855
                                                                            Entropy (8bit):7.983996634657522
                                                                            Encrypted:false
                                                                            SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                            MD5:788DF0376CE061534448AA17288FEA95
                                                                            SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                            SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                            SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                            Malicious:false
                                                                            Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                            C:\Users\user\AppData\Local\Temp\4e2ac3b0-a088-4d64-a7e8-b591ce84be6e.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:Google Chrome extension, version 3
                                                                            Category:dropped
                                                                            Size (bytes):135751
                                                                            Entropy (8bit):7.804610863392373
                                                                            Encrypted:false
                                                                            SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                            MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                            SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                            SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                            SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                            Malicious:false
                                                                            Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                            C:\Users\user\AppData\Local\Temp\91634074-acc4-4690-b958-744b4a427d0a.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:very short file (no magic)
                                                                            Category:dropped
                                                                            Size (bytes):1
                                                                            Entropy (8bit):0.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:L:L
                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                            Malicious:false
                                                                            Preview:.

                                                                            C:\Users\user\AppData\Local\Temp\a3a87032-054b-41a6-bf81-77ded8c4ead1.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 906867
                                                                            Category:dropped
                                                                            Size (bytes):476222
                                                                            Entropy (8bit):7.998208129718621
                                                                            Encrypted:true
                                                                            SSDEEP:12288:8/cFnVabwghqWdCi/SrHJ7t2L33qfTMLh8DHNGtw:NFcwghqWdCiKzJ78afTMlQHSw
                                                                            MD5:15D24AFEF8E3DA905F929854A93138AF
                                                                            SHA1:FD39270324507B77E59B228B178D39CE769D1339
                                                                            SHA-256:B47FAF9FBCACEB3DEFFE5A4099CC60890690E36239881DE3874B29B5923D1B70
                                                                            SHA-512:F23789196A8CE90C28E8B3605915BAE6A2E9AE47B6ACFB81E95B70EB933B86B716D47F5ED3357B26268E587503F24A1884F2E5CDB1BAD46746FD3FD6FB9F682A
                                                                            Malicious:false
                                                                            Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D

                                                                            C:\Users\user\AppData\Local\Temp\ae5c3025-90d0-44dc-bc5f-c81c32fcdd9a.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
                                                                            Category:dropped
                                                                            Size (bytes):76321
                                                                            Entropy (8bit):7.996057445951542
                                                                            Encrypted:true
                                                                            SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wpGzxue:GdS8scZNzFrMa4M+lK5/nXexue
                                                                            MD5:D7A1AC56ED4F4D17DD0524C88892C56D
                                                                            SHA1:4153CA1A9A4FD0F781ECD5BA9D2A1E68C760ECD4
                                                                            SHA-256:0A29576C4002D863B0C5AE7A0B36C0BBEB0FB9AFD16B008451D4142C07E1FF2B
                                                                            SHA-512:31503F2F6831070E887EA104296E17EE755BB6BBFB1EF2A15371534BFA2D3F0CD53862389625CF498754B071885A53E1A7F82A3546275DB1F4588E0E80BF7BEE
                                                                            Malicious:false
                                                                            Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                            C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2110
                                                                            Entropy (8bit):5.410725914191458
                                                                            Encrypted:false
                                                                            SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854RrZ:8e2Fa116uCntc5toYupUFp7pSM
                                                                            MD5:997D9853AA10C080959660B591AC11CC
                                                                            SHA1:1B8AABE7DD3AF9B4237AF4B070D4694158BC3B28
                                                                            SHA-256:5A5F82420B63398EDA0A357706580AAFB69D2A77415304D6A91C043194EA17F6
                                                                            SHA-512:4D0DB60F842BD50B72C723D6E10BE297522AFF12B6B2BCA1B049C040A3D093613D1F73D39C18DB244C0F903A59145FFB781066F906F7DA54C883E67E7EC28A87
                                                                            Malicious:false
                                                                            Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

                                                                            C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                            Category:dropped
                                                                            Size (bytes):32768
                                                                            Entropy (8bit):0.4593089050301797
                                                                            Encrypted:false
                                                                            SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                            MD5:D910AD167F0217587501FDCDB33CC544
                                                                            SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                            SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                            SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                            Malicious:false
                                                                            Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_1334725425\159c68d4-5a4c-4989-bc80-011259499b93.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:Google Chrome extension, version 3
                                                                            Category:dropped
                                                                            Size (bytes):11185
                                                                            Entropy (8bit):7.951995436832936
                                                                            Encrypted:false
                                                                            SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                            MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                            SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                            SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                            SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                            Malicious:false
                                                                            Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_1334725425\CRX_INSTALL\_metadata\verified_contents.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1753
                                                                            Entropy (8bit):5.8889033066924155
                                                                            Encrypted:false
                                                                            SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                            MD5:738E757B92939B24CDBBD0EFC2601315
                                                                            SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                            SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                            SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                            Malicious:false
                                                                            Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_1334725425\CRX_INSTALL\content.js

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):9815
                                                                            Entropy (8bit):6.1716321262973315
                                                                            Encrypted:false
                                                                            SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                            MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                            SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                            SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                            SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                            Malicious:false
                                                                            Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_1334725425\CRX_INSTALL\content_new.js

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):10388
                                                                            Entropy (8bit):6.174387413738973
                                                                            Encrypted:false
                                                                            SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                            MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                            SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                            SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                            SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                            Malicious:false
                                                                            Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_1334725425\CRX_INSTALL\manifest.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):962
                                                                            Entropy (8bit):5.698567446030411
                                                                            Encrypted:false
                                                                            SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                            MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                            SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                            SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                            SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                            Malicious:false
                                                                            Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\4e2ac3b0-a088-4d64-a7e8-b591ce84be6e.tmp

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:Google Chrome extension, version 3
                                                                            Category:dropped
                                                                            Size (bytes):135751
                                                                            Entropy (8bit):7.804610863392373
                                                                            Encrypted:false
                                                                            SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                            MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                            SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                            SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                            SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                            Malicious:false
                                                                            Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\128.png

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                            Category:dropped
                                                                            Size (bytes):4982
                                                                            Entropy (8bit):7.929761711048726
                                                                            Encrypted:false
                                                                            SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                            MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                            SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                            SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                            SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                            Malicious:false
                                                                            Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\af\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):908
                                                                            Entropy (8bit):4.512512697156616
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                            MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                            SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                            SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                            SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\am\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1285
                                                                            Entropy (8bit):4.702209356847184
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                            MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                            SHA1:58979859B28513608626B563138097DC19236F1F
                                                                            SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                            SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\ar\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1244
                                                                            Entropy (8bit):4.5533961615623735
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                            MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                            SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                            SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                            SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\az\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):977
                                                                            Entropy (8bit):4.867640976960053
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                            MD5:9A798FD298008074E59ECC253E2F2933
                                                                            SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                            SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                            SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\be\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):3107
                                                                            Entropy (8bit):3.535189746470889
                                                                            Encrypted:false
                                                                            SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                            MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                            SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                            SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                            SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\bg\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1389
                                                                            Entropy (8bit):4.561317517930672
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                            MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                            SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                            SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                            SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\bn\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1763
                                                                            Entropy (8bit):4.25392954144533
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                            MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                            SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                            SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                            SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\ca\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):930
                                                                            Entropy (8bit):4.569672473374877
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                            MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                            SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                            SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                            SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\cs\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):913
                                                                            Entropy (8bit):4.947221919047
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                            MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                            SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                            SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                            SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\cy\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):806
                                                                            Entropy (8bit):4.815663786215102
                                                                            Encrypted:false
                                                                            SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                            MD5:A86407C6F20818972B80B9384ACFBBED
                                                                            SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                            SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                            SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\da\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):883
                                                                            Entropy (8bit):4.5096240460083905
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                            MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                            SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                            SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                            SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\de\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1031
                                                                            Entropy (8bit):4.621865814402898
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                            MD5:D116453277CC860D196887CEC6432FFE
                                                                            SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                            SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                            SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\el\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1613
                                                                            Entropy (8bit):4.618182455684241
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                            MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                            SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                            SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                            SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\en\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):851
                                                                            Entropy (8bit):4.4858053753176526
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                            MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                            SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                            SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                            SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\en_CA\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):851
                                                                            Entropy (8bit):4.4858053753176526
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                            MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                            SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                            SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                            SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\en_GB\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):848
                                                                            Entropy (8bit):4.494568170878587
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                            MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                            SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                            SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                            SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\en_US\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1425
                                                                            Entropy (8bit):4.461560329690825
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                            MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                            SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                            SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                            SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                            Malicious:false
                                                                            Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\es\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):961
                                                                            Entropy (8bit):4.537633413451255
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                            MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                            SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                            SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                            SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\es_419\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):959
                                                                            Entropy (8bit):4.570019855018913
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                            MD5:535331F8FB98894877811B14994FEA9D
                                                                            SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                            SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                            SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\et\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):968
                                                                            Entropy (8bit):4.633956349931516
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                            MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                            SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                            SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                            SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\eu\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):838
                                                                            Entropy (8bit):4.4975520913636595
                                                                            Encrypted:false
                                                                            SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                            MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                            SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                            SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                            SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\fa\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1305
                                                                            Entropy (8bit):4.673517697192589
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                            MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                            SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                            SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                            SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\fi\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):911
                                                                            Entropy (8bit):4.6294343834070935
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                            MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                            SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                            SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                            SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\fil\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):939
                                                                            Entropy (8bit):4.451724169062555
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                            MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                            SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                            SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                            SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\fr\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):977
                                                                            Entropy (8bit):4.622066056638277
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                            MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                            SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                            SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                            SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):972
                                                                            Entropy (8bit):4.621319511196614
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                            MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                            SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                            SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                            SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\gl\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):990
                                                                            Entropy (8bit):4.497202347098541
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                            MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                            SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                            SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                            SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\gu\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1658
                                                                            Entropy (8bit):4.294833932445159
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                            MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                            SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                            SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                            SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\hi\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1672
                                                                            Entropy (8bit):4.314484457325167
                                                                            Encrypted:false
                                                                            SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                            MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                            SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                            SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                            SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\hr\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):935
                                                                            Entropy (8bit):4.6369398601609735
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                            MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                            SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                            SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                            SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\hu\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1065
                                                                            Entropy (8bit):4.816501737523951
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                            MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                            SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                            SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                            SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\hy\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2771
                                                                            Entropy (8bit):3.7629875118570055
                                                                            Encrypted:false
                                                                            SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                            MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                            SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                            SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                            SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\id\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):858
                                                                            Entropy (8bit):4.474411340525479
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                            MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                            SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                            SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                            SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\is\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):954
                                                                            Entropy (8bit):4.631887382471946
                                                                            Encrypted:false
                                                                            SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                                            MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                                            SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                                            SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                                            SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\it\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):899
                                                                            Entropy (8bit):4.474743599345443
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                            MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                            SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                            SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                            SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\iw\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2230
                                                                            Entropy (8bit):3.8239097369647634
                                                                            Encrypted:false
                                                                            SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                            MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                            SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                            SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                            SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\ja\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1160
                                                                            Entropy (8bit):5.292894989863142
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                            MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                            SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                            SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                            SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\ka\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):3264
                                                                            Entropy (8bit):3.586016059431306
                                                                            Encrypted:false
                                                                            SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                            MD5:83F81D30913DC4344573D7A58BD20D85
                                                                            SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                            SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                            SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\kk\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):3235
                                                                            Entropy (8bit):3.6081439490236464
                                                                            Encrypted:false
                                                                            SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                            MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                            SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                            SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                            SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\km\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):3122
                                                                            Entropy (8bit):3.891443295908904
                                                                            Encrypted:false
                                                                            SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                            MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                            SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                            SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                            SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\kn\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1880
                                                                            Entropy (8bit):4.295185867329351
                                                                            Encrypted:false
                                                                            SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                                            MD5:8E16966E815C3C274EEB8492B1EA6648
                                                                            SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                                            SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                                            SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\ko\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1042
                                                                            Entropy (8bit):5.3945675025513955
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                            MD5:F3E59EEEB007144EA26306C20E04C292
                                                                            SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                            SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                            SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\lo\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2535
                                                                            Entropy (8bit):3.8479764584971368
                                                                            Encrypted:false
                                                                            SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                            MD5:E20D6C27840B406555E2F5091B118FC5
                                                                            SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                            SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                            SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\lt\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1028
                                                                            Entropy (8bit):4.797571191712988
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                            MD5:970544AB4622701FFDF66DC556847652
                                                                            SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                            SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                            SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\lv\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):994
                                                                            Entropy (8bit):4.700308832360794
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                            MD5:A568A58817375590007D1B8ABCAEBF82
                                                                            SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                            SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                            SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\ml\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2091
                                                                            Entropy (8bit):4.358252286391144
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                            MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                            SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                            SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                            SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\mn\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2778
                                                                            Entropy (8bit):3.595196082412897
                                                                            Encrypted:false
                                                                            SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                            MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                            SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                            SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                            SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\mr\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1719
                                                                            Entropy (8bit):4.287702203591075
                                                                            Encrypted:false
                                                                            SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                            MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                            SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                            SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                            SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\ms\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):936
                                                                            Entropy (8bit):4.457879437756106
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                            MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                            SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                            SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                            SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\my\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):3830
                                                                            Entropy (8bit):3.5483353063347587
                                                                            Encrypted:false
                                                                            SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                            MD5:342335A22F1886B8BC92008597326B24
                                                                            SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                            SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                            SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\ne\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1898
                                                                            Entropy (8bit):4.187050294267571
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                            MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                            SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                            SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                            SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\nl\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):914
                                                                            Entropy (8bit):4.513485418448461
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                            MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                            SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                            SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                            SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\no\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):878
                                                                            Entropy (8bit):4.4541485835627475
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                            MD5:A1744B0F53CCF889955B95108367F9C8
                                                                            SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                            SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                            SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\pa\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2766
                                                                            Entropy (8bit):3.839730779948262
                                                                            Encrypted:false
                                                                            SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                            MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                            SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                            SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                            SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\pl\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):978
                                                                            Entropy (8bit):4.879137540019932
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                            MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                            SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                            SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                            SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):907
                                                                            Entropy (8bit):4.599411354657937
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                            MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                            SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                            SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                            SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):914
                                                                            Entropy (8bit):4.604761241355716
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                            MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                            SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                            SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                            SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\ro\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):937
                                                                            Entropy (8bit):4.686555713975264
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                            MD5:BED8332AB788098D276B448EC2B33351
                                                                            SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                            SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                            SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\ru\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1337
                                                                            Entropy (8bit):4.69531415794894
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                            MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                            SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                            SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                            SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\si\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2846
                                                                            Entropy (8bit):3.7416822879702547
                                                                            Encrypted:false
                                                                            SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                            MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                            SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                            SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                            SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\sk\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):934
                                                                            Entropy (8bit):4.882122893545996
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                            MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                            SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                            SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                            SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\sl\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):963
                                                                            Entropy (8bit):4.6041913416245
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                            MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                            SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                            SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                            SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\sr\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1320
                                                                            Entropy (8bit):4.569671329405572
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                            MD5:7F5F8933D2D078618496C67526A2B066
                                                                            SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                            SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                            SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\sv\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):884
                                                                            Entropy (8bit):4.627108704340797
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                            MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                            SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                            SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                            SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\sw\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):980
                                                                            Entropy (8bit):4.50673686618174
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                            MD5:D0579209686889E079D87C23817EDDD5
                                                                            SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                            SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                            SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\ta\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1941
                                                                            Entropy (8bit):4.132139619026436
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                            MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                            SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                            SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                            SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\te\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1969
                                                                            Entropy (8bit):4.327258153043599
                                                                            Encrypted:false
                                                                            SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                            MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                            SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                            SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                            SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\th\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1674
                                                                            Entropy (8bit):4.343724179386811
                                                                            Encrypted:false
                                                                            SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                            MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                            SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                            SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                            SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\tr\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1063
                                                                            Entropy (8bit):4.853399816115876
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                            MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                            SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                            SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                            SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\uk\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1333
                                                                            Entropy (8bit):4.686760246306605
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                            MD5:970963C25C2CEF16BB6F60952E103105
                                                                            SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                            SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                            SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\ur\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1263
                                                                            Entropy (8bit):4.861856182762435
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                            MD5:8B4DF6A9281333341C939C244DDB7648
                                                                            SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                            SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                            SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\vi\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1074
                                                                            Entropy (8bit):5.062722522759407
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                            MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                            SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                            SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                            SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):879
                                                                            Entropy (8bit):5.7905809868505544
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                            MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                            SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                            SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                            SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):1205
                                                                            Entropy (8bit):4.50367724745418
                                                                            Encrypted:false
                                                                            SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                            MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                            SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                            SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                            SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):843
                                                                            Entropy (8bit):5.76581227215314
                                                                            Encrypted:false
                                                                            SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                            MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                            SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                            SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                            SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                            Malicious:false
                                                                            Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_locales\zu\messages.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):912
                                                                            Entropy (8bit):4.65963951143349
                                                                            Encrypted:false
                                                                            SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                            MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                            SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                            SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                            SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                            Malicious:false
                                                                            Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\_metadata\verified_contents.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):11280
                                                                            Entropy (8bit):5.754230909218899
                                                                            Encrypted:false
                                                                            SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                                            MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                                            SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                                            SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                                            SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                                            Malicious:false
                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\dasherSettingSchema.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):854
                                                                            Entropy (8bit):4.284628987131403
                                                                            Encrypted:false
                                                                            SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                            MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                            SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                            SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                            SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                            Malicious:false
                                                                            Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\manifest.json

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):2525
                                                                            Entropy (8bit):5.417689528134667
                                                                            Encrypted:false
                                                                            SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                                            MD5:10FF8E5B674311683D27CE1879384954
                                                                            SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                                            SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                                            SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                                            Malicious:false
                                                                            Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\offscreendocument.html

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:HTML document, ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):97
                                                                            Entropy (8bit):4.862433271815736
                                                                            Encrypted:false
                                                                            SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                            MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                            SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                            SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                            SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                            Malicious:false
                                                                            Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\offscreendocument_main.js

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text, with very long lines (4369)
                                                                            Category:dropped
                                                                            Size (bytes):95567
                                                                            Entropy (8bit):5.4016395763198135
                                                                            Encrypted:false
                                                                            SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                                            MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                                            SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                                            SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                                            SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                                            Malicious:false
                                                                            Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\page_embed_script.js

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):291
                                                                            Entropy (8bit):4.65176400421739
                                                                            Encrypted:false
                                                                            SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                            MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                            SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                            SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                            SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                            Malicious:false
                                                                            Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir7360_912906870\CRX_INSTALL\service_worker_bin_prod.js

                                                                            Download File
                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            File Type:ASCII text, with very long lines (4369)
                                                                            Category:dropped
                                                                            Size (bytes):103988
                                                                            Entropy (8bit):5.389407461078688
                                                                            Encrypted:false
                                                                            SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                                            MD5:EA946F110850F17E637B15CF22B82837
                                                                            SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                                            SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                                            SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                                            Malicious:false
                                                                            Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                                                            C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                            Category:dropped
                                                                            Size (bytes):453023
                                                                            Entropy (8bit):7.997718157581587
                                                                            Encrypted:true
                                                                            SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                            MD5:85430BAED3398695717B0263807CF97C
                                                                            SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                            SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                            SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                            Malicious:false
                                                                            Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json (copy)

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):24
                                                                            Entropy (8bit):3.91829583405449
                                                                            Encrypted:false
                                                                            SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                            MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                            SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                            SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                            SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                            Malicious:false
                                                                            Preview:{"schema":6,"addons":[]}

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.tmp

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):24
                                                                            Entropy (8bit):3.91829583405449
                                                                            Encrypted:false
                                                                            SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                            MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                            SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                            SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                            SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                            Malicious:false
                                                                            Preview:{"schema":6,"addons":[]}

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4 (copy)

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                            Category:dropped
                                                                            Size (bytes):66
                                                                            Entropy (8bit):4.837595020998689
                                                                            Encrypted:false
                                                                            SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                            MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                            SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                            SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                            SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                            Malicious:false
                                                                            Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4.tmp

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                            Category:dropped
                                                                            Size (bytes):66
                                                                            Entropy (8bit):4.837595020998689
                                                                            Encrypted:false
                                                                            SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                            MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                            SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                            SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                            SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                            Malicious:false
                                                                            Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json (copy)

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):36830
                                                                            Entropy (8bit):5.1867463390487
                                                                            Encrypted:false
                                                                            SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                            MD5:98875950B62B398FFE70C0A8D0998017
                                                                            SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                            SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                            SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                            Malicious:false
                                                                            Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json.tmp

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):36830
                                                                            Entropy (8bit):5.1867463390487
                                                                            Encrypted:false
                                                                            SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                            MD5:98875950B62B398FFE70C0A8D0998017
                                                                            SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                            SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                            SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                            Malicious:false
                                                                            Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):1021904
                                                                            Entropy (8bit):6.648417932394748
                                                                            Encrypted:false
                                                                            SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                            MD5:FE3355639648C417E8307C6D051E3E37
                                                                            SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                            SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                            SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Joe Sandbox View:
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):1021904
                                                                            Entropy (8bit):6.648417932394748
                                                                            Encrypted:false
                                                                            SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                            MD5:FE3355639648C417E8307C6D051E3E37
                                                                            SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                            SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                            SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Joe Sandbox View:
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):116
                                                                            Entropy (8bit):4.968220104601006
                                                                            Encrypted:false
                                                                            SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                            MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                            SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                            SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                            SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                            Malicious:false
                                                                            Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):116
                                                                            Entropy (8bit):4.968220104601006
                                                                            Encrypted:false
                                                                            SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                            MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                            SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                            SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                            SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                            Malicious:false
                                                                            Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                            Category:modified
                                                                            Size (bytes):11225
                                                                            Entropy (8bit):5.5091680866537605
                                                                            Encrypted:false
                                                                            SSDEEP:192:2nPOeRnHYbBp6RJ0aX+X6SEXKnqkHWNBw8rFSl:8PegJUKqvHEwY0
                                                                            MD5:0D97ED95669FDA8000126292912253D7
                                                                            SHA1:B72E08D45FF9B5E6443E2F78BA5E2CF2E1007505
                                                                            SHA-256:22B3DF7F3495A61A1A70DF1A29179DBD0BC88F524745EF867C50DD53CFAD9975
                                                                            SHA-512:BFC00B6E838FF13619B58755C6DA149C1863F1BB534A94AF7F8126A256AC35388AEF3179B5BDA82EAB0BDCC68D7F3D7DF47F23BCD6C3EE3B442F680E042949BD
                                                                            Malicious:false
                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1724428991);..user_pref("app.update.lastUpdateTime.background-update-timer", 1724428991);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..u

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):11225
                                                                            Entropy (8bit):5.5091680866537605
                                                                            Encrypted:false
                                                                            SSDEEP:192:2nPOeRnHYbBp6RJ0aX+X6SEXKnqkHWNBw8rFSl:8PegJUKqvHEwY0
                                                                            MD5:0D97ED95669FDA8000126292912253D7
                                                                            SHA1:B72E08D45FF9B5E6443E2F78BA5E2CF2E1007505
                                                                            SHA-256:22B3DF7F3495A61A1A70DF1A29179DBD0BC88F524745EF867C50DD53CFAD9975
                                                                            SHA-512:BFC00B6E838FF13619B58755C6DA149C1863F1BB534A94AF7F8126A256AC35388AEF3179B5BDA82EAB0BDCC68D7F3D7DF47F23BCD6C3EE3B442F680E042949BD
                                                                            Malicious:false
                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1724428991);..user_pref("app.update.lastUpdateTime.background-update-timer", 1724428991);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..u

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):53
                                                                            Entropy (8bit):4.136624295551173
                                                                            Encrypted:false
                                                                            SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                            MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                            SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                            SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                            SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                            Malicious:false
                                                                            Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):53
                                                                            Entropy (8bit):4.136624295551173
                                                                            Encrypted:false
                                                                            SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                            MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                            SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                            SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                            SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                            Malicious:false
                                                                            Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                            Category:dropped
                                                                            Size (bytes):271
                                                                            Entropy (8bit):5.503746837922705
                                                                            Encrypted:false
                                                                            SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqC5mcfnK3SIgCKXdB26tV7NzdDdCQ:vLz2S+EWDDoWqC5mcPK343nF7d9
                                                                            MD5:0BBE31E686703F2F318DE8B25B776AD1
                                                                            SHA1:2861C8BB62308EA64757313770B27677CE6E0B58
                                                                            SHA-256:6A53743D22AF565F7BFBC8456A997562B5B5F61DEF63AC4C1A67FE2948C6F62F
                                                                            SHA-512:F3D473BB46D29AD51A230F30D86665CE16D2EEFF8E81314A0CACAB830B676EA2E64DECF4D48F016BE398D77E7182D2BD9E9D31B9450446F3EF7CF55A298ABA81
                                                                            Malicious:false
                                                                            Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2150633470}d..W..5":1j..........@":{"w...Update":1724428977399,"startTim...#56972,"recentCrashes":0},"global":{},"cookies":[]}

                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                            Download File
                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                            Category:dropped
                                                                            Size (bytes):271
                                                                            Entropy (8bit):5.503746837922705
                                                                            Encrypted:false
                                                                            SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqC5mcfnK3SIgCKXdB26tV7NzdDdCQ:vLz2S+EWDDoWqC5mcPK343nF7d9
                                                                            MD5:0BBE31E686703F2F318DE8B25B776AD1
                                                                            SHA1:2861C8BB62308EA64757313770B27677CE6E0B58
                                                                            SHA-256:6A53743D22AF565F7BFBC8456A997562B5B5F61DEF63AC4C1A67FE2948C6F62F
                                                                            SHA-512:F3D473BB46D29AD51A230F30D86665CE16D2EEFF8E81314A0CACAB830B676EA2E64DECF4D48F016BE398D77E7182D2BD9E9D31B9450446F3EF7CF55A298ABA81
                                                                            Malicious:false
                                                                            Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2150633470}d..W..5":1j..........@":{"w...Update":1724428977399,"startTim...#56972,"recentCrashes":0},"global":{},"cookies":[]}

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Entropy (8bit):6.579629138229998
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:file.exe
                                                                            File size:917'504 bytes
                                                                            MD5:5bcfae8097a09c47fc7fa3cadfeb39ae
                                                                            SHA1:229048e91ba78dbbade7a95f197ed8ffdf064b5a
                                                                            SHA256:6a4d5fa1f240b1ea51164de317aa376bbc1bbddeb57df23238413c5c21ca9db0
                                                                            SHA512:b03dc142de393137332c878ba3daa6d7821918deaeef2d36cff2fb4c1994522d5e728cce6b22e1b8b147a4c91134588b09cea3cfd720cda857f892be5bc57853
                                                                            SSDEEP:12288:UqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTd:UqDEvCTbMWu7rQYlBQcBiT6rprG8avd
                                                                            TLSH:47159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                            File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                            File Icon

                                                                            Icon Hash:aaf3e3e3938382a0

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x420577
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x66C893E7 [Fri Aug 23 13:51:35 2024 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:5
                                                                            OS Version Minor:1
                                                                            File Version Major:5
                                                                            File Version Minor:1
                                                                            Subsystem Version Major:5
                                                                            Subsystem Version Minor:1
                                                                            Import Hash:948cc502fe9226992dce9417f952fce3

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            call 00007F1B08CE8EA3h
                                                                            jmp 00007F1B08CE87AFh
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            push esi
                                                                            push dword ptr [ebp+08h]
                                                                            mov esi, ecx
                                                                            call 00007F1B08CE898Dh
                                                                            mov dword ptr [esi], 0049FDF0h
                                                                            mov eax, esi
                                                                            pop esi
                                                                            pop ebp
                                                                            retn 0004h
                                                                            and dword ptr [ecx+04h], 00000000h
                                                                            mov eax, ecx
                                                                            and dword ptr [ecx+08h], 00000000h
                                                                            mov dword ptr [ecx+04h], 0049FDF8h
                                                                            mov dword ptr [ecx], 0049FDF0h
                                                                            ret
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            push esi
                                                                            push dword ptr [ebp+08h]
                                                                            mov esi, ecx
                                                                            call 00007F1B08CE895Ah
                                                                            mov dword ptr [esi], 0049FE0Ch
                                                                            mov eax, esi
                                                                            pop esi
                                                                            pop ebp
                                                                            retn 0004h
                                                                            and dword ptr [ecx+04h], 00000000h
                                                                            mov eax, ecx
                                                                            and dword ptr [ecx+08h], 00000000h
                                                                            mov dword ptr [ecx+04h], 0049FE14h
                                                                            mov dword ptr [ecx], 0049FE0Ch
                                                                            ret
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            push esi
                                                                            mov esi, ecx
                                                                            lea eax, dword ptr [esi+04h]
                                                                            mov dword ptr [esi], 0049FDD0h
                                                                            and dword ptr [eax], 00000000h
                                                                            and dword ptr [eax+04h], 00000000h
                                                                            push eax
                                                                            mov eax, dword ptr [ebp+08h]
                                                                            add eax, 04h
                                                                            push eax
                                                                            call 00007F1B08CEB54Dh
                                                                            pop ecx
                                                                            pop ecx
                                                                            mov eax, esi
                                                                            pop esi
                                                                            pop ebp
                                                                            retn 0004h
                                                                            lea eax, dword ptr [ecx+04h]
                                                                            mov dword ptr [ecx], 0049FDD0h
                                                                            push eax
                                                                            call 00007F1B08CEB598h
                                                                            pop ecx
                                                                            ret
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            push esi
                                                                            mov esi, ecx
                                                                            lea eax, dword ptr [esi+04h]
                                                                            mov dword ptr [esi], 0049FDD0h
                                                                            push eax
                                                                            call 00007F1B08CEB581h
                                                                            test byte ptr [ebp+08h], 00000001h
                                                                            pop ecx

                                                                            Rich Headers

                                                                            Programming Language:
                                                                            • [ C ] VS2008 SP1 build 30729
                                                                            • [IMP] VS2008 SP1 build 30729

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rsrc0xd40000x95000x9600b9e75602841636b86b93b3c0054fa7b5False0.28106770833333333data5.161222990438493IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                            RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                            RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                            RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                            RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                            RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                            RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                            RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                            RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                            RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                            RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                            RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                            RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                            RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                            RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                            RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                            RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                            RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                            RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                            RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                                                            RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                                                            RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                                                            RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                                                            RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                                                            RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                                                            RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                            Imports

                                                                            DLLImport
                                                                            WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                            VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                            WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                            COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                            MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                            WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                            PSAPI.DLLGetProcessMemoryInfo
                                                                            IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                            USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                            UxTheme.dllIsThemeActive
                                                                            KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                            USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                            GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                            COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                            ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                            SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                            ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                            OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                            Possible Origin

                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            EnglishGreat Britain

                                                                            Network Behavior

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Aug 23, 2024 16:51:50.775115013 CEST49675443192.168.2.523.1.237.91
                                                                            Aug 23, 2024 16:51:50.775115013 CEST49674443192.168.2.523.1.237.91
                                                                            Aug 23, 2024 16:51:50.884649992 CEST49673443192.168.2.523.1.237.91
                                                                            Aug 23, 2024 16:51:56.794579983 CEST49707443192.168.2.594.245.104.56
                                                                            Aug 23, 2024 16:51:56.794586897 CEST4434970794.245.104.56192.168.2.5
                                                                            Aug 23, 2024 16:51:56.794656992 CEST49707443192.168.2.594.245.104.56
                                                                            Aug 23, 2024 16:51:56.831059933 CEST49707443192.168.2.594.245.104.56
                                                                            Aug 23, 2024 16:51:56.831069946 CEST4434970794.245.104.56192.168.2.5
                                                                            Aug 23, 2024 16:51:57.618654013 CEST4434970794.245.104.56192.168.2.5
                                                                            Aug 23, 2024 16:51:57.674078941 CEST49707443192.168.2.594.245.104.56
                                                                            Aug 23, 2024 16:51:57.674098015 CEST4434970794.245.104.56192.168.2.5
                                                                            Aug 23, 2024 16:51:57.675265074 CEST4434970794.245.104.56192.168.2.5
                                                                            Aug 23, 2024 16:51:57.675276995 CEST4434970794.245.104.56192.168.2.5
                                                                            Aug 23, 2024 16:51:57.675337076 CEST49707443192.168.2.594.245.104.56
                                                                            Aug 23, 2024 16:51:57.724286079 CEST49707443192.168.2.594.245.104.56
                                                                            Aug 23, 2024 16:51:57.724381924 CEST4434970794.245.104.56192.168.2.5
                                                                            Aug 23, 2024 16:51:57.729939938 CEST49707443192.168.2.594.245.104.56
                                                                            Aug 23, 2024 16:51:57.729945898 CEST4434970794.245.104.56192.168.2.5
                                                                            Aug 23, 2024 16:51:57.905927896 CEST4434970794.245.104.56192.168.2.5
                                                                            Aug 23, 2024 16:51:57.905996084 CEST49707443192.168.2.594.245.104.56
                                                                            Aug 23, 2024 16:51:58.500761032 CEST49707443192.168.2.594.245.104.56
                                                                            Aug 23, 2024 16:51:58.500768900 CEST4434970794.245.104.56192.168.2.5
                                                                            Aug 23, 2024 16:52:00.352057934 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:00.352092981 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:00.352401018 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:00.352710009 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:00.352719069 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:00.398634911 CEST49675443192.168.2.523.1.237.91
                                                                            Aug 23, 2024 16:52:00.445197105 CEST49674443192.168.2.523.1.237.91
                                                                            Aug 23, 2024 16:52:00.563050985 CEST49673443192.168.2.523.1.237.91
                                                                            Aug 23, 2024 16:52:01.080758095 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.081142902 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.081171036 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.081679106 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.081696033 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.081727982 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.081734896 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.081747055 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.081772089 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.082683086 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.083796978 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.083873987 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.083987951 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.083993912 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.230685949 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.342673063 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.342871904 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.342928886 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.342946053 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.346239090 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.346288919 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.346295118 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.352231026 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.352278948 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.352284908 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.358804941 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.358853102 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.358863115 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.365366936 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.365411997 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.365422964 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.371896982 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.371939898 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.371948004 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.378578901 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.378633022 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.378640890 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.385184050 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.385862112 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.385869026 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.429544926 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.429644108 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.429653883 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.431704044 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.431852102 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.431875944 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.438968897 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.439683914 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.439692974 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.445120096 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.445772886 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.445780039 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.451798916 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.452465057 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.452471972 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.459773064 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.460426092 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.460433006 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.464812994 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.465691090 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.465697050 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.470813990 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.470932007 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.470938921 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.477411032 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.477560997 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.477566957 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.483407021 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.483469963 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.483475924 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.489115000 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.489175081 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.489181042 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.494328022 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.494450092 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.494456053 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.500376940 CEST49733443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:01.500401974 CEST44349733162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:01.500463009 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.500566959 CEST49734443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:01.500577927 CEST44349734162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:01.500732899 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.500735044 CEST49733443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:01.500735044 CEST49734443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:01.500740051 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.501132965 CEST49733443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:01.501176119 CEST44349733162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:01.501262903 CEST49734443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:01.501271963 CEST44349734162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:01.505460024 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.505532026 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.505538940 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.508069992 CEST49735443192.168.2.5172.64.41.3
                                                                            Aug 23, 2024 16:52:01.508095026 CEST44349735172.64.41.3192.168.2.5
                                                                            Aug 23, 2024 16:52:01.508364916 CEST49735443192.168.2.5172.64.41.3
                                                                            Aug 23, 2024 16:52:01.508933067 CEST49735443192.168.2.5172.64.41.3
                                                                            Aug 23, 2024 16:52:01.508949041 CEST44349735172.64.41.3192.168.2.5
                                                                            Aug 23, 2024 16:52:01.511159897 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.511435032 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.511441946 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.516210079 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.516417980 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.516423941 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.521747112 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.522252083 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.522258997 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.525834084 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.527206898 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.527216911 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.529758930 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.529887915 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.529894114 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.533087015 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.533227921 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.533233881 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.536722898 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.537813902 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.537820101 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.540160894 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.543773890 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.543854952 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.544994116 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.545001984 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.547946930 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.550115108 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.550122023 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.552658081 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.554455996 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.554563999 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.557007074 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.557015896 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.557692051 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.559417963 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.559425116 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.561491013 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.564603090 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.564610004 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.564892054 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.565202951 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.565207958 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.568496943 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.569072962 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.569078922 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.571629047 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.571830034 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.571836948 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.574995041 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.577425003 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.577435017 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.578732014 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.579967022 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.579973936 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.582005024 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.582063913 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.582070112 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.585808039 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.585855961 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.585863113 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.589241028 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.591883898 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.591890097 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.592040062 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.592408895 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.592415094 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.595746994 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.595797062 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.595803022 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.598748922 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.598813057 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.598819017 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.601701021 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.602003098 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.602216005 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.602222919 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.602556944 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.605590105 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.608012915 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.608058929 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.608064890 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.608139038 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.608171940 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.608309031 CEST44349726142.250.184.193192.168.2.5
                                                                            Aug 23, 2024 16:52:01.609536886 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.609553099 CEST49726443192.168.2.5142.250.184.193
                                                                            Aug 23, 2024 16:52:01.656852007 CEST49737443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:01.656871080 CEST4434973713.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:01.657275915 CEST49737443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:01.657458067 CEST49737443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:01.657470942 CEST4434973713.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:01.970438004 CEST44349734162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:01.981472015 CEST44349733162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:01.995954037 CEST44349735172.64.41.3192.168.2.5
                                                                            Aug 23, 2024 16:52:01.998217106 CEST49733443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:01.998228073 CEST44349733162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:01.998272896 CEST49734443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:01.998279095 CEST44349734162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:01.999289989 CEST44349733162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:01.999347925 CEST44349734162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:02.005177021 CEST49733443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:02.005914927 CEST49734443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:02.006995916 CEST49735443192.168.2.5172.64.41.3
                                                                            Aug 23, 2024 16:52:02.007003069 CEST44349735172.64.41.3192.168.2.5
                                                                            Aug 23, 2024 16:52:02.008109093 CEST44349735172.64.41.3192.168.2.5
                                                                            Aug 23, 2024 16:52:02.008295059 CEST49734443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:02.008394957 CEST44349734162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:02.008493900 CEST49735443192.168.2.5172.64.41.3
                                                                            Aug 23, 2024 16:52:02.009496927 CEST49733443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:02.009565115 CEST44349733162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:02.011447906 CEST49735443192.168.2.5172.64.41.3
                                                                            Aug 23, 2024 16:52:02.011517048 CEST44349735172.64.41.3192.168.2.5
                                                                            Aug 23, 2024 16:52:02.011518002 CEST49734443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:02.011526108 CEST44349734162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:02.011758089 CEST49733443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:02.011765957 CEST44349733162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:02.011898994 CEST49735443192.168.2.5172.64.41.3
                                                                            Aug 23, 2024 16:52:02.052505016 CEST44349735172.64.41.3192.168.2.5
                                                                            Aug 23, 2024 16:52:02.113137007 CEST44349734162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:02.114837885 CEST49734443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:02.115012884 CEST49734443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:02.115031958 CEST44349734162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:02.123472929 CEST44349733162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:02.125736952 CEST49733443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:02.125869036 CEST49733443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:02.125874996 CEST44349733162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:02.140497923 CEST4434970323.1.237.91192.168.2.5
                                                                            Aug 23, 2024 16:52:02.141479015 CEST44349735172.64.41.3192.168.2.5
                                                                            Aug 23, 2024 16:52:02.148786068 CEST49703443192.168.2.523.1.237.91
                                                                            Aug 23, 2024 16:52:02.148900032 CEST49735443192.168.2.5172.64.41.3
                                                                            Aug 23, 2024 16:52:02.156027079 CEST49735443192.168.2.5172.64.41.3
                                                                            Aug 23, 2024 16:52:02.156034946 CEST44349735172.64.41.3192.168.2.5
                                                                            Aug 23, 2024 16:52:02.927917957 CEST49737443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:02.968501091 CEST4434973713.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:03.224942923 CEST4434973713.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:03.225053072 CEST4434973713.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:03.232997894 CEST49739443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.233030081 CEST44349739162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.233230114 CEST49740443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.233252048 CEST44349740162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.233303070 CEST49741443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.233315945 CEST44349741162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.233437061 CEST49742443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.233443975 CEST44349742162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.233623028 CEST49743443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.233630896 CEST44349743162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.233721018 CEST49744443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.233745098 CEST44349744162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.236495972 CEST4434973713.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:03.239638090 CEST49737443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:03.239653111 CEST49737443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:03.239706039 CEST49739443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.239741087 CEST49741443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.239746094 CEST49740443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.239881992 CEST49737443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:03.239896059 CEST49742443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.239917994 CEST49744443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.239921093 CEST49743443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.254507065 CEST49739443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.254538059 CEST44349739162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.254785061 CEST49740443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.254798889 CEST44349740162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.254837036 CEST49741443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.254856110 CEST44349741162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.254946947 CEST49742443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.254959106 CEST44349742162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.484903097 CEST49745443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:03.484924078 CEST44349745184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:03.485238075 CEST49743443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.485251904 CEST44349743162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.488962889 CEST49744443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.488982916 CEST44349744162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.489362001 CEST49745443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:03.527693987 CEST49745443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:03.527718067 CEST44349745184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:03.763442993 CEST49746443192.168.2.535.190.72.216
                                                                            Aug 23, 2024 16:52:03.763488054 CEST4434974635.190.72.216192.168.2.5
                                                                            Aug 23, 2024 16:52:03.764081001 CEST49746443192.168.2.535.190.72.216
                                                                            Aug 23, 2024 16:52:03.768800974 CEST49746443192.168.2.535.190.72.216
                                                                            Aug 23, 2024 16:52:03.768821001 CEST4434974635.190.72.216192.168.2.5
                                                                            Aug 23, 2024 16:52:03.915545940 CEST44349740162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.915795088 CEST49740443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.915805101 CEST44349740162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.916130066 CEST44349740162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.917129040 CEST49740443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.917237043 CEST44349740162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.917311907 CEST49740443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.925132036 CEST44349739162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.925324917 CEST49739443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.925348043 CEST44349739162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.925688028 CEST44349739162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.926654100 CEST49739443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.926729918 CEST44349739162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.926906109 CEST49739443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.927037954 CEST44349742162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.928008080 CEST49742443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.928015947 CEST44349742162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.929069996 CEST44349742162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.929584980 CEST49742443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.929923058 CEST49742443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.929985046 CEST44349742162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.930036068 CEST49742443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.934989929 CEST44349741162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.935724020 CEST49741443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.935730934 CEST44349741162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.936753035 CEST44349741162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.936963081 CEST49741443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.937213898 CEST49741443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.937269926 CEST44349741162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.943303108 CEST49739443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.943384886 CEST44349739162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.943738937 CEST44349739162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.943851948 CEST49740443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.943909883 CEST44349740162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.944066048 CEST44349740162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.944437027 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:03.944457054 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:03.944464922 CEST49742443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.944478035 CEST44349742162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.944686890 CEST44349742162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.945938110 CEST49739443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.945960999 CEST49739443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.945960045 CEST49740443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.946005106 CEST49742443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.946024895 CEST49742443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.946024895 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:03.946028948 CEST49740443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.946202040 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:03.946213961 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:03.946851015 CEST44349744162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.947253942 CEST49744443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.947273970 CEST44349744162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.948246002 CEST44349744162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.951200008 CEST49744443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.951822996 CEST49744443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.951878071 CEST44349744162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.959525108 CEST44349743162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.967150927 CEST49743443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.967159986 CEST44349743162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.968240976 CEST44349743162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.970618963 CEST49743443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.970979929 CEST49743443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.971046925 CEST44349743162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.055572033 CEST49741443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.055578947 CEST44349741162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.055613041 CEST49743443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.055624008 CEST44349743162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.101999998 CEST49744443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.102011919 CEST44349744162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.195895910 CEST44349745184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:04.196604967 CEST49745443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:04.207385063 CEST49745443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:04.207395077 CEST44349745184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:04.207672119 CEST44349745184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:04.249883890 CEST49741443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.249903917 CEST49743443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.251115084 CEST4434974635.190.72.216192.168.2.5
                                                                            Aug 23, 2024 16:52:04.252110004 CEST49745443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:04.252202034 CEST49746443192.168.2.535.190.72.216
                                                                            Aug 23, 2024 16:52:04.296514988 CEST44349745184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:04.298119068 CEST49744443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.466902018 CEST44349745184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:04.466967106 CEST44349745184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:04.467112064 CEST49745443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:04.467207909 CEST49745443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:04.467226028 CEST44349745184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:04.467236042 CEST49745443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:04.467242002 CEST44349745184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:04.509567976 CEST49749443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:04.509604931 CEST44349749184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:04.509680033 CEST49749443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:04.509928942 CEST49749443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:04.509941101 CEST44349749184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:04.563776970 CEST49746443192.168.2.535.190.72.216
                                                                            Aug 23, 2024 16:52:04.563815117 CEST4434974635.190.72.216192.168.2.5
                                                                            Aug 23, 2024 16:52:04.563976049 CEST49746443192.168.2.535.190.72.216
                                                                            Aug 23, 2024 16:52:04.564019918 CEST4434974635.190.72.216192.168.2.5
                                                                            Aug 23, 2024 16:52:04.564904928 CEST49746443192.168.2.535.190.72.216
                                                                            Aug 23, 2024 16:52:04.576162100 CEST4975080192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:04.581140041 CEST804975034.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:04.581298113 CEST4975080192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:04.581505060 CEST4975080192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:04.586344957 CEST804975034.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:04.608968973 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.611005068 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.611016035 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.612078905 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.612138033 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.613104105 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.613173962 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.613272905 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.656506062 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.694701910 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.694709063 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.732136011 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.732146025 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.732180119 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.732196093 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.732213020 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.741805077 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.741820097 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.741852999 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.742930889 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.760987043 CEST49751443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:04.761018991 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:04.761176109 CEST49751443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:04.761375904 CEST49751443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:04.761389017 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:04.807548046 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.807571888 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.807579041 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.807590961 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.807610035 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.807625055 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.807678938 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.807707071 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.807724953 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.807760000 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.823950052 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.823957920 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.823988914 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.824022055 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.824028969 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.824038029 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.824146032 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.824332952 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.831295967 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:04.831327915 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:04.832216978 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:04.832545996 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:04.832559109 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:04.900109053 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.900130033 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.900333881 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.900341988 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.900474072 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.901900053 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.901917934 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.901973009 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.901978970 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.902009010 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.902029037 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.927845001 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.927860975 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.928622007 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.928630114 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.928663969 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.928685904 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.990246058 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.990267992 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.990331888 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.990339041 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.990397930 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.991683960 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.991698027 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.992584944 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.992592096 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.992757082 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.993215084 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.993228912 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.993419886 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.993426085 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.993485928 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.994966030 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.994982004 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.995043993 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.995049953 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.995095968 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.996109009 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.996123075 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.996177912 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:04.996182919 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:04.996279001 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:05.018414974 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.018430948 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.018610954 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:05.018616915 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.018824100 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:05.019742966 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.019757032 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.019826889 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:05.019834042 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.019879103 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:05.055412054 CEST804975034.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:05.068671942 CEST4975380192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:05.073740005 CEST804975334.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:05.073811054 CEST4975380192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:05.073982954 CEST4975380192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:05.079103947 CEST804975334.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:05.081127882 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.081149101 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.081216097 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:05.081224918 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.081268072 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:05.082473993 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.082489967 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.082549095 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:05.082554102 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.082607031 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:05.085215092 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.085230112 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.085288048 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.085319042 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.085402966 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:05.085411072 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.085886002 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:05.085915089 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.085983992 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:05.086647034 CEST49748443192.168.2.513.107.246.60
                                                                            Aug 23, 2024 16:52:05.086658001 CEST4434974813.107.246.60192.168.2.5
                                                                            Aug 23, 2024 16:52:05.153532028 CEST44349749184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:05.154030085 CEST49749443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:05.155250072 CEST49749443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:05.155256033 CEST44349749184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:05.155478001 CEST44349749184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:05.156522036 CEST49749443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:05.200498104 CEST44349749184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:05.246846914 CEST4975080192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:05.323795080 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.324029922 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:05.324059963 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.324428082 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.324506044 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:05.325067043 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.325119019 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:05.326467991 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:05.326546907 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.326620102 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:05.368501902 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.371016026 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:05.371022940 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.430048943 CEST44349749184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:05.430113077 CEST44349749184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:05.430164099 CEST49749443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:05.430922031 CEST49749443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:05.430938005 CEST44349749184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:05.430947065 CEST49749443192.168.2.5184.28.90.27
                                                                            Aug 23, 2024 16:52:05.430953979 CEST44349749184.28.90.27192.168.2.5
                                                                            Aug 23, 2024 16:52:05.437401056 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.437786102 CEST49751443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:05.437794924 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.438122988 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.438512087 CEST49751443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:05.438572884 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.438745022 CEST49751443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:05.470124960 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.470184088 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.470217943 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.470298052 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.470320940 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.470727921 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:05.470735073 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.470750093 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.470954895 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:05.471152067 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.471271038 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:05.471771955 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.474965096 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.475775003 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:05.475822926 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.476335049 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:05.480504990 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.495820999 CEST49751443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:05.537072897 CEST804975334.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:05.545974016 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.546001911 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.546009064 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.546039104 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.546051979 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.546067953 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.554927111 CEST49751443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:05.554966927 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.558181047 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.558233976 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.558296919 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.558525085 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.558563948 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.558809042 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.558854103 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.559170961 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.559303999 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.559472084 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.560445070 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.570678949 CEST49751443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:05.570692062 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:05.585833073 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:05.590475082 CEST49752443192.168.2.5172.217.165.142
                                                                            Aug 23, 2024 16:52:05.590491056 CEST44349752172.217.165.142192.168.2.5
                                                                            Aug 23, 2024 16:52:05.600917101 CEST4975380192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:05.635859013 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.635878086 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.635907888 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.636029959 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.637749910 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.637763977 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.637784004 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.637816906 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.645996094 CEST49751443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:05.646015882 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.660821915 CEST49751443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:05.667570114 CEST49751443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:05.685225010 CEST49754443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:05.685273886 CEST44349754142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:05.685472012 CEST49755443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:05.685518026 CEST44349755142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:05.685709953 CEST49755443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:05.685714960 CEST49754443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:05.685975075 CEST49755443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:05.685992002 CEST44349755142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:05.686069965 CEST49754443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:05.686081886 CEST44349754142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:05.743699074 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.743731022 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.744128942 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.744214058 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:05.751524925 CEST49751443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:05.758989096 CEST49751443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:05.773659945 CEST49751443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:05.773684025 CEST4434975113.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:06.146322012 CEST44349754142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.146729946 CEST44349755142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.194909096 CEST49754443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.249123096 CEST49755443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.280263901 CEST49755443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.280287027 CEST44349755142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.280375004 CEST49754443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.280392885 CEST44349754142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.280786037 CEST44349755142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.280797958 CEST44349755142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.280898094 CEST44349754142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.281486034 CEST44349755142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.281604052 CEST44349754142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.288636923 CEST49755443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.288650036 CEST44349755142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.288675070 CEST49754443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.288683891 CEST44349754142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.291718006 CEST49754443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.291788101 CEST44349754142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.291846037 CEST49755443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.291919947 CEST44349755142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.292074919 CEST49754443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.292190075 CEST49755443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.332505941 CEST44349754142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.332505941 CEST44349755142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.389566898 CEST49754443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.389596939 CEST44349754142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.445300102 CEST49755443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.445318937 CEST44349755142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.464528084 CEST44349754142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.465723038 CEST44349755142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.466864109 CEST49754443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.466869116 CEST49755443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.466869116 CEST49755443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.467546940 CEST49754443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.467569113 CEST44349754142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.574264050 CEST49756443192.168.2.5142.251.40.228
                                                                            Aug 23, 2024 16:52:06.574304104 CEST44349756142.251.40.228192.168.2.5
                                                                            Aug 23, 2024 16:52:06.574407101 CEST49756443192.168.2.5142.251.40.228
                                                                            Aug 23, 2024 16:52:06.574589968 CEST49756443192.168.2.5142.251.40.228
                                                                            Aug 23, 2024 16:52:06.574609995 CEST44349756142.251.40.228192.168.2.5
                                                                            Aug 23, 2024 16:52:06.781853914 CEST49758443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.781888962 CEST44349758142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.782016993 CEST49759443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.782062054 CEST44349759142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.782191992 CEST49758443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.782434940 CEST49759443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.782434940 CEST49759443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.782470942 CEST44349759142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.782660007 CEST49758443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.782677889 CEST44349758142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.866020918 CEST49755443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.866051912 CEST44349755142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.206696987 CEST44349756142.251.40.228192.168.2.5
                                                                            Aug 23, 2024 16:52:07.206922054 CEST49756443192.168.2.5142.251.40.228
                                                                            Aug 23, 2024 16:52:07.206948042 CEST44349756142.251.40.228192.168.2.5
                                                                            Aug 23, 2024 16:52:07.207990885 CEST44349756142.251.40.228192.168.2.5
                                                                            Aug 23, 2024 16:52:07.208055019 CEST49756443192.168.2.5142.251.40.228
                                                                            Aug 23, 2024 16:52:07.208925009 CEST49756443192.168.2.5142.251.40.228
                                                                            Aug 23, 2024 16:52:07.208992004 CEST44349756142.251.40.228192.168.2.5
                                                                            Aug 23, 2024 16:52:07.209099054 CEST49756443192.168.2.5142.251.40.228
                                                                            Aug 23, 2024 16:52:07.255286932 CEST44349758142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.255536079 CEST49758443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.255557060 CEST44349758142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.256074905 CEST44349758142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.256145000 CEST49758443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.256504059 CEST44349756142.251.40.228192.168.2.5
                                                                            Aug 23, 2024 16:52:07.257194996 CEST44349758142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.257247925 CEST49758443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.257416964 CEST49758443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.257494926 CEST44349758142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.262737036 CEST44349759142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.262948036 CEST49759443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.262969971 CEST44349759142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.263348103 CEST44349759142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.263417006 CEST49759443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.264054060 CEST44349759142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.264115095 CEST49759443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.264228106 CEST49759443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.264293909 CEST44349759142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.307636976 CEST44349756142.251.40.228192.168.2.5
                                                                            Aug 23, 2024 16:52:07.307672977 CEST44349756142.251.40.228192.168.2.5
                                                                            Aug 23, 2024 16:52:07.307698011 CEST49756443192.168.2.5142.251.40.228
                                                                            Aug 23, 2024 16:52:07.307719946 CEST44349756142.251.40.228192.168.2.5
                                                                            Aug 23, 2024 16:52:07.307828903 CEST44349756142.251.40.228192.168.2.5
                                                                            Aug 23, 2024 16:52:07.308001041 CEST44349756142.251.40.228192.168.2.5
                                                                            Aug 23, 2024 16:52:07.308114052 CEST49756443192.168.2.5142.251.40.228
                                                                            Aug 23, 2024 16:52:07.309263945 CEST49756443192.168.2.5142.251.40.228
                                                                            Aug 23, 2024 16:52:07.309282064 CEST44349756142.251.40.228192.168.2.5
                                                                            Aug 23, 2024 16:52:07.344036102 CEST49758443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.344060898 CEST44349758142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.390928984 CEST49759443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.390955925 CEST44349759142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.400510073 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:07.400543928 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:07.400630951 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:07.400829077 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:07.400841951 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:07.448163986 CEST49758443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.491206884 CEST49759443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:08.059143066 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.059468985 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:08.059497118 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.059859037 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.060127020 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:08.060185909 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.060266972 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:08.100502014 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.107043982 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:08.180802107 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.180830956 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.180839062 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.180880070 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.180918932 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.180969954 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:08.180988073 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.181036949 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:08.264255047 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.264280081 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.264385939 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:08.264404058 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.264575005 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:08.266257048 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.266274929 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.266350031 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:08.266359091 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.266438007 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:08.351032019 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.351048946 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.351145983 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:08.351166964 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.351216078 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:08.352441072 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.352458000 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.352494955 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.352572918 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:08.352719069 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:08.352771997 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:08.353118896 CEST49760443192.168.2.513.107.246.40
                                                                            Aug 23, 2024 16:52:08.353132963 CEST4434976013.107.246.40192.168.2.5
                                                                            Aug 23, 2024 16:52:11.328294992 CEST49761443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:11.328337908 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:11.330060959 CEST49761443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:11.331073999 CEST49761443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:11.331084967 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:12.112698078 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:12.114917040 CEST49761443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:12.117041111 CEST49761443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:12.117053032 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:12.117314100 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:12.171972990 CEST49761443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:12.971339941 CEST49761443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:13.016494989 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:13.226979017 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:13.227004051 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:13.227010965 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:13.227050066 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:13.227075100 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:13.227083921 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:13.227185011 CEST49761443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:13.227210045 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:13.227355003 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:13.227739096 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:13.231899023 CEST49761443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:14.003079891 CEST49761443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:14.003108978 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:14.003122091 CEST49761443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:14.003128052 CEST4434976120.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:15.063268900 CEST4975080192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:15.071715117 CEST804975034.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:15.542584896 CEST4975380192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:15.548263073 CEST804975334.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:18.838526011 CEST44349741162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:18.838614941 CEST44349741162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:18.838735104 CEST49741443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:18.854794025 CEST44349744162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:18.854862928 CEST44349744162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:18.854960918 CEST49744443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:18.865674019 CEST44349743162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:18.865741968 CEST44349743162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:18.865911007 CEST49743443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:20.942931890 CEST49741443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:20.942965031 CEST44349741162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:20.942982912 CEST49744443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:20.943011045 CEST49743443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:20.943023920 CEST44349744162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:20.943028927 CEST44349743162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:21.048607111 CEST49768443192.168.2.5152.195.19.97
                                                                            Aug 23, 2024 16:52:21.048651934 CEST44349768152.195.19.97192.168.2.5
                                                                            Aug 23, 2024 16:52:21.048768997 CEST49768443192.168.2.5152.195.19.97
                                                                            Aug 23, 2024 16:52:21.048952103 CEST49768443192.168.2.5152.195.19.97
                                                                            Aug 23, 2024 16:52:21.048964024 CEST44349768152.195.19.97192.168.2.5
                                                                            Aug 23, 2024 16:52:21.609877110 CEST44349768152.195.19.97192.168.2.5
                                                                            Aug 23, 2024 16:52:21.610157013 CEST49768443192.168.2.5152.195.19.97
                                                                            Aug 23, 2024 16:52:21.610183001 CEST44349768152.195.19.97192.168.2.5
                                                                            Aug 23, 2024 16:52:21.611218929 CEST44349768152.195.19.97192.168.2.5
                                                                            Aug 23, 2024 16:52:21.611287117 CEST49768443192.168.2.5152.195.19.97
                                                                            Aug 23, 2024 16:52:21.612421036 CEST49768443192.168.2.5152.195.19.97
                                                                            Aug 23, 2024 16:52:21.612509966 CEST44349768152.195.19.97192.168.2.5
                                                                            Aug 23, 2024 16:52:21.612622976 CEST49768443192.168.2.5152.195.19.97
                                                                            Aug 23, 2024 16:52:21.659645081 CEST49768443192.168.2.5152.195.19.97
                                                                            Aug 23, 2024 16:52:21.659672022 CEST44349768152.195.19.97192.168.2.5
                                                                            Aug 23, 2024 16:52:21.712678909 CEST44349768152.195.19.97192.168.2.5
                                                                            Aug 23, 2024 16:52:21.712692976 CEST44349768152.195.19.97192.168.2.5
                                                                            Aug 23, 2024 16:52:21.712747097 CEST44349768152.195.19.97192.168.2.5
                                                                            Aug 23, 2024 16:52:21.712768078 CEST44349768152.195.19.97192.168.2.5
                                                                            Aug 23, 2024 16:52:21.712954998 CEST49768443192.168.2.5152.195.19.97
                                                                            Aug 23, 2024 16:52:21.713658094 CEST49768443192.168.2.5152.195.19.97
                                                                            Aug 23, 2024 16:52:21.713680029 CEST44349768152.195.19.97192.168.2.5
                                                                            Aug 23, 2024 16:52:22.055125952 CEST49770443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.055172920 CEST44349770162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.055510044 CEST49770443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.055651903 CEST49771443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.055691957 CEST44349771162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.055787086 CEST49770443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.055799007 CEST44349770162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.055839062 CEST49771443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.056051970 CEST49771443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.056065083 CEST44349771162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.514400005 CEST44349770162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.515863895 CEST49770443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.515886068 CEST44349770162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.516227961 CEST44349770162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.527266026 CEST49770443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.527465105 CEST49770443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.527501106 CEST44349770162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.537609100 CEST44349771162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.537914038 CEST49771443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.537936926 CEST44349771162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.538270950 CEST44349771162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.538552999 CEST49771443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.538618088 CEST44349771162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.584530115 CEST49771443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.584532022 CEST49770443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.650024891 CEST44349770162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.650103092 CEST44349770162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.650265932 CEST49770443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.650372028 CEST49770443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.650388956 CEST44349770162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:25.090153933 CEST4975080192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:25.095120907 CEST804975034.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:25.556926966 CEST4975380192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:25.562339067 CEST804975334.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:32.669533968 CEST49773443192.168.2.534.149.100.209
                                                                            Aug 23, 2024 16:52:32.669565916 CEST4434977334.149.100.209192.168.2.5
                                                                            Aug 23, 2024 16:52:32.669759035 CEST49773443192.168.2.534.149.100.209
                                                                            Aug 23, 2024 16:52:32.669908047 CEST49773443192.168.2.534.149.100.209
                                                                            Aug 23, 2024 16:52:32.669924021 CEST4434977334.149.100.209192.168.2.5
                                                                            Aug 23, 2024 16:52:32.671658993 CEST49774443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:32.671694040 CEST4434977435.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:32.671905994 CEST49774443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:32.672003031 CEST49774443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:32.672017097 CEST4434977435.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:32.695446014 CEST49775443192.168.2.535.190.72.216
                                                                            Aug 23, 2024 16:52:32.695457935 CEST4434977535.190.72.216192.168.2.5
                                                                            Aug 23, 2024 16:52:32.695679903 CEST49775443192.168.2.535.190.72.216
                                                                            Aug 23, 2024 16:52:32.697247982 CEST49775443192.168.2.535.190.72.216
                                                                            Aug 23, 2024 16:52:32.697259903 CEST4434977535.190.72.216192.168.2.5
                                                                            Aug 23, 2024 16:52:32.877620935 CEST49776443192.168.2.552.222.236.80
                                                                            Aug 23, 2024 16:52:32.877671957 CEST4434977652.222.236.80192.168.2.5
                                                                            Aug 23, 2024 16:52:32.877868891 CEST49776443192.168.2.552.222.236.80
                                                                            Aug 23, 2024 16:52:32.877973080 CEST49776443192.168.2.552.222.236.80
                                                                            Aug 23, 2024 16:52:32.877985001 CEST4434977652.222.236.80192.168.2.5
                                                                            Aug 23, 2024 16:52:33.150827885 CEST4434977334.149.100.209192.168.2.5
                                                                            Aug 23, 2024 16:52:33.151232004 CEST4434977435.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:33.151978016 CEST49773443192.168.2.534.149.100.209
                                                                            Aug 23, 2024 16:52:33.152067900 CEST49774443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:33.155311108 CEST49773443192.168.2.534.149.100.209
                                                                            Aug 23, 2024 16:52:33.155322075 CEST4434977334.149.100.209192.168.2.5
                                                                            Aug 23, 2024 16:52:33.155569077 CEST4434977334.149.100.209192.168.2.5
                                                                            Aug 23, 2024 16:52:33.158310890 CEST49774443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:33.158334970 CEST4434977435.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:33.158575058 CEST4434977435.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:33.158724070 CEST4434977535.190.72.216192.168.2.5
                                                                            Aug 23, 2024 16:52:33.158972025 CEST49775443192.168.2.535.190.72.216
                                                                            Aug 23, 2024 16:52:33.162621021 CEST49773443192.168.2.534.149.100.209
                                                                            Aug 23, 2024 16:52:33.162761927 CEST49773443192.168.2.534.149.100.209
                                                                            Aug 23, 2024 16:52:33.162781000 CEST4434977334.149.100.209192.168.2.5
                                                                            Aug 23, 2024 16:52:33.163165092 CEST49774443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:33.163213968 CEST49774443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:33.163315058 CEST4434977435.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:33.165088892 CEST49773443192.168.2.534.149.100.209
                                                                            Aug 23, 2024 16:52:33.165102959 CEST49774443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:33.185905933 CEST4975380192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:33.185966015 CEST4975080192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:33.191713095 CEST804975334.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:33.191907883 CEST804975034.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:33.193968058 CEST4975380192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:33.193994999 CEST4975080192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:33.194202900 CEST49775443192.168.2.535.190.72.216
                                                                            Aug 23, 2024 16:52:33.194217920 CEST4434977535.190.72.216192.168.2.5
                                                                            Aug 23, 2024 16:52:33.194282055 CEST49775443192.168.2.535.190.72.216
                                                                            Aug 23, 2024 16:52:33.194364071 CEST4434977535.190.72.216192.168.2.5
                                                                            Aug 23, 2024 16:52:33.197642088 CEST49775443192.168.2.535.190.72.216
                                                                            Aug 23, 2024 16:52:33.208655119 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:33.213604927 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:33.213665009 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:33.213833094 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:33.218878984 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:33.620794058 CEST4434977652.222.236.80192.168.2.5
                                                                            Aug 23, 2024 16:52:33.620965958 CEST49776443192.168.2.552.222.236.80
                                                                            Aug 23, 2024 16:52:33.624298096 CEST49776443192.168.2.552.222.236.80
                                                                            Aug 23, 2024 16:52:33.624315023 CEST4434977652.222.236.80192.168.2.5
                                                                            Aug 23, 2024 16:52:33.624620914 CEST4434977652.222.236.80192.168.2.5
                                                                            Aug 23, 2024 16:52:33.626734972 CEST49776443192.168.2.552.222.236.80
                                                                            Aug 23, 2024 16:52:33.626847029 CEST49776443192.168.2.552.222.236.80
                                                                            Aug 23, 2024 16:52:33.626897097 CEST4434977652.222.236.80192.168.2.5
                                                                            Aug 23, 2024 16:52:33.630062103 CEST49776443192.168.2.552.222.236.80
                                                                            Aug 23, 2024 16:52:33.636084080 CEST49778443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:33.636116982 CEST4434977835.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:33.636418104 CEST49778443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:33.636591911 CEST49778443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:33.636607885 CEST4434977835.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:33.645425081 CEST49780443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:33.645463943 CEST4434978035.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:33.645548105 CEST49780443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:33.645585060 CEST49779443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:33.645618916 CEST4434977935.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:33.645632029 CEST49780443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:33.645642996 CEST4434978035.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:33.645695925 CEST49779443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:33.645787001 CEST49779443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:33.645800114 CEST4434977935.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:33.738688946 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:33.749151945 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:33.754544973 CEST804978134.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:33.757083893 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:33.757231951 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:33.764514923 CEST804978134.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:33.790200949 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:34.147808075 CEST4434978035.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:34.147877932 CEST49780443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.148029089 CEST4434977935.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:34.148601055 CEST49779443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.151400089 CEST49780443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.151415110 CEST4434978035.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:34.151675940 CEST4434978035.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:34.153775930 CEST49779443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.153794050 CEST4434977935.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:34.154017925 CEST4434977935.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:34.158063889 CEST49780443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.158164024 CEST49780443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.158233881 CEST4434978035.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:34.159682989 CEST49779443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.159682989 CEST49779443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.159852028 CEST4434977935.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:34.163408995 CEST49780443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.163422108 CEST49779443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.166074991 CEST4434977835.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:34.166470051 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:34.171283007 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:34.171320915 CEST49778443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.172293901 CEST49778443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.172305107 CEST4434977835.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:34.172585011 CEST4434977835.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:34.175026894 CEST49778443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.175095081 CEST49778443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.175180912 CEST4434977835.244.181.201192.168.2.5
                                                                            Aug 23, 2024 16:52:34.179266930 CEST49778443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.179286957 CEST49778443192.168.2.535.244.181.201
                                                                            Aug 23, 2024 16:52:34.236356020 CEST804978134.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:34.269906998 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:34.274924040 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:34.279898882 CEST804978134.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:34.312797070 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:34.369651079 CEST804978134.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:34.416068077 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:37.446022034 CEST44349771162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:37.446212053 CEST44349771162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:37.446288109 CEST49771443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:44.272705078 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:44.277672052 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:44.372950077 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:44.378391027 CEST804978134.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:50.735455036 CEST49783443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:50.735496044 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:50.735590935 CEST49783443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:50.735917091 CEST49783443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:50.735930920 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.547135115 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.547298908 CEST49783443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:51.550806046 CEST49783443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:51.550817013 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.551022053 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.560949087 CEST49783443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:51.608501911 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.893157005 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.893179893 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.893193960 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.893275023 CEST49783443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:51.893285990 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.893729925 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.893769979 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.895520926 CEST49783443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:51.895528078 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.895603895 CEST49783443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:51.896514893 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.896559000 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.897181988 CEST49783443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:51.897202015 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.897212982 CEST49783443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:51.897218943 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:51.897685051 CEST49783443192.168.2.520.114.59.183
                                                                            Aug 23, 2024 16:52:51.897687912 CEST4434978320.114.59.183192.168.2.5
                                                                            Aug 23, 2024 16:52:52.352436066 CEST49758443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:52.352459908 CEST44349758142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:52.397711992 CEST49759443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:52.397746086 CEST44349759142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:54.282077074 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:54.286957026 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:54.382378101 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:52:54.388313055 CEST804978134.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:52:56.461241007 CEST49771443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:56.461276054 CEST44349771162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:53:03.294400930 CEST49785443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:03.294428110 CEST4434978534.120.208.123192.168.2.5
                                                                            Aug 23, 2024 16:53:03.294487953 CEST49785443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:03.294583082 CEST49785443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:03.294589996 CEST4434978534.120.208.123192.168.2.5
                                                                            Aug 23, 2024 16:53:03.608808994 CEST49786443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:03.608851910 CEST4434978634.120.208.123192.168.2.5
                                                                            Aug 23, 2024 16:53:03.608944893 CEST49786443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:03.609045029 CEST49786443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:03.609055996 CEST4434978634.120.208.123192.168.2.5
                                                                            Aug 23, 2024 16:53:03.754726887 CEST4434978534.120.208.123192.168.2.5
                                                                            Aug 23, 2024 16:53:03.754842997 CEST49785443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:03.758179903 CEST49785443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:03.758188009 CEST4434978534.120.208.123192.168.2.5
                                                                            Aug 23, 2024 16:53:03.758424044 CEST4434978534.120.208.123192.168.2.5
                                                                            Aug 23, 2024 16:53:03.760941029 CEST49785443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:03.761032104 CEST49785443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:03.761095047 CEST4434978534.120.208.123192.168.2.5
                                                                            Aug 23, 2024 16:53:03.761189938 CEST49785443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:03.845897913 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:03.851807117 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:03.954351902 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:04.002409935 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:04.073947906 CEST4434978634.120.208.123192.168.2.5
                                                                            Aug 23, 2024 16:53:04.074045897 CEST49786443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:04.076845884 CEST49786443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:04.076853991 CEST4434978634.120.208.123192.168.2.5
                                                                            Aug 23, 2024 16:53:04.077096939 CEST4434978634.120.208.123192.168.2.5
                                                                            Aug 23, 2024 16:53:04.079010963 CEST49786443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:04.079107046 CEST49786443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:04.079161882 CEST4434978634.120.208.123192.168.2.5
                                                                            Aug 23, 2024 16:53:04.079222918 CEST49786443192.168.2.534.120.208.123
                                                                            Aug 23, 2024 16:53:04.218138933 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:04.223072052 CEST804978134.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:04.245309114 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:04.250471115 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:04.312402964 CEST804978134.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:04.346616983 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:04.358432055 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:04.397078037 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:04.490492105 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:04.495352983 CEST804978134.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:04.585160017 CEST804978134.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:04.632330894 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:14.359524012 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:14.364963055 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:14.589173079 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:14.594002962 CEST804978134.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:24.370317936 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:24.518601894 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:24.607357979 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:24.612411976 CEST804978134.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:34.535794020 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:34.540813923 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:34.620465040 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:34.625514984 CEST804978134.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:37.360405922 CEST49758443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:53:37.360424042 CEST44349758142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:53:37.413914919 CEST49759443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:53:37.413974047 CEST44349759142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:53:44.540935040 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:44.546040058 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:44.632920980 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:44.639902115 CEST804978134.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:54.557885885 CEST4977780192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:54.562671900 CEST804977734.107.221.82192.168.2.5
                                                                            Aug 23, 2024 16:53:54.642544031 CEST4978180192.168.2.534.107.221.82
                                                                            Aug 23, 2024 16:53:54.647399902 CEST804978134.107.221.82192.168.2.5

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Aug 23, 2024 16:51:56.637790918 CEST53523021.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:51:57.832642078 CEST5830853192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:51:57.833055973 CEST4958653192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:51:59.798131943 CEST53503051.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:00.118465900 CEST53589851.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:00.343029022 CEST5779953192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:00.343029976 CEST6282253192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:00.349783897 CEST53577991.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:00.350898027 CEST53628221.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:01.490533113 CEST6479553192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:01.490662098 CEST5252153192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:01.491455078 CEST4933553192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:01.491703033 CEST5896153192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:01.498867989 CEST5249853192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:01.499105930 CEST53589611.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:01.499145985 CEST53525211.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:01.499203920 CEST6225153192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:01.499835968 CEST53493351.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:01.499922991 CEST53647951.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:01.506804943 CEST53622511.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:01.507114887 CEST53524981.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:02.930669069 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.232511997 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.764381886 CEST6320453192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:03.772826910 CEST53632041.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:03.774830103 CEST5689253192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:03.782324076 CEST53568921.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:03.836756945 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.931471109 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.931787968 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.932243109 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.932455063 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.932661057 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.932800055 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.934854031 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.936554909 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.941082001 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:03.947335958 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.963578939 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:03.967226982 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.036108971 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.036367893 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.036905050 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.037251949 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.040054083 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.041625977 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.041693926 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.042298079 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.043451071 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.046314001 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.050390005 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.054379940 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.054471016 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.102302074 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.102313995 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.102335930 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.102345943 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.103151083 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.104077101 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.105139017 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.105319023 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.105331898 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.105437040 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.105556965 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.105566025 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.105654955 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.105760098 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.105835915 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.105849981 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.141731024 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.182096958 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.548703909 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.553335905 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.555145979 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.555274010 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.555393934 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.556124926 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.556639910 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.556658030 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.556678057 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.556704044 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.556723118 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.556736946 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.556782007 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.556792021 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.568149090 CEST5301853192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:04.576575994 CEST5997453192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:04.584567070 CEST53599741.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:04.586452961 CEST6330953192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:04.594032049 CEST53633091.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:04.651233912 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.651302099 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.651310921 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.651319027 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.651879072 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.652935028 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.653405905 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.655288935 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.655338049 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.655457973 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.655766010 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.655841112 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.656469107 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.656599998 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.658271074 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.660689116 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.660854101 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.664108992 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.666347980 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.666595936 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.669089079 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.669100046 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.669807911 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.669950962 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.673199892 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.673222065 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.673937082 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.678128004 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.678168058 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.679419994 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.680370092 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.680627108 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.705326080 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.705605984 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.705893040 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:04.706073999 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.706284046 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.731760979 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.731868982 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.736397982 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.742661953 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.756366014 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.759166956 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.760426044 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.760629892 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.766586065 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.775353909 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.804601908 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:04.826129913 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.827867985 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.828069925 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.828881025 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.828910112 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.830761909 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.830849886 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.831671000 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.833174944 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.836853027 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.837049961 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:04.837646008 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:04.838943958 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:04.839174032 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:04.848551035 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.848563910 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.848644018 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.848653078 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:04.849210024 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:05.056499004 CEST6154453192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:05.059711933 CEST6414153192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:05.060934067 CEST5762653192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:05.063329935 CEST53615441.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:05.067074060 CEST53641411.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:05.313832998 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.314404964 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.314416885 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.314428091 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.314515114 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.314703941 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:05.315284967 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:05.315486908 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:05.420063019 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.420083046 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.420383930 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:05.420634985 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.449095964 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:05.471553087 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.471646070 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.471731901 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.475150108 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.476835966 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:05.476938009 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:05.477096081 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:05.477340937 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.515810966 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:05.523253918 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:05.525072098 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:05.576634884 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:05.576939106 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:05.580851078 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.620162010 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:05.621057987 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:05.621104956 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:05.621191978 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:05.633799076 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:05.633861065 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:05.674751997 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:05.679385900 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:05.680223942 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:05.680321932 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:05.684447050 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:05.752919912 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:05.778378010 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.840780973 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:05.940903902 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:05.970892906 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:06.124353886 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:06.280033112 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:06.280107021 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:06.326237917 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:06.326276064 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:06.335158110 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:06.421495914 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:06.424643993 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:06.424685955 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:06.428834915 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:06.462954998 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:06.463082075 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:06.463093996 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:06.467957973 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:06.468044996 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:06.468146086 CEST61162443192.168.2.5142.250.80.99
                                                                            Aug 23, 2024 16:52:06.469934940 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.470094919 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:06.472229004 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:06.472326994 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:06.554522991 CEST44361162142.250.80.99192.168.2.5
                                                                            Aug 23, 2024 16:52:06.572180986 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:06.573175907 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:06.573669910 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:06.573862076 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:06.574018955 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:06.622867107 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:06.622966051 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:06.736639977 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:06.736656904 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:06.736668110 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:06.737482071 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:06.781526089 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.923270941 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.923293114 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.923768044 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.926961899 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.927038908 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.927050114 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.927174091 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:06.927432060 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.927855015 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.929198980 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.929349899 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.929765940 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.929785013 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:06.943285942 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.047007084 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:07.198748112 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.198862076 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.198873043 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.199100971 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.199177027 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.199188948 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.199263096 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.199275017 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.200079918 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.200212955 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.200324059 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.200489044 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.243880987 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.280544996 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.280770063 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:07.298772097 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:07.324575901 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:07.359730959 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:07.371361017 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:07.372060061 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:07.372159004 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:07.372268915 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:07.373631954 CEST65512443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:52:07.501749039 CEST44365512172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:52:14.035006046 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:14.035063982 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:14.131112099 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:14.170913935 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:14.239984035 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:14.240492105 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:14.242160082 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:14.278419018 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:14.361191988 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:20.943613052 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:20.943746090 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:21.044190884 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:21.047343016 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:21.047421932 CEST44358289162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:21.048047066 CEST58289443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.054233074 CEST55430443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.366473913 CEST55430443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.518274069 CEST44355430162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.518321037 CEST44355430162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.520087004 CEST44355430162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.520308018 CEST44355430162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.520342112 CEST44355430162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.520376921 CEST44355430162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.526863098 CEST55430443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.528342009 CEST55430443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.528436899 CEST55430443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.528697014 CEST55430443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.624804974 CEST44355430162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.624855042 CEST44355430162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.624882936 CEST44355430162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.624914885 CEST44355430162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.624943972 CEST44355430162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.625376940 CEST55430443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.625458002 CEST55430443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.650857925 CEST55430443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:22.748109102 CEST44355430162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:52:22.785377026 CEST55430443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:52:32.661093950 CEST6282653192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:32.668615103 CEST53628261.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:32.669639111 CEST5653453192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:32.671854973 CEST5275953192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:32.677511930 CEST53565341.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:32.678071022 CEST5616553192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:32.679042101 CEST53527591.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:32.679500103 CEST5093553192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:32.686530113 CEST53561651.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:32.686634064 CEST53509351.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:32.866210938 CEST5125253192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:32.874162912 CEST53512521.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:32.878331900 CEST4986553192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:32.886349916 CEST53498651.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:32.886957884 CEST6236153192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:52:32.895723104 CEST53623611.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:52:36.335674047 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:36.457798004 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:36.502178907 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:36.512684107 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:36.512949944 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:36.514430046 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:52:36.549032927 CEST55393443192.168.2.5142.250.65.174
                                                                            Aug 23, 2024 16:52:36.636370897 CEST44355393142.250.65.174192.168.2.5
                                                                            Aug 23, 2024 16:53:00.857705116 CEST49661443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:53:00.857836008 CEST49661443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:53:00.858102083 CEST49661443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:53:00.858211994 CEST49661443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:53:01.313049078 CEST44349661162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:53:01.313646078 CEST49661443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:53:01.349481106 CEST49661443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:53:01.412534952 CEST44349661162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:53:01.412548065 CEST44349661162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:53:01.412556887 CEST44349661162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:53:01.412566900 CEST44349661162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:53:01.413028002 CEST49661443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:53:01.413100004 CEST49661443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:53:01.508810043 CEST44349661162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:53:01.509387970 CEST49661443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:53:01.608870029 CEST44349661162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:53:01.608897924 CEST44349661162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:53:01.609673977 CEST44349661162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:53:01.656049967 CEST49661443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:53:01.657502890 CEST58449443192.168.2.523.57.90.146
                                                                            Aug 23, 2024 16:53:01.972815037 CEST58449443192.168.2.523.57.90.146
                                                                            Aug 23, 2024 16:53:02.123650074 CEST4435844923.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:53:02.124469995 CEST4435844923.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:53:02.124571085 CEST4435844923.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:53:02.124583006 CEST4435844923.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:53:02.124876976 CEST4435844923.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:53:02.125050068 CEST58449443192.168.2.523.57.90.146
                                                                            Aug 23, 2024 16:53:02.127234936 CEST58449443192.168.2.523.57.90.146
                                                                            Aug 23, 2024 16:53:02.127517939 CEST58449443192.168.2.523.57.90.146
                                                                            Aug 23, 2024 16:53:02.127620935 CEST58449443192.168.2.523.57.90.146
                                                                            Aug 23, 2024 16:53:02.273804903 CEST4435844923.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:53:02.273821115 CEST4435844923.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:53:02.273907900 CEST4435844923.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:53:02.273919106 CEST4435844923.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:53:02.273926973 CEST4435844923.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:53:02.276629925 CEST58449443192.168.2.523.57.90.146
                                                                            Aug 23, 2024 16:53:02.276725054 CEST58449443192.168.2.523.57.90.146
                                                                            Aug 23, 2024 16:53:02.380479097 CEST4435844923.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:53:03.294615984 CEST5127653192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:53:03.301475048 CEST53512761.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:53:03.301991940 CEST5933253192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:53:03.309674978 CEST53593321.1.1.1192.168.2.5
                                                                            Aug 23, 2024 16:53:03.846972942 CEST5991953192.168.2.51.1.1.1
                                                                            Aug 23, 2024 16:53:04.037879944 CEST54142443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:53:04.038094997 CEST54142443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:53:04.038496971 CEST54142443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:53:04.495831013 CEST44354142172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:53:04.495871067 CEST44354142172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:53:04.495882988 CEST44354142172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:53:04.495891094 CEST44354142172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:53:04.496437073 CEST54142443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:53:04.496515036 CEST54142443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:53:04.496737957 CEST44354142172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:53:04.496865034 CEST54142443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:53:04.541603088 CEST44354142172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:53:04.541702986 CEST44354142172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:53:04.541712999 CEST44354142172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:53:04.542186022 CEST54142443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:53:04.579226017 CEST54142443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:53:04.598320007 CEST44354142172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:53:04.632622004 CEST54142443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:53:04.644076109 CEST44354142172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:53:06.385984898 CEST49661443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:53:06.386100054 CEST49661443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:53:06.483181000 CEST44349661162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:53:06.484561920 CEST44349661162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:53:06.485074997 CEST44349661162.159.61.3192.168.2.5
                                                                            Aug 23, 2024 16:53:06.485415936 CEST49661443192.168.2.5162.159.61.3
                                                                            Aug 23, 2024 16:53:07.049082041 CEST54142443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:53:07.184468985 CEST44354142172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:53:07.222696066 CEST44354142172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:53:07.222709894 CEST44354142172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:53:07.222722054 CEST44354142172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:53:07.223017931 CEST54142443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:53:07.223186970 CEST54142443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:53:07.255357027 CEST54142443192.168.2.5172.253.62.84
                                                                            Aug 23, 2024 16:53:07.351942062 CEST44354142172.253.62.84192.168.2.5
                                                                            Aug 23, 2024 16:53:22.283849955 CEST4435844923.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:53:22.318929911 CEST58449443192.168.2.523.57.90.146
                                                                            Aug 23, 2024 16:53:22.865628958 CEST4435844923.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:53:22.901492119 CEST58449443192.168.2.523.57.90.146
                                                                            Aug 23, 2024 16:53:32.235877037 CEST4435844923.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:54:00.915560961 CEST56922443192.168.2.523.57.90.146
                                                                            Aug 23, 2024 16:54:01.379878044 CEST4435692223.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:54:01.379908085 CEST4435692223.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:54:01.380841970 CEST56922443192.168.2.523.57.90.146
                                                                            Aug 23, 2024 16:54:01.485385895 CEST4435692223.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:54:01.485403061 CEST4435692223.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:54:01.485441923 CEST4435692223.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:54:01.485590935 CEST4435692223.57.90.146192.168.2.5
                                                                            Aug 23, 2024 16:54:01.490730047 CEST56922443192.168.2.523.57.90.146
                                                                            Aug 23, 2024 16:54:01.521634102 CEST56922443192.168.2.523.57.90.146
                                                                            Aug 23, 2024 16:54:01.587409973 CEST4435692223.57.90.146192.168.2.5

                                                                            ICMP Packets

                                                                            TimestampSource IPDest IPChecksumCodeType
                                                                            Aug 23, 2024 16:52:03.456048012 CEST192.168.2.51.1.1.1c354(Port unreachable)Destination Unreachable

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Aug 23, 2024 16:51:57.832642078 CEST192.168.2.51.1.1.10xc41aStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:51:57.833055973 CEST192.168.2.51.1.1.10xbadcStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                            Aug 23, 2024 16:52:00.343029022 CEST192.168.2.51.1.1.10x789cStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:00.343029976 CEST192.168.2.51.1.1.10x63a7Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.490533113 CEST192.168.2.51.1.1.10xb6f5Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.490662098 CEST192.168.2.51.1.1.10xf4f6Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.491455078 CEST192.168.2.51.1.1.10x925fStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.491703033 CEST192.168.2.51.1.1.10x2a21Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.498867989 CEST192.168.2.51.1.1.10x4335Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.499203920 CEST192.168.2.51.1.1.10x1166Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                            Aug 23, 2024 16:52:03.764381886 CEST192.168.2.51.1.1.10x4f6cStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:03.774830103 CEST192.168.2.51.1.1.10x26e7Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                            Aug 23, 2024 16:52:04.568149090 CEST192.168.2.51.1.1.10xb2abStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:04.576575994 CEST192.168.2.51.1.1.10x875bStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:04.586452961 CEST192.168.2.51.1.1.10x23eeStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                            Aug 23, 2024 16:52:05.056499004 CEST192.168.2.51.1.1.10x9727Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:05.059711933 CEST192.168.2.51.1.1.10xd2afStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:05.060934067 CEST192.168.2.51.1.1.10x6f88Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.661093950 CEST192.168.2.51.1.1.10xe3cfStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.669639111 CEST192.168.2.51.1.1.10x33deStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.671854973 CEST192.168.2.51.1.1.10x426aStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.678071022 CEST192.168.2.51.1.1.10xad08Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.679500103 CEST192.168.2.51.1.1.10x77e2Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.866210938 CEST192.168.2.51.1.1.10x3448Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.878331900 CEST192.168.2.51.1.1.10x55cfStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.886957884 CEST192.168.2.51.1.1.10xbc74Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                            Aug 23, 2024 16:53:03.294615984 CEST192.168.2.51.1.1.10x9837Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:53:03.301991940 CEST192.168.2.51.1.1.10xec39Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                            Aug 23, 2024 16:53:03.846972942 CEST192.168.2.51.1.1.10xfe0eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Aug 23, 2024 16:51:56.655739069 CEST1.1.1.1192.168.2.50xd039No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:51:56.656788111 CEST1.1.1.1192.168.2.50xfaa5No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:51:56.656788111 CEST1.1.1.1192.168.2.50xfaa5No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:51:57.840547085 CEST1.1.1.1192.168.2.50xbadcNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:51:57.841003895 CEST1.1.1.1192.168.2.50xc41aNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:00.349783897 CEST1.1.1.1192.168.2.50x789cNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:00.349783897 CEST1.1.1.1192.168.2.50x789cNo error (0)googlehosted.l.googleusercontent.com142.250.184.193A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:00.350898027 CEST1.1.1.1192.168.2.50x63a7No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.499105930 CEST1.1.1.1192.168.2.50x2a21No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.499145985 CEST1.1.1.1192.168.2.50xf4f6No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.499835968 CEST1.1.1.1192.168.2.50x925fNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.499835968 CEST1.1.1.1192.168.2.50x925fNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.499922991 CEST1.1.1.1192.168.2.50xb6f5No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.499922991 CEST1.1.1.1192.168.2.50xb6f5No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.506804943 CEST1.1.1.1192.168.2.50x1166No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.507114887 CEST1.1.1.1192.168.2.50x4335No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.507114887 CEST1.1.1.1192.168.2.50x4335No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.656261921 CEST1.1.1.1192.168.2.50x8231No error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.656261921 CEST1.1.1.1192.168.2.50x8231No error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.656805038 CEST1.1.1.1192.168.2.50xa637No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.656805038 CEST1.1.1.1192.168.2.50xa637No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:01.657291889 CEST1.1.1.1192.168.2.50x6ea5No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:03.448438883 CEST1.1.1.1192.168.2.50x8bceNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:03.448451996 CEST1.1.1.1192.168.2.50x7cbNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:03.448451996 CEST1.1.1.1192.168.2.50x7cbNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:03.448468924 CEST1.1.1.1192.168.2.50x1573No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:03.544311047 CEST1.1.1.1192.168.2.50x8bceNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:03.772826910 CEST1.1.1.1192.168.2.50x4f6cNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:03.950515032 CEST1.1.1.1192.168.2.50xce74No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:03.950515032 CEST1.1.1.1192.168.2.50xce74No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:03.952075005 CEST1.1.1.1192.168.2.50x779dNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:04.575453997 CEST1.1.1.1192.168.2.50xb2abNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:04.575453997 CEST1.1.1.1192.168.2.50xb2abNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:04.584567070 CEST1.1.1.1192.168.2.50x875bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:04.594032049 CEST1.1.1.1192.168.2.50x23eeNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                            Aug 23, 2024 16:52:04.970582008 CEST1.1.1.1192.168.2.50x9744No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:04.970582008 CEST1.1.1.1192.168.2.50x9744No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:04.972748041 CEST1.1.1.1192.168.2.50xa323No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:05.063329935 CEST1.1.1.1192.168.2.50x9727No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:05.067074060 CEST1.1.1.1192.168.2.50xd2afNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:05.067074060 CEST1.1.1.1192.168.2.50xd2afNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:05.068011999 CEST1.1.1.1192.168.2.50x6f88No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:05.068011999 CEST1.1.1.1192.168.2.50x6f88No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:07.203888893 CEST1.1.1.1192.168.2.50xcf8aNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:07.203888893 CEST1.1.1.1192.168.2.50xcf8aNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:07.999975920 CEST1.1.1.1192.168.2.50xcf8aNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:07.999975920 CEST1.1.1.1192.168.2.50xcf8aNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:09.015455961 CEST1.1.1.1192.168.2.50xcf8aNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:09.015455961 CEST1.1.1.1192.168.2.50xcf8aNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:11.022301912 CEST1.1.1.1192.168.2.50xcf8aNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:11.022301912 CEST1.1.1.1192.168.2.50xcf8aNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:15.034275055 CEST1.1.1.1192.168.2.50xcf8aNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:15.034275055 CEST1.1.1.1192.168.2.50xcf8aNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.668615103 CEST1.1.1.1192.168.2.50xe3cfNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.668615103 CEST1.1.1.1192.168.2.50xe3cfNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.670938969 CEST1.1.1.1192.168.2.50x7ba2No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.670938969 CEST1.1.1.1192.168.2.50x7ba2No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.677511930 CEST1.1.1.1192.168.2.50x33deNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.679042101 CEST1.1.1.1192.168.2.50x426aNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.874162912 CEST1.1.1.1192.168.2.50x3448No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.874162912 CEST1.1.1.1192.168.2.50x3448No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.874162912 CEST1.1.1.1192.168.2.50x3448No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.874162912 CEST1.1.1.1192.168.2.50x3448No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.886349916 CEST1.1.1.1192.168.2.50x55cfNo error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.886349916 CEST1.1.1.1192.168.2.50x55cfNo error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.886349916 CEST1.1.1.1192.168.2.50x55cfNo error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:32.886349916 CEST1.1.1.1192.168.2.50x55cfNo error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:33.644556046 CEST1.1.1.1192.168.2.50xbaceNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:33.644556046 CEST1.1.1.1192.168.2.50xbaceNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:34.193165064 CEST1.1.1.1192.168.2.50x9489No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:52:34.193165064 CEST1.1.1.1192.168.2.50x9489No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:53:03.293590069 CEST1.1.1.1192.168.2.50x9269No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:53:03.301475048 CEST1.1.1.1192.168.2.50x9837No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:53:03.527878046 CEST1.1.1.1192.168.2.50x1536No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                            Aug 23, 2024 16:53:03.854959965 CEST1.1.1.1192.168.2.50xfe0eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                            Aug 23, 2024 16:53:03.854959965 CEST1.1.1.1192.168.2.50xfe0eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • api.edgeoffer.microsoft.com
                                                                            • clients2.googleusercontent.com
                                                                            • chrome.cloudflare-dns.com
                                                                            • edgeassetservice.azureedge.net
                                                                            • fs.microsoft.com
                                                                            • https:
                                                                              • accounts.youtube.com
                                                                              • www.google.com
                                                                            • slscr.update.microsoft.com
                                                                            • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                            • detectportal.firefox.com

                                                                            HTTP Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.54975034.107.221.82805772C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Aug 23, 2024 16:52:04.581505060 CEST303OUTGET /canonical.html HTTP/1.1
                                                                            Host: detectportal.firefox.com
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                            Accept: */*
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            Connection: keep-alive
                                                                            Aug 23, 2024 16:52:05.055412054 CEST298INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Content-Length: 90
                                                                            Via: 1.1 google
                                                                            Date: Thu, 22 Aug 2024 17:32:11 GMT
                                                                            Age: 76794
                                                                            Content-Type: text/html
                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                            Aug 23, 2024 16:52:15.063268900 CEST6OUTData Raw: 00
                                                                            Data Ascii:
                                                                            Aug 23, 2024 16:52:25.090153933 CEST6OUTData Raw: 00
                                                                            Data Ascii:


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.54975334.107.221.82805772C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Aug 23, 2024 16:52:05.073982954 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                            Host: detectportal.firefox.com
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                            Accept: */*
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate
                                                                            Connection: keep-alive
                                                                            Pragma: no-cache
                                                                            Cache-Control: no-cache
                                                                            Aug 23, 2024 16:52:05.537072897 CEST216INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Content-Length: 8
                                                                            Via: 1.1 google
                                                                            Date: Thu, 22 Aug 2024 20:26:48 GMT
                                                                            Age: 66317
                                                                            Content-Type: text/plain
                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                            Data Ascii: success
                                                                            Aug 23, 2024 16:52:15.542584896 CEST6OUTData Raw: 00
                                                                            Data Ascii:
                                                                            Aug 23, 2024 16:52:25.556926966 CEST6OUTData Raw: 00
                                                                            Data Ascii:


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.54977734.107.221.82805772C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Aug 23, 2024 16:52:33.213833094 CEST303OUTGET /canonical.html HTTP/1.1
                                                                            Host: detectportal.firefox.com
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                            Accept: */*
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            Connection: keep-alive
                                                                            Aug 23, 2024 16:52:33.738688946 CEST298INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Content-Length: 90
                                                                            Via: 1.1 google
                                                                            Date: Thu, 22 Aug 2024 16:11:10 GMT
                                                                            Age: 81683
                                                                            Content-Type: text/html
                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                            Aug 23, 2024 16:52:34.166470051 CEST303OUTGET /canonical.html HTTP/1.1
                                                                            Host: detectportal.firefox.com
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                            Accept: */*
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            Connection: keep-alive
                                                                            Aug 23, 2024 16:52:34.269906998 CEST298INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Content-Length: 90
                                                                            Via: 1.1 google
                                                                            Date: Thu, 22 Aug 2024 16:11:10 GMT
                                                                            Age: 81684
                                                                            Content-Type: text/html
                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                            Aug 23, 2024 16:52:44.272705078 CEST6OUTData Raw: 00
                                                                            Data Ascii:
                                                                            Aug 23, 2024 16:52:54.282077074 CEST6OUTData Raw: 00
                                                                            Data Ascii:
                                                                            Aug 23, 2024 16:53:03.845897913 CEST303OUTGET /canonical.html HTTP/1.1
                                                                            Host: detectportal.firefox.com
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                            Accept: */*
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            Connection: keep-alive
                                                                            Aug 23, 2024 16:53:03.954351902 CEST298INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Content-Length: 90
                                                                            Via: 1.1 google
                                                                            Date: Thu, 22 Aug 2024 16:11:10 GMT
                                                                            Age: 81713
                                                                            Content-Type: text/html
                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                            Aug 23, 2024 16:53:04.245309114 CEST303OUTGET /canonical.html HTTP/1.1
                                                                            Host: detectportal.firefox.com
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                            Accept: */*
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            Connection: keep-alive
                                                                            Aug 23, 2024 16:53:04.346616983 CEST298INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Content-Length: 90
                                                                            Via: 1.1 google
                                                                            Date: Thu, 22 Aug 2024 16:11:10 GMT
                                                                            Age: 81714
                                                                            Content-Type: text/html
                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                            Aug 23, 2024 16:53:14.359524012 CEST6OUTData Raw: 00
                                                                            Data Ascii:
                                                                            Aug 23, 2024 16:53:24.370317936 CEST6OUTData Raw: 00
                                                                            Data Ascii:
                                                                            Aug 23, 2024 16:53:34.535794020 CEST6OUTData Raw: 00
                                                                            Data Ascii:
                                                                            Aug 23, 2024 16:53:44.540935040 CEST6OUTData Raw: 00
                                                                            Data Ascii:
                                                                            Aug 23, 2024 16:53:54.557885885 CEST6OUTData Raw: 00
                                                                            Data Ascii:


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.54978134.107.221.82805772C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Aug 23, 2024 16:52:33.757231951 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                            Host: detectportal.firefox.com
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                            Accept: */*
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate
                                                                            Connection: keep-alive
                                                                            Pragma: no-cache
                                                                            Cache-Control: no-cache
                                                                            Aug 23, 2024 16:52:34.236356020 CEST216INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Content-Length: 8
                                                                            Via: 1.1 google
                                                                            Date: Thu, 22 Aug 2024 20:26:48 GMT
                                                                            Age: 66346
                                                                            Content-Type: text/plain
                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                            Data Ascii: success
                                                                            Aug 23, 2024 16:52:34.274924040 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                            Host: detectportal.firefox.com
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                            Accept: */*
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate
                                                                            Connection: keep-alive
                                                                            Pragma: no-cache
                                                                            Cache-Control: no-cache
                                                                            Aug 23, 2024 16:52:34.369651079 CEST216INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Content-Length: 8
                                                                            Via: 1.1 google
                                                                            Date: Thu, 22 Aug 2024 20:26:48 GMT
                                                                            Age: 66346
                                                                            Content-Type: text/plain
                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                            Data Ascii: success
                                                                            Aug 23, 2024 16:52:44.372950077 CEST6OUTData Raw: 00
                                                                            Data Ascii:
                                                                            Aug 23, 2024 16:52:54.382378101 CEST6OUTData Raw: 00
                                                                            Data Ascii:
                                                                            Aug 23, 2024 16:53:04.218138933 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                            Host: detectportal.firefox.com
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                            Accept: */*
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate
                                                                            Connection: keep-alive
                                                                            Pragma: no-cache
                                                                            Cache-Control: no-cache
                                                                            Aug 23, 2024 16:53:04.312402964 CEST216INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Content-Length: 8
                                                                            Via: 1.1 google
                                                                            Date: Thu, 22 Aug 2024 20:26:48 GMT
                                                                            Age: 66376
                                                                            Content-Type: text/plain
                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                            Data Ascii: success
                                                                            Aug 23, 2024 16:53:04.490492105 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                            Host: detectportal.firefox.com
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                            Accept: */*
                                                                            Accept-Language: en-US,en;q=0.5
                                                                            Accept-Encoding: gzip, deflate
                                                                            Connection: keep-alive
                                                                            Pragma: no-cache
                                                                            Cache-Control: no-cache
                                                                            Aug 23, 2024 16:53:04.585160017 CEST216INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Content-Length: 8
                                                                            Via: 1.1 google
                                                                            Date: Thu, 22 Aug 2024 20:26:48 GMT
                                                                            Age: 66376
                                                                            Content-Type: text/plain
                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                            Data Ascii: success
                                                                            Aug 23, 2024 16:53:14.589173079 CEST6OUTData Raw: 00
                                                                            Data Ascii:
                                                                            Aug 23, 2024 16:53:24.607357979 CEST6OUTData Raw: 00
                                                                            Data Ascii:
                                                                            Aug 23, 2024 16:53:34.620465040 CEST6OUTData Raw: 00
                                                                            Data Ascii:
                                                                            Aug 23, 2024 16:53:44.632920980 CEST6OUTData Raw: 00
                                                                            Data Ascii:
                                                                            Aug 23, 2024 16:53:54.642544031 CEST6OUTData Raw: 00
                                                                            Data Ascii:


                                                                            HTTPS Proxied Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.54970794.245.104.564437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:51:57 UTC428OUTGET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1
                                                                            Host: api.edgeoffer.microsoft.com
                                                                            Connection: keep-alive
                                                                            Sec-Fetch-Site: none
                                                                            Sec-Fetch-Mode: no-cors
                                                                            Sec-Fetch-Dest: empty
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                            2024-08-23 14:51:57 UTC584INHTTP/1.1 200 OK
                                                                            Content-Length: 0
                                                                            Connection: close
                                                                            Content-Type: application/x-protobuf; charset=utf-8
                                                                            Date: Fri, 23 Aug 2024 14:51:57 GMT
                                                                            Server: Microsoft-IIS/10.0
                                                                            Set-Cookie: ARRAffinity=52cb62858326a60082c1a9b9d6f17d792dabf0192954a295e2b547fc95c60a27;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com
                                                                            Set-Cookie: ARRAffinitySameSite=52cb62858326a60082c1a9b9d6f17d792dabf0192954a295e2b547fc95c60a27;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com
                                                                            Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9
                                                                            X-Powered-By: ASP.NET


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.549726142.250.184.1934437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:01 UTC594OUTGET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                                            Host: clients2.googleusercontent.com
                                                                            Connection: keep-alive
                                                                            Sec-Fetch-Site: none
                                                                            Sec-Fetch-Mode: no-cors
                                                                            Sec-Fetch-Dest: empty
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                            2024-08-23 14:52:01 UTC572INHTTP/1.1 200 OK
                                                                            Accept-Ranges: bytes
                                                                            Content-Length: 135751
                                                                            X-GUploader-UploadID: AHxI1nP4Uq7ym029o9g0gC5fDAtfw-xCJjGzKz6hI_6xke6av19xRBqcyBfTQc29euaGs8wt0r_5tgeeow
                                                                            X-Goog-Hash: crc32c=IDdmTg==
                                                                            Server: UploadServer
                                                                            Date: Fri, 23 Aug 2024 14:27:46 GMT
                                                                            Expires: Sat, 23 Aug 2025 14:27:46 GMT
                                                                            Cache-Control: public, max-age=31536000
                                                                            Age: 1455
                                                                            Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                                            ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                                            Content-Type: application/x-chrome-extension
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close
                                                                            2024-08-23 14:52:01 UTC818INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                            Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                            2024-08-23 14:52:01 UTC1390INData Raw: c7 0f 59 dd ca cf cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9
                                                                            Data Ascii: Y0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>
                                                                            2024-08-23 14:52:01 UTC1390INData Raw: 78 c3 9a 50 64 5d fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba
                                                                            Data Ascii: xPd]DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewW
                                                                            2024-08-23 14:52:01 UTC1390INData Raw: 73 4a e4 91 70 9d a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14
                                                                            Data Ascii: sJp:fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~
                                                                            2024-08-23 14:52:01 UTC1390INData Raw: f0 77 67 86 f4 73 f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67
                                                                            Data Ascii: wgs9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:g
                                                                            2024-08-23 14:52:01 UTC1390INData Raw: 15 00 a4 81 86 68 ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54
                                                                            Data Ascii: h3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T
                                                                            2024-08-23 14:52:01 UTC1390INData Raw: 8e 2c ba 65 e8 66 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d
                                                                            Data Ascii: ,ef4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$M
                                                                            2024-08-23 14:52:01 UTC1390INData Raw: ec fa 62 d7 ae 70 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83
                                                                            Data Ascii: bpnh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u
                                                                            2024-08-23 14:52:01 UTC1390INData Raw: d6 22 50 e1 7c 45 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d
                                                                            Data Ascii: "P|E'3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=
                                                                            2024-08-23 14:52:01 UTC1390INData Raw: 57 c1 ef e1 60 9a 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf
                                                                            Data Ascii: W`^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gOD


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.549734162.159.61.34437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:02 UTC245OUTPOST /dns-query HTTP/1.1
                                                                            Host: chrome.cloudflare-dns.com
                                                                            Connection: keep-alive
                                                                            Content-Length: 128
                                                                            Accept: application/dns-message
                                                                            Accept-Language: *
                                                                            User-Agent: Chrome
                                                                            Accept-Encoding: identity
                                                                            Content-Type: application/dns-message
                                                                            2024-08-23 14:52:02 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: wwwgstaticcom)TP
                                                                            2024-08-23 14:52:02 UTC247INHTTP/1.1 200 OK
                                                                            Server: cloudflare
                                                                            Date: Fri, 23 Aug 2024 14:52:02 GMT
                                                                            Content-Type: application/dns-message
                                                                            Connection: close
                                                                            Access-Control-Allow-Origin: *
                                                                            Content-Length: 468
                                                                            CF-RAY: 8b7bec90ed5042e6-EWR
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            2024-08-23 14:52:02 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f9 00 04 8e fa 40 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: wwwgstaticcom@C)


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.549733162.159.61.34437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:02 UTC245OUTPOST /dns-query HTTP/1.1
                                                                            Host: chrome.cloudflare-dns.com
                                                                            Connection: keep-alive
                                                                            Content-Length: 128
                                                                            Accept: application/dns-message
                                                                            Accept-Language: *
                                                                            User-Agent: Chrome
                                                                            Accept-Encoding: identity
                                                                            Content-Type: application/dns-message
                                                                            2024-08-23 14:52:02 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: wwwgstaticcom)TP
                                                                            2024-08-23 14:52:02 UTC247INHTTP/1.1 200 OK
                                                                            Server: cloudflare
                                                                            Date: Fri, 23 Aug 2024 14:52:02 GMT
                                                                            Content-Type: application/dns-message
                                                                            Connection: close
                                                                            Access-Control-Allow-Origin: *
                                                                            Content-Length: 468
                                                                            CF-RAY: 8b7bec90f8bf7d24-EWR
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            2024-08-23 14:52:02 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 ca 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: wwwgstaticcom))


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.549735172.64.41.34437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:02 UTC245OUTPOST /dns-query HTTP/1.1
                                                                            Host: chrome.cloudflare-dns.com
                                                                            Connection: keep-alive
                                                                            Content-Length: 128
                                                                            Accept: application/dns-message
                                                                            Accept-Language: *
                                                                            User-Agent: Chrome
                                                                            Accept-Encoding: identity
                                                                            Content-Type: application/dns-message
                                                                            2024-08-23 14:52:02 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: wwwgstaticcom)TP
                                                                            2024-08-23 14:52:02 UTC247INHTTP/1.1 200 OK
                                                                            Server: cloudflare
                                                                            Date: Fri, 23 Aug 2024 14:52:02 GMT
                                                                            Content-Type: application/dns-message
                                                                            Connection: close
                                                                            Access-Control-Allow-Origin: *
                                                                            Content-Length: 468
                                                                            CF-RAY: 8b7bec910fc65e60-EWR
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            2024-08-23 14:52:02 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 d2 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: wwwgstaticcomA)


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.549740162.159.61.34437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:03 UTC245OUTPOST /dns-query HTTP/1.1
                                                                            Host: chrome.cloudflare-dns.com
                                                                            Connection: keep-alive
                                                                            Content-Length: 128
                                                                            Accept: application/dns-message
                                                                            Accept-Language: *
                                                                            User-Agent: Chrome
                                                                            Accept-Encoding: identity
                                                                            Content-Type: application/dns-message
                                                                            2024-08-23 14:52:03 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 10 6d 73 65 64 67 65 65 78 74 65 6e 73 69 6f 6e 73 02 73 66 03 74 6c 75 02 64 6c 08 64 65 6c 69 76 65 72 79 02 6d 70 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 2f 00 0c 00 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: msedgeextensionssftludldeliverympmicrosoftcom)/+


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            6192.168.2.549739162.159.61.34437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:03 UTC245OUTPOST /dns-query HTTP/1.1
                                                                            Host: chrome.cloudflare-dns.com
                                                                            Connection: keep-alive
                                                                            Content-Length: 128
                                                                            Accept: application/dns-message
                                                                            Accept-Language: *
                                                                            User-Agent: Chrome
                                                                            Accept-Encoding: identity
                                                                            Content-Type: application/dns-message
                                                                            2024-08-23 14:52:03 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 10 6d 73 65 64 67 65 65 78 74 65 6e 73 69 6f 6e 73 02 73 66 03 74 6c 75 02 64 6c 08 64 65 6c 69 76 65 72 79 02 6d 70 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 00 00 29 10 00 00 00 00 00 00 2f 00 0c 00 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: msedgeextensionssftludldeliverympmicrosoftcomA)/+


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            7192.168.2.549742162.159.61.34437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:03 UTC245OUTPOST /dns-query HTTP/1.1
                                                                            Host: chrome.cloudflare-dns.com
                                                                            Connection: keep-alive
                                                                            Content-Length: 128
                                                                            Accept: application/dns-message
                                                                            Accept-Language: *
                                                                            User-Agent: Chrome
                                                                            Accept-Encoding: identity
                                                                            Content-Type: application/dns-message
                                                                            2024-08-23 14:52:03 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 10 65 64 67 65 61 73 73 65 74 73 65 72 76 69 63 65 09 61 7a 75 72 65 65 64 67 65 03 6e 65 74 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 45 00 0c 00 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: edgeassetserviceazureedgenet)EA


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            8192.168.2.549745184.28.90.27443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:04 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            Accept-Encoding: identity
                                                                            User-Agent: Microsoft BITS/7.8
                                                                            Host: fs.microsoft.com
                                                                            2024-08-23 14:52:04 UTC467INHTTP/1.1 200 OK
                                                                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                            Content-Type: application/octet-stream
                                                                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                            Server: ECAcc (lpl/EF70)
                                                                            X-CID: 11
                                                                            X-Ms-ApiVersion: Distribute 1.2
                                                                            X-Ms-Region: prod-weu-z1
                                                                            Cache-Control: public, max-age=179616
                                                                            Date: Fri, 23 Aug 2024 14:52:04 GMT
                                                                            Connection: close
                                                                            X-CID: 2


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            9192.168.2.54974813.107.246.604437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:04 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                                            Host: edgeassetservice.azureedge.net
                                                                            Connection: keep-alive
                                                                            Edge-Asset-Group: Shoreline
                                                                            Sec-Fetch-Site: none
                                                                            Sec-Fetch-Mode: no-cors
                                                                            Sec-Fetch-Dest: empty
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                            2024-08-23 14:52:04 UTC577INHTTP/1.1 200 OK
                                                                            Date: Fri, 23 Aug 2024 14:52:04 GMT
                                                                            Content-Type: application/octet-stream
                                                                            Content-Length: 306698
                                                                            Connection: close
                                                                            Content-Encoding: gzip
                                                                            Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                                            ETag: 0x8DBC9B5C40EBFF4
                                                                            x-ms-request-id: 0b207006-b01e-0057-575f-f5818a000000
                                                                            x-ms-version: 2009-09-19
                                                                            x-ms-lease-status: unlocked
                                                                            x-ms-blob-type: BlockBlob
                                                                            x-azure-ref: 20240823T145204Z-15c77d89844s74b6f00rmfgxs00000000cxg00000000eggv
                                                                            Cache-Control: public, max-age=604800
                                                                            x-fd-int-roxy-purgeid: 0
                                                                            X-Cache: TCP_HIT
                                                                            X-Cache-Info: L1_T2
                                                                            Accept-Ranges: bytes
                                                                            2024-08-23 14:52:04 UTC15807INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                                            Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                                            2024-08-23 14:52:04 UTC16384INData Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c
                                                                            Data Ascii: u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp
                                                                            2024-08-23 14:52:04 UTC16384INData Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d
                                                                            Data Ascii: ,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-
                                                                            2024-08-23 14:52:04 UTC16384INData Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80
                                                                            Data Ascii: *B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqP
                                                                            2024-08-23 14:52:04 UTC16384INData Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e
                                                                            Data Ascii: kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.V
                                                                            2024-08-23 14:52:04 UTC16384INData Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7
                                                                            Data Ascii: {M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
                                                                            2024-08-23 14:52:04 UTC16384INData Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1
                                                                            Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
                                                                            2024-08-23 14:52:04 UTC16384INData Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03
                                                                            Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                                                            2024-08-23 14:52:04 UTC16384INData Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40
                                                                            Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@
                                                                            2024-08-23 14:52:04 UTC16384INData Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6
                                                                            Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            10192.168.2.549749184.28.90.27443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:05 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            Accept-Encoding: identity
                                                                            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                            Range: bytes=0-2147483646
                                                                            User-Agent: Microsoft BITS/7.8
                                                                            Host: fs.microsoft.com
                                                                            2024-08-23 14:52:05 UTC515INHTTP/1.1 200 OK
                                                                            ApiVersion: Distribute 1.1
                                                                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                            Content-Type: application/octet-stream
                                                                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                            Server: ECAcc (lpl/EF06)
                                                                            X-CID: 11
                                                                            X-Ms-ApiVersion: Distribute 1.2
                                                                            X-Ms-Region: prod-weu-z1
                                                                            Cache-Control: public, max-age=179590
                                                                            Date: Fri, 23 Aug 2024 14:52:05 GMT
                                                                            Content-Length: 55
                                                                            Connection: close
                                                                            X-CID: 2
                                                                            2024-08-23 14:52:05 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            11192.168.2.549752172.217.165.1424437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:05 UTC1079OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=867400062&timestamp=1724424724067 HTTP/1.1
                                                                            Host: accounts.youtube.com
                                                                            Connection: keep-alive
                                                                            sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                                            sec-ch-ua-mobile: ?0
                                                                            sec-ch-ua-full-version: "117.0.5938.132"
                                                                            sec-ch-ua-arch: "x86"
                                                                            sec-ch-ua-platform: "Windows"
                                                                            sec-ch-ua-platform-version: "10.0.0"
                                                                            sec-ch-ua-model: ""
                                                                            sec-ch-ua-bitness: "64"
                                                                            sec-ch-ua-wow64: ?0
                                                                            sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                                            Upgrade-Insecure-Requests: 1
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Sec-Fetch-Site: cross-site
                                                                            Sec-Fetch-Mode: navigate
                                                                            Sec-Fetch-Dest: iframe
                                                                            Referer: https://accounts.google.com/
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                            2024-08-23 14:52:05 UTC1962INHTTP/1.1 200 OK
                                                                            Content-Type: text/html; charset=utf-8
                                                                            X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                                                            Content-Security-Policy: frame-ancestors https://accounts.google.com
                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-fScIkUS3KNuRN-7Db7t8sA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                                                            Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                            Pragma: no-cache
                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                            Date: Fri, 23 Aug 2024 14:52:05 GMT
                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                            reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjMtDikmLw0ZBikPj6kkkNiJ3SZ7AGAHHSv_OsBUC8JOIi64HEi6yXuy-xXgdiIR6OqUcWbWMTaPjUt59RSS8pvzA-MyU1rySzpDIlPzcxMy85Pz87M7W4OLWoLLUo3sjAyMTAwtBCz8AivsAAAJK7Ku0"
                                                                            Server: ESF
                                                                            X-XSS-Protection: 0
                                                                            X-Content-Type-Options: nosniff
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Accept-Ranges: none
                                                                            Vary: Accept-Encoding
                                                                            Connection: close
                                                                            Transfer-Encoding: chunked
                                                                            2024-08-23 14:52:05 UTC1962INData Raw: 37 36 30 34 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 66 53 63 49 6b 55 53 33 4b 4e 75 52 4e 2d 37 44 62 37 74 38 73 41 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                                                                            Data Ascii: 7604<html><head><script nonce="fScIkUS3KNuRN-7Db7t8sA">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                                                                            2024-08-23 14:52:05 UTC1962INData Raw: 29 69 66 28 62 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73
                                                                            Data Ascii: )if(b=/Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s
                                                                            2024-08-23 14:52:05 UTC1962INData Raw: 6f 72 28 22 6e 22 29 3b 64 3d 7a 28 61 29 3b 69 66 28 64 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6f 22 29 3b 69 66 28 64 26 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 22 29 3b 0a 61 3a 7b 63 3d 61 3b 76 61 72 20 65 3d 63 2e 6c 65 6e 67 74 68 3b 69 66 28 65 29 7b 76 61 72 20 66 3d 65 2d 31 3b 69 66 28 76 61 28 63 5b 66 5d 29 29 7b 64 7c 3d 32 35 36 3b 62 3d 66 2d 28 2b 21 21 28 64 26 35 31 32 29 2d 31 29 3b 69 66 28 62 3e 3d 31 30 32 34 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 71 22 29 3b 64 3d 64 26 2d 31 36 37 36 30 38 33 33 7c 28 62 26 31 30 32 33 29 3c 3c 31 34 3b 62 72 65 61 6b 20 61 7d 7d 69 66 28 62 29 7b 62
                                                                            Data Ascii: or("n");d=z(a);if(d&2048)throw Error("o");if(d&64)return a;d|=64;if(c&&(d|=512,c!==a[0]))throw Error("p");a:{c=a;var e=c.length;if(e){var f=e-1;if(va(c[f])){d|=256;b=f-(+!!(d&512)-1);if(b>=1024)throw Error("q");d=d&-16760833|(b&1023)<<14;break a}}if(b){b
                                                                            2024-08-23 14:52:05 UTC1962INData Raw: 28 41 28 6c 29 7c 7c 75 61 28 6c 29 26 26 6c 2e 73 69 7a 65 3d 3d 3d 30 29 26 26 28 6c 3d 6e 75 6c 6c 29 3b 6c 3d 3d 6e 75 6c 6c 26 26 28 65 3d 21 30 29 3b 6c 21 3d 6e 75 6c 6c 26 26 28 67 5b 6b 5d 3d 6c 29 7d 69 66 28 65 29 7b 66 6f 72 28 76 61 72 20 6d 20 69 6e 20 67 29 62 72 65 61 6b 20 62 3b 67 3d 6e 75 6c 6c 7d 65 6c 73 65 20 67 3d 68 7d 68 3d 67 3d 3d 6e 75 6c 6c 3f 64 21 3d 6e 75 6c 6c 3a 67 21 3d 3d 64 7d 66 6f 72 28 3b 63 3e 30 3b 63 2d 2d 29 7b 6b 3d 0a 66 5b 63 2d 31 5d 3b 69 66 28 21 28 6b 3d 3d 6e 75 6c 6c 7c 7c 41 28 6b 29 7c 7c 75 61 28 6b 29 26 26 6b 2e 73 69 7a 65 3d 3d 3d 30 29 29 62 72 65 61 6b 3b 76 61 72 20 71 3d 21 30 7d 69 66 28 66 21 3d 3d 61 7c 7c 68 7c 7c 71 29 7b 69 66 28 21 62 29 66 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70
                                                                            Data Ascii: (A(l)||ua(l)&&l.size===0)&&(l=null);l==null&&(e=!0);l!=null&&(g[k]=l)}if(e){for(var m in g)break b;g=null}else g=h}h=g==null?d!=null:g!==d}for(;c>0;c--){k=f[c-1];if(!(k==null||A(k)||ua(k)&&k.size===0))break;var q=!0}if(f!==a||h||q){if(!b)f=Array.prototyp
                                                                            2024-08-23 14:52:05 UTC1962INData Raw: 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 2c 46 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 4b 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 64 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 2c 4f 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 3a 66 75
                                                                            Data Ascii: rn this};return a},F=function(a){var b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:Ka(a)};throw Error("d`"+String(a));},Oa=typeof Object.create=="function"?Object.create:fu
                                                                            2024-08-23 14:52:05 UTC1962INData Raw: 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 0a 47 28 6b 2c 66 29 26 26 47 28 6b 5b 66 5d 2c 74 68 69 73 2e 67 29 3f 64 65 6c 65 74 65 20 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3a 21 31 7d 3b 72 65 74 75 72 6e 20 67 7d 29 3b 0a 45 28 22 4d 61 70 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 67 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c
                                                                            Data Ascii: rototype.delete=function(k){return c(k)&&G(k,f)&&G(k[f],this.g)?delete k[f][this.g]:!1};return g});E("Map",function(a){if(function(){if(!a||typeof a!="function"||!a.prototype.entries||typeof Object.seal!="function")return!1;try{var g=Object.seal({x:4}),
                                                                            2024-08-23 14:52:05 UTC1962INData Raw: 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 6c 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 67 5b 31 5d 3b 72 65 74 75 72 6e 20 4e 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6c 29 7b 66 6f 72 28 3b 6c 2e 68 65 61 64 21 3d 67 5b 31 5d 3b 29 6c 3d 6c 2e 75 3b 66 6f 72 28 3b 6c 2e 6e 65 78 74 21 3d 6c 2e 68 65 61 64 3b 29 72 65 74 75 72 6e 20 6c 3d 6c 2e 6e 65 78 74 2c 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 6b 28 6c 29 7d 3b 0a 6c 3d 6e 75 6c 6c 7d 72 65 74 75 72 6e 7b 64 6f 6e 65 3a 21 30 2c 76 61 6c 75 65 3a 76 6f 69 64 20 30 7d 7d 29 7d 2c 66 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 67 3d 7b 7d 3b 72 65 74 75 72 6e 20 67 2e 75 3d 67 2e 6e 65 78 74 3d 67
                                                                            Data Ascii: turn{id:l,list:m,index:-1,l:void 0}},e=function(g,k){var l=g[1];return Na(function(){if(l){for(;l.head!=g[1];)l=l.u;for(;l.next!=l.head;)return l=l.next,{done:!1,value:k(l)};l=null}return{done:!0,value:void 0}})},f=function(){var g={};return g.u=g.next=g
                                                                            2024-08-23 14:52:05 UTC1962INData Raw: 2e 62 69 6e 64 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 64 65 78 4f 66 28 22 6e 61 74 69 76 65 20 63 6f 64 65 22 29 21 3d 2d 31 3f 61 62 3a 62 62 3b 72 65 74 75 72 6e 20 48 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 61 72 67 75 6d 65 6e 74 73 29 7d 2c 63 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 31 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 64 3d 63 2e 73 6c 69 63 65 28 29 3b 64 2e 70 75 73 68 2e 61 70 70 6c 79 28 64 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 74 68 69 73 2c 64 29 7d 7d 2c 64 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 30 2c 65 76 61 6c 29 28 61
                                                                            Data Ascii: .bind.toString().indexOf("native code")!=-1?ab:bb;return H.apply(null,arguments)},cb=function(a,b){var c=Array.prototype.slice.call(arguments,1);return function(){var d=c.slice();d.push.apply(d,arguments);return a.apply(this,d)}},db=function(a){(0,eval)(a
                                                                            2024-08-23 14:52:05 UTC1962INData Raw: 63 3d 61 2e 6d 65 73 73 61 67 65 2c 63 3d 3d 6e 75 6c 6c 26 26 28 63 3d 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 26 26 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 6e 73 74 61 6e 63 65 6f 66 20 46 75 6e 63 74 69 6f 6e 3f 27 55 6e 6b 6e 6f 77 6e 20 45 72 72 6f 72 20 6f 66 20 74 79 70 65 20 22 27 2b 28 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 6e 61 6d 65 3f 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 6e 61 6d 65 3a 69 62 28 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 29 2b 27 22 27 3a 22 55 6e 6b 6e 6f 77 6e 20 45 72 72 6f 72 20 6f 66 20 75 6e 6b 6e 6f 77 6e 20 74 79 70 65 22 2c 74 79 70 65 6f 66 20 61 2e 74 6f 53 74 72 69 6e 67 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 21 3d 3d 61 2e
                                                                            Data Ascii: c=a.message,c==null&&(c=a.constructor&&a.constructor instanceof Function?'Unknown Error of type "'+(a.constructor.name?a.constructor.name:ib(a.constructor))+'"':"Unknown Error of unknown type",typeof a.toString==="function"&&Object.prototype.toString!==a.
                                                                            2024-08-23 14:52:05 UTC1962INData Raw: 64 29 2c 65 2c 61 2e 73 6c 69 63 65 28 63 29 5d 3b 63 3d 61 5b 31 5d 3b 61 5b 31 5d 3d 62 3f 63 3f 63 2b 22 26 22 2b 62 3a 62 3a 63 3b 72 65 74 75 72 6e 20 61 5b 30 5d 2b 28 61 5b 31 5d 3f 22 3f 22 2b 61 5b 31 5d 3a 22 22 29 2b 61 5b 32 5d 7d 2c 70 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 62 29 29 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 62 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 70 62 28 61 2c 53 74 72 69 6e 67 28 62 5b 64 5d 29 2c 63 29 3b 65 6c 73 65 20 62 21 3d 6e 75 6c 6c 26 26 63 2e 70 75 73 68 28 61 2b 28 62 3d 3d 3d 0a 22 22 3f 22 22 3a 22 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 53 74 72 69 6e 67 28 62 29 29 29 29 7d 2c 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c
                                                                            Data Ascii: d),e,a.slice(c)];c=a[1];a[1]=b?c?c+"&"+b:b:c;return a[0]+(a[1]?"?"+a[1]:"")+a[2]},pb=function(a,b,c){if(Array.isArray(b))for(var d=0;d<b.length;d++)pb(a,String(b[d]),c);else b!=null&&c.push(a+(b===""?"":"="+encodeURIComponent(String(b))))},qb=function(a,


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            12192.168.2.54975113.107.246.404437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:05 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                                            Host: edgeassetservice.azureedge.net
                                                                            Connection: keep-alive
                                                                            Edge-Asset-Group: EntityExtractionDomainsConfig
                                                                            Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                                            Sec-Mesh-Client-Edge-Channel: stable
                                                                            Sec-Mesh-Client-OS: Windows
                                                                            Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                            Sec-Mesh-Client-Arch: x86_64
                                                                            Sec-Mesh-Client-WebView: 0
                                                                            Sec-Fetch-Site: none
                                                                            Sec-Fetch-Mode: no-cors
                                                                            Sec-Fetch-Dest: empty
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                            2024-08-23 14:52:05 UTC583INHTTP/1.1 200 OK
                                                                            Date: Fri, 23 Aug 2024 14:52:05 GMT
                                                                            Content-Type: application/octet-stream
                                                                            Content-Length: 70207
                                                                            Connection: close
                                                                            Content-Encoding: gzip
                                                                            Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                                            ETag: 0x8DCB31E67C22927
                                                                            x-ms-request-id: ea88565b-f01e-003d-6c06-f5dd21000000
                                                                            x-ms-version: 2009-09-19
                                                                            x-ms-lease-status: unlocked
                                                                            x-ms-blob-type: BlockBlob
                                                                            x-azure-ref: 20240823T145205Z-15c77d89844jh4r89gcr6c8dc800000000wg0000000079ww
                                                                            Cache-Control: public, max-age=604800
                                                                            x-fd-int-roxy-purgeid: 69316365
                                                                            X-Cache: TCP_HIT
                                                                            X-Cache-Info: L1_T2
                                                                            Accept-Ranges: bytes
                                                                            2024-08-23 14:52:05 UTC15801INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                                            Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                                            2024-08-23 14:52:05 UTC16384INData Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31
                                                                            Data Ascii: JEq*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
                                                                            2024-08-23 14:52:05 UTC16384INData Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63
                                                                            Data Ascii: /M5?Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|c
                                                                            2024-08-23 14:52:05 UTC16384INData Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81
                                                                            Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
                                                                            2024-08-23 14:52:05 UTC5254INData Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83
                                                                            Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            13192.168.2.549754142.250.65.1744437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:06 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                            Host: play.google.com
                                                                            Connection: keep-alive
                                                                            Accept: */*
                                                                            Access-Control-Request-Method: POST
                                                                            Access-Control-Request-Headers: x-goog-authuser
                                                                            Origin: https://accounts.google.com
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                            Sec-Fetch-Mode: cors
                                                                            Sec-Fetch-Site: same-site
                                                                            Sec-Fetch-Dest: empty
                                                                            Referer: https://accounts.google.com/
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                            2024-08-23 14:52:06 UTC520INHTTP/1.1 200 OK
                                                                            Access-Control-Allow-Origin: https://accounts.google.com
                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                            Access-Control-Max-Age: 86400
                                                                            Access-Control-Allow-Credentials: true
                                                                            Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                            Content-Type: text/plain; charset=UTF-8
                                                                            Date: Fri, 23 Aug 2024 14:52:06 GMT
                                                                            Server: Playlog
                                                                            Content-Length: 0
                                                                            X-XSS-Protection: 0
                                                                            X-Frame-Options: SAMEORIGIN
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            14192.168.2.549755142.250.65.1744437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:06 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                            Host: play.google.com
                                                                            Connection: keep-alive
                                                                            Accept: */*
                                                                            Access-Control-Request-Method: POST
                                                                            Access-Control-Request-Headers: x-goog-authuser
                                                                            Origin: https://accounts.google.com
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                            Sec-Fetch-Mode: cors
                                                                            Sec-Fetch-Site: same-site
                                                                            Sec-Fetch-Dest: empty
                                                                            Referer: https://accounts.google.com/
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                            2024-08-23 14:52:06 UTC520INHTTP/1.1 200 OK
                                                                            Access-Control-Allow-Origin: https://accounts.google.com
                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                            Access-Control-Max-Age: 86400
                                                                            Access-Control-Allow-Credentials: true
                                                                            Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                            Content-Type: text/plain; charset=UTF-8
                                                                            Date: Fri, 23 Aug 2024 14:52:06 GMT
                                                                            Server: Playlog
                                                                            Content-Length: 0
                                                                            X-XSS-Protection: 0
                                                                            X-Frame-Options: SAMEORIGIN
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            15192.168.2.549756142.251.40.2284437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:07 UTC881OUTGET /favicon.ico HTTP/1.1
                                                                            Host: www.google.com
                                                                            Connection: keep-alive
                                                                            sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                                            sec-ch-ua-mobile: ?0
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                            sec-ch-ua-arch: "x86"
                                                                            sec-ch-ua-full-version: "117.0.5938.132"
                                                                            sec-ch-ua-platform-version: "10.0.0"
                                                                            sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                                            sec-ch-ua-bitness: "64"
                                                                            sec-ch-ua-model: ""
                                                                            sec-ch-ua-wow64: ?0
                                                                            sec-ch-ua-platform: "Windows"
                                                                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                            Sec-Fetch-Site: same-site
                                                                            Sec-Fetch-Mode: no-cors
                                                                            Sec-Fetch-Dest: image
                                                                            Referer: https://accounts.google.com/
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                            2024-08-23 14:52:07 UTC705INHTTP/1.1 200 OK
                                                                            Accept-Ranges: bytes
                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                            Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                            Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                            Content-Length: 5430
                                                                            X-Content-Type-Options: nosniff
                                                                            Server: sffe
                                                                            X-XSS-Protection: 0
                                                                            Date: Fri, 23 Aug 2024 14:25:12 GMT
                                                                            Expires: Sat, 31 Aug 2024 14:25:12 GMT
                                                                            Cache-Control: public, max-age=691200
                                                                            Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                            Content-Type: image/x-icon
                                                                            Vary: Accept-Encoding
                                                                            Age: 1615
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close
                                                                            2024-08-23 14:52:07 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                            Data Ascii: h& ( 0.v]X:X:rY
                                                                            2024-08-23 14:52:07 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                                            Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                                            2024-08-23 14:52:07 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                                            Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                            2024-08-23 14:52:07 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                            Data Ascii: BBBBBBF!4I
                                                                            2024-08-23 14:52:07 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                            Data Ascii: $'


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            16192.168.2.54976013.107.246.404437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:08 UTC478OUTGET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1
                                                                            Host: edgeassetservice.azureedge.net
                                                                            Connection: keep-alive
                                                                            Edge-Asset-Group: ProductCategories
                                                                            Sec-Fetch-Site: none
                                                                            Sec-Fetch-Mode: no-cors
                                                                            Sec-Fetch-Dest: empty
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                            2024-08-23 14:52:08 UTC552INHTTP/1.1 200 OK
                                                                            Date: Fri, 23 Aug 2024 14:52:08 GMT
                                                                            Content-Type: application/octet-stream
                                                                            Content-Length: 82989
                                                                            Connection: close
                                                                            Last-Modified: Thu, 25 May 2023 20:28:02 GMT
                                                                            ETag: 0x8DB5D5E89CE25EB
                                                                            x-ms-request-id: 0d1836d6-901e-002d-5f5f-f5ebc7000000
                                                                            x-ms-version: 2009-09-19
                                                                            x-ms-lease-status: unlocked
                                                                            x-ms-blob-type: BlockBlob
                                                                            x-azure-ref: 20240823T145208Z-15c77d89844x4cv6tct3vbzssn0000000at0000000003dxa
                                                                            Cache-Control: public, max-age=604800
                                                                            x-fd-int-roxy-purgeid: 0
                                                                            X-Cache: TCP_HIT
                                                                            X-Cache-Info: L1_T2
                                                                            Accept-Ranges: bytes
                                                                            2024-08-23 14:52:08 UTC15832INData Raw: 0a 22 08 f2 33 12 1d 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0d 42 65 6c 74 73 20 26 20 48 6f 73 65 73 0a 23 08 d7 2b 12 1e 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 09 41 69 72 20 50 75 6d 70 73 0a 21 08 b8 22 12 1c 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0c 42 6f 64 79 20 53 74 79 6c 69 6e 67 0a 34 08 c3 35 12 2f 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 13 53 70 69 63 65 73 20 26 20 53 65 61 73 6f 6e 69 6e 67 73 0a 27 08 a4 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 47 65 61 72 0a 21 08 f5 36 12 1c 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 0b 48 79 64 72 6f 70 6f 6e 69 63 73 0a 39 08 61 12 35 0a 11 42 6f 6f 6b 73 20 26 20 4d
                                                                            Data Ascii: "3Car & GarageBelts & Hoses#+Sports & OutdoorsAir Pumps!"Car & GarageBody Styling45/Gourmet Food & ChocolateSpices & Seasonings',"Sports & OutdoorsSleeping Gear!6Lawn & GardenHydroponics9a5Books & M
                                                                            2024-08-23 14:52:08 UTC16384INData Raw: 6d 65 73 12 1b 4e 69 6e 74 65 6e 64 6f 20 53 79 73 74 65 6d 20 41 63 63 65 73 73 6f 72 69 65 73 0a 20 08 a2 26 12 1b 0a 10 54 6f 6f 6c 73 20 26 20 48 61 72 64 77 61 72 65 12 07 54 6f 69 6c 65 74 73 0a 2c 08 f3 28 12 27 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73 12 0f 45 6c 65 63 74 72 69 63 20 4d 69 78 65 72 73 0a 21 08 c0 32 12 1c 0a 04 54 6f 79 73 12 14 53 61 6e 64 62 6f 78 20 26 20 42 65 61 63 68 20 54 6f 79 73 0a 35 08 a5 25 12 30 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 14 53 65 61 66 6f 6f 64 20 43 6f 6d 62 69 6e 61 74 69 6f 6e 73 0a 24 08 d7 27 12 1f 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 0b 43 61 6b 65 20 53 74 61 6e 64 73 0a 2e 08 a4 28 12 29 0a 14 4b 69 74 63 68 65
                                                                            Data Ascii: mesNintendo System Accessories &Tools & HardwareToilets,('Kitchen & HousewaresElectric Mixers!2ToysSandbox & Beach Toys5%0Gourmet Food & ChocolateSeafood Combinations$'Home FurnishingsCake Stands.()Kitche
                                                                            2024-08-23 14:52:08 UTC16384INData Raw: 65 12 1c 44 72 69 76 65 77 61 79 20 26 20 47 61 72 61 67 65 20 46 6c 6f 6f 72 20 43 61 72 65 0a 25 08 f0 2a 12 20 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 0d 50 61 70 65 72 20 50 75 6e 63 68 65 73 0a 2d 08 c1 2c 12 28 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 13 42 69 63 79 63 6c 65 20 41 63 63 65 73 73 6f 72 69 65 73 0a 22 08 a2 27 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 4e 6f 76 65 6c 74 69 65 73 0a 16 08 f3 29 12 11 0a 05 4d 75 73 69 63 12 08 45 78 65 72 63 69 73 65 0a 22 08 8e 31 12 1d 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 08 53 77 69 6d 6d 69 6e 67 0a 26 08 d4 21 12 21 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 0b 4d 61 6b 65 75 70 20 4b 69 74 73 0a 3c
                                                                            Data Ascii: eDriveway & Garage Floor Care%* Office ProductsPaper Punches-,(Sports & OutdoorsBicycle Accessories"'Home FurnishingsNovelties)MusicExercise"1Sports & OutdoorsSwimming&!!Beauty & FragranceMakeup Kits<
                                                                            2024-08-23 14:52:08 UTC16384INData Raw: 74 73 0a 1b 08 be 29 12 16 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 05 42 75 6c 62 73 0a 21 08 a3 21 12 1c 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 06 4d 61 6b 65 75 70 0a 2d 08 49 12 29 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 14 42 75 73 69 6e 65 73 73 20 26 20 45 63 6f 6e 6f 6d 69 63 73 0a 23 08 d5 23 12 1e 0a 09 43 6f 6d 70 75 74 69 6e 67 12 11 45 78 70 61 6e 73 69 6f 6e 20 4d 6f 64 75 6c 65 73 0a 2f 08 a2 24 12 2a 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 1b 43 44 20 50 6c 61 79 65 72 73 20 26 20 53 74 65 72 65 6f 20 53 79 73 74 65 6d 73 0a 1f 08 d4 26 12 1a 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 06 51 75 69 6c 74 73 0a 22 08 86 23 12 1d 0a 10 43 6c 6f 74 68 69 6e 67 20 26 20 53 68 6f
                                                                            Data Ascii: ts)Lawn & GardenBulbs!!Beauty & FragranceMakeup-I)Books & MagazinesBusiness & Economics##ComputingExpansion Modules/$*ElectronicsCD Players & Stereo Systems&Home FurnishingsQuilts"#Clothing & Sho
                                                                            2024-08-23 14:52:08 UTC16384INData Raw: 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 42 61 67 73 0a 24 08 bd 21 12 1f 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 09 46 72 61 67 72 61 6e 63 65 0a 28 08 63 12 24 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 0f 4d 75 73 69 63 20 4d 61 67 61 7a 69 6e 65 73 0a 1e 08 8a 2b 12 19 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 06 52 75 6c 65 72 73 0a 2d 08 a9 33 12 28 0a 09 43 6f 6d 70 75 74 69 6e 67 12 1b 50 72 69 6e 74 65 72 20 50 61 72 74 73 20 26 20 41 74 74 61 63 68 6d 65 6e 74 73 0a 27 08 ef 23 12 22 0a 09 43 6f 6d 70 75 74 69 6e 67 12 15 54 68 69 6e 20 43 6c 69 65 6e 74 20 43 6f 6d 70 75 74 65 72 73 0a 37 08 bc 24 12 32 0a 0b 45 6c 65 63 74 72 6f 6e 69
                                                                            Data Ascii: ,"Sports & OutdoorsSleeping Bags$!Beauty & FragranceFragrance(c$Books & MagazinesMusic Magazines+Office ProductsRulers-3(ComputingPrinter Parts & Attachments'#"ComputingThin Client Computers7$2Electroni
                                                                            2024-08-23 14:52:08 UTC1621INData Raw: 61 79 65 72 73 0a 34 08 dc 36 12 2f 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 1f 53 6e 6f 77 6d 6f 62 69 6c 65 20 26 20 41 54 56 20 53 6b 69 73 20 26 20 52 75 6e 6e 65 72 73 0a 23 08 a2 21 12 1e 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 08 54 77 65 65 7a 65 72 73 0a 30 08 8e 33 12 2b 0a 0c 50 65 74 20 53 75 70 70 6c 69 65 73 12 1b 50 65 74 20 48 61 62 69 74 61 74 20 26 20 43 61 67 65 20 53 75 70 70 6c 69 65 73 0a 29 08 d4 23 12 24 0a 09 43 6f 6d 70 75 74 69 6e 67 12 17 44 69 67 69 74 61 6c 20 4d 65 64 69 61 20 52 65 63 65 69 76 65 72 73 0a 2a 08 f3 2b 12 25 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 10 42 6f 61 74 20 4d 61 69 6e 74 65 6e 61 6e 63 65 0a 22 08 d7 26 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69
                                                                            Data Ascii: ayers46/Car & GarageSnowmobile & ATV Skis & Runners#!Beauty & FragranceTweezers03+Pet SuppliesPet Habitat & Cage Supplies)#$ComputingDigital Media Receivers*+%Sports & OutdoorsBoat Maintenance"&Home Furnishi


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            17192.168.2.54976120.114.59.183443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:12 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=LYmUv1Z1vAtRz55&MD=53Fve3aL HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                            Host: slscr.update.microsoft.com
                                                                            2024-08-23 14:52:13 UTC560INHTTP/1.1 200 OK
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            Content-Type: application/octet-stream
                                                                            Expires: -1
                                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                            MS-CorrelationId: 53bef80a-b797-411b-acde-ea51d79f433f
                                                                            MS-RequestId: 68e3b219-04fa-4d51-8733-4a5f57ca1eb5
                                                                            MS-CV: rE/5ySSp90ivBGIm.0
                                                                            X-Microsoft-SLSClientCache: 2880
                                                                            Content-Disposition: attachment; filename=environment.cab
                                                                            X-Content-Type-Options: nosniff
                                                                            Date: Fri, 23 Aug 2024 14:52:13 GMT
                                                                            Connection: close
                                                                            Content-Length: 24490
                                                                            2024-08-23 14:52:13 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                            2024-08-23 14:52:13 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            18192.168.2.549768152.195.19.974437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:21 UTC612OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725029519&P2=404&P3=2&P4=kHCyqCMN7zkIUvouF1wInfVmnvvun6sXGzu4nJH8qR8yAkiljdm8KB5Je4FSvzGzGaXiSaQzhmUJ7ml3L8vKFg%3d%3d HTTP/1.1
                                                                            Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                            Connection: keep-alive
                                                                            MS-CV: Tn1qygMsWGvvhapf6VDhHS
                                                                            Sec-Fetch-Site: none
                                                                            Sec-Fetch-Mode: no-cors
                                                                            Sec-Fetch-Dest: empty
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                            2024-08-23 14:52:21 UTC632INHTTP/1.1 200 OK
                                                                            Accept-Ranges: bytes
                                                                            Age: 4351272
                                                                            Cache-Control: public, max-age=17280000
                                                                            Content-Type: application/x-chrome-extension
                                                                            Date: Fri, 23 Aug 2024 14:52:21 GMT
                                                                            Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                            Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                            MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                            MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                            MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                            Server: ECAcc (nyd/D11E)
                                                                            X-AspNet-Version: 4.0.30319
                                                                            X-AspNetMvc-Version: 5.3
                                                                            X-Cache: HIT
                                                                            X-CCC: US
                                                                            X-CID: 11
                                                                            X-Powered-By: ASP.NET
                                                                            X-Powered-By: ARR/3.0
                                                                            X-Powered-By: ASP.NET
                                                                            Content-Length: 11185
                                                                            Connection: close
                                                                            2024-08-23 14:52:21 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                            Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            19192.168.2.549770162.159.61.34437800C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:22 UTC245OUTPOST /dns-query HTTP/1.1
                                                                            Host: chrome.cloudflare-dns.com
                                                                            Connection: keep-alive
                                                                            Content-Length: 128
                                                                            Accept: application/dns-message
                                                                            Accept-Language: *
                                                                            User-Agent: Chrome
                                                                            Accept-Encoding: identity
                                                                            Content-Type: application/dns-message
                                                                            2024-08-23 14:52:22 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 51 00 0c 00 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: edgemicrosoftcom)QM
                                                                            2024-08-23 14:52:22 UTC247INHTTP/1.1 200 OK
                                                                            Server: cloudflare
                                                                            Date: Fri, 23 Aug 2024 14:52:22 GMT
                                                                            Content-Type: application/dns-message
                                                                            Connection: close
                                                                            Access-Control-Allow-Origin: *
                                                                            Content-Length: 468
                                                                            CF-RAY: 8b7bed114bcc4237-EWR
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            2024-08-23 14:52:22 UTC468INData Raw: 00 00 81 80 00 01 00 04 00 00 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 0e 01 00 2d 12 65 64 67 65 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 0b 64 75 61 6c 2d 61 2d 30 30 33 36 08 61 2d 6d 73 65 64 67 65 03 6e 65 74 00 c0 30 00 05 00 01 00 00 00 2d 00 02 c0 43 c0 43 00 01 00 01 00 00 00 2d 00 04 0d 6b 15 ef c0 43 00 01 00 01 00 00 00 2d 00 04 cc 4f c5 ef 00 00 29 04 d0 00 00 00 00 01 3e 00 0c 01 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii: edgemicrosoftcom-edge-microsoft-comdual-a-0036a-msedgenet0-CC-kC-O)>:


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            20192.168.2.54978320.114.59.183443
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-08-23 14:52:51 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=LYmUv1Z1vAtRz55&MD=53Fve3aL HTTP/1.1
                                                                            Connection: Keep-Alive
                                                                            Accept: */*
                                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                            Host: slscr.update.microsoft.com
                                                                            2024-08-23 14:52:51 UTC560INHTTP/1.1 200 OK
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            Content-Type: application/octet-stream
                                                                            Expires: -1
                                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                            ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                            MS-CorrelationId: 5e3c54ce-eb25-455b-a405-8e4a344209f9
                                                                            MS-RequestId: 0f194a06-6e11-4877-9ec1-52f7ff258184
                                                                            MS-CV: z1guON1KiEqpL2KK.0
                                                                            X-Microsoft-SLSClientCache: 1440
                                                                            Content-Disposition: attachment; filename=environment.cab
                                                                            X-Content-Type-Options: nosniff
                                                                            Date: Fri, 23 Aug 2024 14:52:51 GMT
                                                                            Connection: close
                                                                            Content-Length: 30005
                                                                            2024-08-23 14:52:51 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                            Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                            2024-08-23 14:52:51 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                            Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:10:51:52
                                                                            Start date:23/08/2024
                                                                            Path:C:\Users\user\Desktop\file.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\file.exe"
                                                                            Imagebase:0x4c0000
                                                                            File size:917'504 bytes
                                                                            MD5 hash:5BCFAE8097A09C47FC7FA3CADFEB39AE
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:1
                                                                            Start time:10:51:53
                                                                            Start date:23/08/2024
                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                            Imagebase:0x7ff6c1cf0000
                                                                            File size:4'210'216 bytes
                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:2
                                                                            Start time:10:51:53
                                                                            Start date:23/08/2024
                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                            Imagebase:0x7ff79f9e0000
                                                                            File size:676'768 bytes
                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:4
                                                                            Start time:10:51:53
                                                                            Start date:23/08/2024
                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                                            Imagebase:0x7ff79f9e0000
                                                                            File size:676'768 bytes
                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:6
                                                                            Start time:10:51:53
                                                                            Start date:23/08/2024
                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                            Imagebase:0x7ff79f9e0000
                                                                            File size:676'768 bytes
                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:7
                                                                            Start time:10:51:53
                                                                            Start date:23/08/2024
                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2032,i,17235730763845207271,9954628077255362807,262144 /prefetch:3
                                                                            Imagebase:0x7ff6c1cf0000
                                                                            File size:4'210'216 bytes
                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:8
                                                                            Start time:10:51:54
                                                                            Start date:23/08/2024
                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                            Imagebase:0x7ff6c1cf0000
                                                                            File size:4'210'216 bytes
                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:9
                                                                            Start time:10:51:55
                                                                            Start date:23/08/2024
                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2944 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:3
                                                                            Imagebase:0x7ff6c1cf0000
                                                                            File size:4'210'216 bytes
                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:12
                                                                            Start time:10:51:58
                                                                            Start date:23/08/2024
                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2240 -parentBuildID 20230927232528 -prefsHandle 2188 -prefMapHandle 2180 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8205cf2-3fc0-4029-8ece-1522148321f6} 5772 "\\.\pipe\gecko-crash-server-pipe.5772" 15d8296dd10 socket
                                                                            Imagebase:0x7ff79f9e0000
                                                                            File size:676'768 bytes
                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:14
                                                                            Start time:10:51:59
                                                                            Start date:23/08/2024
                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6680 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8
                                                                            Imagebase:0x7ff6c1cf0000
                                                                            File size:4'210'216 bytes
                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:15
                                                                            Start time:10:51:59
                                                                            Start date:23/08/2024
                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6848 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8
                                                                            Imagebase:0x7ff6c1cf0000
                                                                            File size:4'210'216 bytes
                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:16
                                                                            Start time:10:52:01
                                                                            Start date:23/08/2024
                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4068 -parentBuildID 20230927232528 -prefsHandle 4572 -prefMapHandle 4568 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc14055a-cb3b-4982-b2ae-49b5b90d95b7} 5772 "\\.\pipe\gecko-crash-server-pipe.5772" 15d95a12610 rdd
                                                                            Imagebase:0x7ff79f9e0000
                                                                            File size:676'768 bytes
                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:17
                                                                            Start time:10:52:05
                                                                            Start date:23/08/2024
                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6488 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8
                                                                            Imagebase:0x7ff6c1cf0000
                                                                            File size:4'210'216 bytes
                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:18
                                                                            Start time:10:52:05
                                                                            Start date:23/08/2024
                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7216 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8
                                                                            Imagebase:0x7ff6c1cf0000
                                                                            File size:4'210'216 bytes
                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:19
                                                                            Start time:10:52:05
                                                                            Start date:23/08/2024
                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7452 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8
                                                                            Imagebase:0x7ff6c1cf0000
                                                                            File size:4'210'216 bytes
                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:22
                                                                            Start time:10:52:55
                                                                            Start date:23/08/2024
                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7452 --field-trial-handle=2664,i,10002122715651088037,8823588314030443706,262144 /prefetch:8
                                                                            Imagebase:0x7ff6c1cf0000
                                                                            File size:4'210'216 bytes
                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:false

                                                                            Disassembly

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:1.8%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:7.3%
                                                                              Total number of Nodes:1377
                                                                              Total number of Limit Nodes:60
                                                                              execution_graph 94592 4c1cad SystemParametersInfoW 94593 513f75 94604 4dceb1 94593->94604 94595 513f8b 94596 514006 94595->94596 94671 4de300 23 API calls 94595->94671 94613 4cbf40 94596->94613 94599 514052 94602 514a88 94599->94602 94673 53359c 82 API calls __wsopen_s 94599->94673 94601 513fe6 94601->94599 94672 531abf 22 API calls 94601->94672 94605 4dcebf 94604->94605 94606 4dced2 94604->94606 94674 4caceb 23 API calls ISource 94605->94674 94608 4dcf05 94606->94608 94609 4dced7 94606->94609 94685 4caceb 23 API calls ISource 94608->94685 94675 4dfddb 94609->94675 94612 4dcec9 94612->94595 94698 4cadf0 94613->94698 94615 4cbf9d 94616 4cbfa9 94615->94616 94617 5104b6 94615->94617 94619 4cc01e 94616->94619 94620 5104c6 94616->94620 94727 53359c 82 API calls __wsopen_s 94617->94727 94703 4cac91 94619->94703 94728 53359c 82 API calls __wsopen_s 94620->94728 94623 5104f5 94625 51055a 94623->94625 94729 4dd217 185 API calls 94623->94729 94624 4cc7da 94716 4dfe0b 94624->94716 94657 4cc603 94625->94657 94730 53359c 82 API calls __wsopen_s 94625->94730 94627 4cc039 ISource __fread_nolock 94627->94623 94627->94624 94627->94625 94632 4cc808 __fread_nolock 94627->94632 94635 4cec40 185 API calls 94627->94635 94636 4caf8a 22 API calls 94627->94636 94637 527120 22 API calls 94627->94637 94638 51091a 94627->94638 94642 5108a5 94627->94642 94646 510591 94627->94646 94649 5108f6 94627->94649 94652 4dfddb 22 API calls 94627->94652 94654 4cc237 94627->94654 94627->94657 94663 5109bf 94627->94663 94665 4cbbe0 40 API calls 94627->94665 94669 4dfe0b 22 API calls 94627->94669 94707 4cad81 94627->94707 94732 527099 22 API calls __fread_nolock 94627->94732 94733 545745 54 API calls _wcslen 94627->94733 94734 4daa42 22 API calls ISource 94627->94734 94735 52f05c 40 API calls 94627->94735 94736 4ca993 41 API calls 94627->94736 94737 4caceb 23 API calls ISource 94627->94737 94639 4dfe0b 22 API calls 94632->94639 94635->94627 94636->94627 94637->94627 94764 533209 23 API calls 94638->94764 94668 4cc350 ISource __fread_nolock 94639->94668 94738 4cec40 94642->94738 94644 5108cf 94644->94657 94762 4ca81b 41 API calls 94644->94762 94731 53359c 82 API calls __wsopen_s 94646->94731 94763 53359c 82 API calls __wsopen_s 94649->94763 94652->94627 94655 4cc253 94654->94655 94765 4ca8c7 22 API calls __fread_nolock 94654->94765 94658 510976 94655->94658 94661 4cc297 ISource 94655->94661 94657->94599 94766 4caceb 23 API calls ISource 94658->94766 94661->94663 94714 4caceb 23 API calls ISource 94661->94714 94663->94657 94767 53359c 82 API calls __wsopen_s 94663->94767 94664 4cc335 94664->94663 94666 4cc342 94664->94666 94665->94627 94715 4ca704 22 API calls ISource 94666->94715 94670 4cc3ac 94668->94670 94726 4dce17 22 API calls ISource 94668->94726 94669->94627 94670->94599 94671->94601 94672->94596 94673->94602 94674->94612 94678 4dfde0 94675->94678 94677 4dfdfa 94677->94612 94678->94677 94680 4dfdfc 94678->94680 94686 4eea0c 94678->94686 94693 4e4ead 7 API calls 2 library calls 94678->94693 94681 4e066d 94680->94681 94694 4e32a4 RaiseException 94680->94694 94695 4e32a4 RaiseException 94681->94695 94684 4e068a 94684->94612 94685->94612 94691 4f3820 _free 94686->94691 94687 4f385e 94697 4ef2d9 20 API calls _free 94687->94697 94689 4f3849 RtlAllocateHeap 94690 4f385c 94689->94690 94689->94691 94690->94678 94691->94687 94691->94689 94696 4e4ead 7 API calls 2 library calls 94691->94696 94693->94678 94694->94681 94695->94684 94696->94691 94697->94690 94699 4cae01 94698->94699 94702 4cae1c ISource 94698->94702 94768 4caec9 94699->94768 94701 4cae09 CharUpperBuffW 94701->94702 94702->94615 94704 4cacae 94703->94704 94705 4cacd1 94704->94705 94774 53359c 82 API calls __wsopen_s 94704->94774 94705->94627 94708 50fadb 94707->94708 94709 4cad92 94707->94709 94710 4dfddb 22 API calls 94709->94710 94711 4cad99 94710->94711 94775 4cadcd 94711->94775 94714->94664 94715->94668 94718 4dfddb 94716->94718 94717 4eea0c ___std_exception_copy 21 API calls 94717->94718 94718->94717 94719 4dfdfa 94718->94719 94722 4dfdfc 94718->94722 94788 4e4ead 7 API calls 2 library calls 94718->94788 94719->94632 94721 4e066d 94790 4e32a4 RaiseException 94721->94790 94722->94721 94789 4e32a4 RaiseException 94722->94789 94725 4e068a 94725->94632 94726->94668 94727->94620 94728->94657 94729->94625 94730->94657 94731->94657 94732->94627 94733->94627 94734->94627 94735->94627 94736->94627 94737->94627 94740 4cec76 ISource 94738->94740 94739 4e00a3 29 API calls pre_c_initialization 94739->94740 94740->94739 94741 4dfddb 22 API calls 94740->94741 94743 4cfef7 94740->94743 94745 514600 94740->94745 94746 514b0b 94740->94746 94750 4ca8c7 22 API calls 94740->94750 94753 4e0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94740->94753 94754 4cfbe3 94740->94754 94755 4ced9d ISource 94740->94755 94756 4ca961 22 API calls 94740->94756 94759 514beb 94740->94759 94760 4e01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94740->94760 94761 4cf3ae ISource 94740->94761 94791 4d01e0 185 API calls 2 library calls 94740->94791 94792 4d06a0 41 API calls ISource 94740->94792 94741->94740 94743->94755 94794 4ca8c7 22 API calls __fread_nolock 94743->94794 94745->94755 94793 4ca8c7 22 API calls __fread_nolock 94745->94793 94796 53359c 82 API calls __wsopen_s 94746->94796 94750->94740 94753->94740 94754->94755 94757 514bdc 94754->94757 94754->94761 94755->94644 94756->94740 94797 53359c 82 API calls __wsopen_s 94757->94797 94798 53359c 82 API calls __wsopen_s 94759->94798 94760->94740 94761->94755 94795 53359c 82 API calls __wsopen_s 94761->94795 94762->94649 94763->94657 94764->94654 94765->94655 94766->94663 94767->94657 94769 4caedc 94768->94769 94770 4caed9 __fread_nolock 94768->94770 94771 4dfddb 22 API calls 94769->94771 94770->94701 94772 4caee7 94771->94772 94773 4dfe0b 22 API calls 94772->94773 94773->94770 94774->94705 94778 4caddd 94775->94778 94776 4cadb6 94776->94627 94777 4dfddb 22 API calls 94777->94778 94778->94776 94778->94777 94781 4cadcd 22 API calls 94778->94781 94782 4ca961 94778->94782 94787 4ca8c7 22 API calls __fread_nolock 94778->94787 94781->94778 94783 4dfe0b 22 API calls 94782->94783 94784 4ca976 94783->94784 94785 4dfddb 22 API calls 94784->94785 94786 4ca984 94785->94786 94786->94778 94787->94778 94788->94718 94789->94721 94790->94725 94791->94740 94792->94740 94793->94755 94794->94755 94795->94755 94796->94755 94797->94759 94798->94755 94799 4c1044 94804 4c10f3 94799->94804 94801 4c104a 94840 4e00a3 29 API calls __onexit 94801->94840 94803 4c1054 94841 4c1398 94804->94841 94808 4c116a 94809 4ca961 22 API calls 94808->94809 94810 4c1174 94809->94810 94811 4ca961 22 API calls 94810->94811 94812 4c117e 94811->94812 94813 4ca961 22 API calls 94812->94813 94814 4c1188 94813->94814 94815 4ca961 22 API calls 94814->94815 94816 4c11c6 94815->94816 94817 4ca961 22 API calls 94816->94817 94818 4c1292 94817->94818 94851 4c171c 94818->94851 94822 4c12c4 94823 4ca961 22 API calls 94822->94823 94824 4c12ce 94823->94824 94872 4d1940 94824->94872 94826 4c12f9 94882 4c1aab 94826->94882 94828 4c1315 94829 4c1325 GetStdHandle 94828->94829 94830 502485 94829->94830 94831 4c137a 94829->94831 94830->94831 94832 50248e 94830->94832 94834 4c1387 OleInitialize 94831->94834 94833 4dfddb 22 API calls 94832->94833 94835 502495 94833->94835 94834->94801 94889 53011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 94835->94889 94837 50249e 94890 530944 CreateThread 94837->94890 94839 5024aa CloseHandle 94839->94831 94840->94803 94891 4c13f1 94841->94891 94844 4c13f1 22 API calls 94845 4c13d0 94844->94845 94846 4ca961 22 API calls 94845->94846 94847 4c13dc 94846->94847 94898 4c6b57 94847->94898 94849 4c1129 94850 4c1bc3 6 API calls 94849->94850 94850->94808 94852 4ca961 22 API calls 94851->94852 94853 4c172c 94852->94853 94854 4ca961 22 API calls 94853->94854 94855 4c1734 94854->94855 94856 4ca961 22 API calls 94855->94856 94857 4c174f 94856->94857 94858 4dfddb 22 API calls 94857->94858 94859 4c129c 94858->94859 94860 4c1b4a 94859->94860 94861 4c1b58 94860->94861 94862 4ca961 22 API calls 94861->94862 94863 4c1b63 94862->94863 94864 4ca961 22 API calls 94863->94864 94865 4c1b6e 94864->94865 94866 4ca961 22 API calls 94865->94866 94867 4c1b79 94866->94867 94868 4ca961 22 API calls 94867->94868 94869 4c1b84 94868->94869 94870 4dfddb 22 API calls 94869->94870 94871 4c1b96 RegisterWindowMessageW 94870->94871 94871->94822 94873 4d1981 94872->94873 94877 4d195d 94872->94877 94915 4e0242 5 API calls __Init_thread_wait 94873->94915 94875 4d198b 94875->94877 94916 4e01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94875->94916 94881 4d196e 94877->94881 94917 4e0242 5 API calls __Init_thread_wait 94877->94917 94878 4d8727 94878->94881 94918 4e01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94878->94918 94881->94826 94883 4c1abb 94882->94883 94884 50272d 94882->94884 94886 4dfddb 22 API calls 94883->94886 94919 533209 23 API calls 94884->94919 94888 4c1ac3 94886->94888 94887 502738 94888->94828 94889->94837 94890->94839 94920 53092a 28 API calls 94890->94920 94892 4ca961 22 API calls 94891->94892 94893 4c13fc 94892->94893 94894 4ca961 22 API calls 94893->94894 94895 4c1404 94894->94895 94896 4ca961 22 API calls 94895->94896 94897 4c13c6 94896->94897 94897->94844 94899 504ba1 94898->94899 94901 4c6b67 _wcslen 94898->94901 94911 4c93b2 94899->94911 94903 4c6b7d 94901->94903 94904 4c6ba2 94901->94904 94902 504baa 94902->94902 94910 4c6f34 22 API calls 94903->94910 94906 4dfddb 22 API calls 94904->94906 94908 4c6bae 94906->94908 94907 4c6b85 __fread_nolock 94907->94849 94909 4dfe0b 22 API calls 94908->94909 94909->94907 94910->94907 94912 4c93c0 94911->94912 94914 4c93c9 __fread_nolock 94911->94914 94913 4caec9 22 API calls 94912->94913 94912->94914 94913->94914 94914->94902 94915->94875 94916->94877 94917->94878 94918->94881 94919->94887 94921 4f8402 94926 4f81be 94921->94926 94924 4f842a 94927 4f81ef try_get_first_available_module 94926->94927 94934 4f8338 94927->94934 94941 4e8e0b 40 API calls 2 library calls 94927->94941 94929 4f83ee 94945 4f27ec 26 API calls _strftime 94929->94945 94931 4f8343 94931->94924 94938 500984 94931->94938 94933 4f838c 94933->94934 94942 4e8e0b 40 API calls 2 library calls 94933->94942 94934->94931 94944 4ef2d9 20 API calls _free 94934->94944 94936 4f83ab 94936->94934 94943 4e8e0b 40 API calls 2 library calls 94936->94943 94946 500081 94938->94946 94940 50099f 94940->94924 94941->94933 94942->94936 94943->94934 94944->94929 94945->94931 94949 50008d ___DestructExceptionObject 94946->94949 94947 50009b 95004 4ef2d9 20 API calls _free 94947->95004 94949->94947 94951 5000d4 94949->94951 94950 5000a0 95005 4f27ec 26 API calls _strftime 94950->95005 94957 50065b 94951->94957 94956 5000aa __fread_nolock 94956->94940 95007 50042f 94957->95007 94960 5006a6 95025 4f5221 94960->95025 94961 50068d 95039 4ef2c6 20 API calls _free 94961->95039 94964 5006ab 94966 5006b4 94964->94966 94967 5006cb 94964->94967 94965 500692 95040 4ef2d9 20 API calls _free 94965->95040 95041 4ef2c6 20 API calls _free 94966->95041 95038 50039a CreateFileW 94967->95038 94971 5000f8 95006 500121 LeaveCriticalSection __wsopen_s 94971->95006 94972 5006b9 95042 4ef2d9 20 API calls _free 94972->95042 94974 500781 GetFileType 94975 5007d3 94974->94975 94976 50078c GetLastError 94974->94976 95047 4f516a 21 API calls 3 library calls 94975->95047 95045 4ef2a3 20 API calls 2 library calls 94976->95045 94977 500756 GetLastError 95044 4ef2a3 20 API calls 2 library calls 94977->95044 94978 500704 94978->94974 94978->94977 95043 50039a CreateFileW 94978->95043 94982 50079a CloseHandle 94982->94965 94985 5007c3 94982->94985 94984 500749 94984->94974 94984->94977 95046 4ef2d9 20 API calls _free 94985->95046 94986 5007f4 94988 500840 94986->94988 95048 5005ab 72 API calls 4 library calls 94986->95048 94993 50086d 94988->94993 95049 50014d 72 API calls 4 library calls 94988->95049 94989 5007c8 94989->94965 94992 500866 94992->94993 94994 50087e 94992->94994 95050 4f86ae 94993->95050 94994->94971 94996 5008fc CloseHandle 94994->94996 95065 50039a CreateFileW 94996->95065 94998 500927 94999 500931 GetLastError 94998->94999 95000 50095d 94998->95000 95066 4ef2a3 20 API calls 2 library calls 94999->95066 95000->94971 95002 50093d 95067 4f5333 21 API calls 3 library calls 95002->95067 95004->94950 95005->94956 95006->94956 95008 500450 95007->95008 95009 50046a 95007->95009 95008->95009 95075 4ef2d9 20 API calls _free 95008->95075 95068 5003bf 95009->95068 95012 50045f 95076 4f27ec 26 API calls _strftime 95012->95076 95014 5004a2 95015 5004d1 95014->95015 95077 4ef2d9 20 API calls _free 95014->95077 95022 500524 95015->95022 95079 4ed70d 26 API calls 2 library calls 95015->95079 95018 50051f 95020 50059e 95018->95020 95018->95022 95019 5004c6 95078 4f27ec 26 API calls _strftime 95019->95078 95080 4f27fc 11 API calls _abort 95020->95080 95022->94960 95022->94961 95024 5005aa 95026 4f522d ___DestructExceptionObject 95025->95026 95083 4f2f5e EnterCriticalSection 95026->95083 95028 4f527b 95084 4f532a 95028->95084 95029 4f5234 95029->95028 95030 4f5259 95029->95030 95035 4f52c7 EnterCriticalSection 95029->95035 95087 4f5000 21 API calls 2 library calls 95030->95087 95033 4f52a4 __fread_nolock 95033->94964 95034 4f525e 95034->95028 95088 4f5147 EnterCriticalSection 95034->95088 95035->95028 95036 4f52d4 LeaveCriticalSection 95035->95036 95036->95029 95038->94978 95039->94965 95040->94971 95041->94972 95042->94965 95043->94984 95044->94965 95045->94982 95046->94989 95047->94986 95048->94988 95049->94992 95090 4f53c4 95050->95090 95052 4f86be 95053 4f86c4 95052->95053 95054 4f86f6 95052->95054 95056 4f53c4 __wsopen_s 26 API calls 95052->95056 95103 4f5333 21 API calls 3 library calls 95053->95103 95054->95053 95057 4f53c4 __wsopen_s 26 API calls 95054->95057 95059 4f86ed 95056->95059 95060 4f8702 FindCloseChangeNotification 95057->95060 95058 4f871c 95061 4f873e 95058->95061 95104 4ef2a3 20 API calls 2 library calls 95058->95104 95063 4f53c4 __wsopen_s 26 API calls 95059->95063 95060->95053 95064 4f870e GetLastError 95060->95064 95061->94971 95063->95054 95064->95053 95065->94998 95066->95002 95067->95000 95070 5003d7 95068->95070 95069 5003f2 95069->95014 95070->95069 95081 4ef2d9 20 API calls _free 95070->95081 95072 500416 95082 4f27ec 26 API calls _strftime 95072->95082 95074 500421 95074->95014 95075->95012 95076->95009 95077->95019 95078->95015 95079->95018 95080->95024 95081->95072 95082->95074 95083->95029 95089 4f2fa6 LeaveCriticalSection 95084->95089 95086 4f5331 95086->95033 95087->95034 95088->95028 95089->95086 95091 4f53e6 95090->95091 95092 4f53d1 95090->95092 95096 4f540b 95091->95096 95107 4ef2c6 20 API calls _free 95091->95107 95105 4ef2c6 20 API calls _free 95092->95105 95095 4f53d6 95106 4ef2d9 20 API calls _free 95095->95106 95096->95052 95097 4f5416 95108 4ef2d9 20 API calls _free 95097->95108 95100 4f53de 95100->95052 95101 4f541e 95109 4f27ec 26 API calls _strftime 95101->95109 95103->95058 95104->95061 95105->95095 95106->95100 95107->95097 95108->95101 95109->95100 95110 4c2de3 95111 4c2df0 __wsopen_s 95110->95111 95112 4c2e09 95111->95112 95113 502c2b ___scrt_fastfail 95111->95113 95126 4c3aa2 95112->95126 95115 502c47 GetOpenFileNameW 95113->95115 95117 502c96 95115->95117 95119 4c6b57 22 API calls 95117->95119 95121 502cab 95119->95121 95121->95121 95123 4c2e27 95154 4c44a8 95123->95154 95183 501f50 95126->95183 95129 4c3ace 95132 4c6b57 22 API calls 95129->95132 95130 4c3ae9 95189 4ca6c3 95130->95189 95133 4c3ada 95132->95133 95185 4c37a0 95133->95185 95136 4c2da5 95137 501f50 __wsopen_s 95136->95137 95138 4c2db2 GetLongPathNameW 95137->95138 95139 4c6b57 22 API calls 95138->95139 95140 4c2dda 95139->95140 95141 4c3598 95140->95141 95142 4ca961 22 API calls 95141->95142 95143 4c35aa 95142->95143 95144 4c3aa2 23 API calls 95143->95144 95145 4c35b5 95144->95145 95146 4c35c0 95145->95146 95150 5032eb 95145->95150 95195 4c515f 95146->95195 95151 50330d 95150->95151 95207 4dce60 41 API calls 95150->95207 95153 4c35df 95153->95123 95208 4c4ecb 95154->95208 95157 503833 95230 532cf9 95157->95230 95159 4c4ecb 94 API calls 95161 4c44e1 95159->95161 95160 503848 95162 503869 95160->95162 95163 50384c 95160->95163 95161->95157 95164 4c44e9 95161->95164 95166 4dfe0b 22 API calls 95162->95166 95257 4c4f39 95163->95257 95167 503854 95164->95167 95168 4c44f5 95164->95168 95182 5038ae 95166->95182 95263 52da5a 82 API calls 95167->95263 95256 4c940c 136 API calls 2 library calls 95168->95256 95171 4c2e31 95172 503862 95172->95162 95173 4c4f39 68 API calls 95176 503a5f 95173->95176 95176->95173 95269 52989b 82 API calls __wsopen_s 95176->95269 95179 4c9cb3 22 API calls 95179->95182 95182->95176 95182->95179 95264 52967e 22 API calls __fread_nolock 95182->95264 95265 5295ad 42 API calls _wcslen 95182->95265 95266 530b5a 22 API calls 95182->95266 95267 4ca4a1 22 API calls __fread_nolock 95182->95267 95268 4c3ff7 22 API calls 95182->95268 95184 4c3aaf GetFullPathNameW 95183->95184 95184->95129 95184->95130 95186 4c37ae 95185->95186 95187 4c93b2 22 API calls 95186->95187 95188 4c2e12 95187->95188 95188->95136 95190 4ca6dd 95189->95190 95194 4ca6d0 95189->95194 95191 4dfddb 22 API calls 95190->95191 95192 4ca6e7 95191->95192 95193 4dfe0b 22 API calls 95192->95193 95193->95194 95194->95133 95196 4c516e 95195->95196 95200 4c518f __fread_nolock 95195->95200 95199 4dfe0b 22 API calls 95196->95199 95197 4dfddb 22 API calls 95198 4c35cc 95197->95198 95201 4c35f3 95198->95201 95199->95200 95200->95197 95202 4c3605 95201->95202 95206 4c3624 __fread_nolock 95201->95206 95205 4dfe0b 22 API calls 95202->95205 95203 4dfddb 22 API calls 95204 4c363b 95203->95204 95204->95153 95205->95206 95206->95203 95207->95150 95270 4c4e90 LoadLibraryA 95208->95270 95213 4c4ef6 LoadLibraryExW 95278 4c4e59 LoadLibraryA 95213->95278 95214 503ccf 95215 4c4f39 68 API calls 95214->95215 95217 503cd6 95215->95217 95219 4c4e59 3 API calls 95217->95219 95222 503cde 95219->95222 95221 4c4f20 95221->95222 95223 4c4f2c 95221->95223 95300 4c50f5 40 API calls __fread_nolock 95222->95300 95224 4c4f39 68 API calls 95223->95224 95226 4c44cd 95224->95226 95226->95157 95226->95159 95227 503cf5 95301 5328fe 27 API calls 95227->95301 95229 503d05 95231 532d15 95230->95231 95377 4c511f 64 API calls 95231->95377 95233 532d29 95378 532e66 75 API calls 95233->95378 95235 532d3b 95253 532d3f 95235->95253 95379 4c50f5 40 API calls __fread_nolock 95235->95379 95237 532d56 95380 4c50f5 40 API calls __fread_nolock 95237->95380 95239 532d66 95381 4c50f5 40 API calls __fread_nolock 95239->95381 95241 532d81 95382 4c50f5 40 API calls __fread_nolock 95241->95382 95243 532d9c 95383 4c511f 64 API calls 95243->95383 95245 532db3 95246 4eea0c ___std_exception_copy 21 API calls 95245->95246 95247 532dba 95246->95247 95248 4eea0c ___std_exception_copy 21 API calls 95247->95248 95249 532dc4 95248->95249 95384 4c50f5 40 API calls __fread_nolock 95249->95384 95251 532dd8 95385 5328fe 27 API calls 95251->95385 95253->95160 95254 532dee 95254->95253 95386 5322ce 95254->95386 95256->95171 95258 4c4f43 95257->95258 95260 4c4f4a 95257->95260 95259 4ee678 67 API calls 95258->95259 95259->95260 95261 4c4f59 95260->95261 95262 4c4f6a FreeLibrary 95260->95262 95261->95167 95262->95261 95263->95172 95264->95182 95265->95182 95266->95182 95267->95182 95268->95182 95269->95176 95271 4c4ea8 GetProcAddress 95270->95271 95272 4c4ec6 95270->95272 95273 4c4eb8 95271->95273 95275 4ee5eb 95272->95275 95273->95272 95274 4c4ebf FreeLibrary 95273->95274 95274->95272 95302 4ee52a 95275->95302 95277 4c4eea 95277->95213 95277->95214 95279 4c4e8d 95278->95279 95280 4c4e6e GetProcAddress 95278->95280 95283 4c4f80 95279->95283 95281 4c4e7e 95280->95281 95281->95279 95282 4c4e86 FreeLibrary 95281->95282 95282->95279 95284 4dfe0b 22 API calls 95283->95284 95285 4c4f95 95284->95285 95363 4c5722 95285->95363 95287 4c4fa1 __fread_nolock 95288 4c50a5 95287->95288 95289 503d1d 95287->95289 95299 4c4fdc 95287->95299 95366 4c42a2 CreateStreamOnHGlobal 95288->95366 95374 53304d 74 API calls 95289->95374 95292 503d22 95375 4c511f 64 API calls 95292->95375 95295 503d45 95376 4c50f5 40 API calls __fread_nolock 95295->95376 95298 4c506e ISource 95298->95221 95299->95292 95299->95298 95372 4c50f5 40 API calls __fread_nolock 95299->95372 95373 4c511f 64 API calls 95299->95373 95300->95227 95301->95229 95305 4ee536 ___DestructExceptionObject 95302->95305 95303 4ee544 95327 4ef2d9 20 API calls _free 95303->95327 95305->95303 95307 4ee574 95305->95307 95306 4ee549 95328 4f27ec 26 API calls _strftime 95306->95328 95309 4ee579 95307->95309 95310 4ee586 95307->95310 95329 4ef2d9 20 API calls _free 95309->95329 95319 4f8061 95310->95319 95313 4ee554 __fread_nolock 95313->95277 95314 4ee58f 95315 4ee595 95314->95315 95316 4ee5a2 95314->95316 95330 4ef2d9 20 API calls _free 95315->95330 95331 4ee5d4 LeaveCriticalSection __fread_nolock 95316->95331 95320 4f806d ___DestructExceptionObject 95319->95320 95332 4f2f5e EnterCriticalSection 95320->95332 95322 4f807b 95333 4f80fb 95322->95333 95326 4f80ac __fread_nolock 95326->95314 95327->95306 95328->95313 95329->95313 95330->95313 95331->95313 95332->95322 95341 4f811e 95333->95341 95334 4f8088 95347 4f80b7 95334->95347 95335 4f8177 95352 4f4c7d 20 API calls _free 95335->95352 95338 4f8180 95353 4f29c8 95338->95353 95340 4f8189 95340->95334 95359 4f3405 11 API calls 2 library calls 95340->95359 95341->95334 95341->95335 95341->95341 95350 4e918d EnterCriticalSection 95341->95350 95351 4e91a1 LeaveCriticalSection 95341->95351 95343 4f81a8 95360 4e918d EnterCriticalSection 95343->95360 95346 4f81bb 95346->95334 95362 4f2fa6 LeaveCriticalSection 95347->95362 95349 4f80be 95349->95326 95350->95341 95351->95341 95352->95338 95354 4f29d3 RtlFreeHeap 95353->95354 95358 4f29fc _free 95353->95358 95355 4f29e8 95354->95355 95354->95358 95361 4ef2d9 20 API calls _free 95355->95361 95357 4f29ee GetLastError 95357->95358 95358->95340 95359->95343 95360->95346 95361->95357 95362->95349 95364 4dfddb 22 API calls 95363->95364 95365 4c5734 95364->95365 95365->95287 95367 4c42bc FindResourceExW 95366->95367 95371 4c42d9 95366->95371 95368 5035ba LoadResource 95367->95368 95367->95371 95369 5035cf SizeofResource 95368->95369 95368->95371 95370 5035e3 LockResource 95369->95370 95369->95371 95370->95371 95371->95299 95372->95299 95373->95299 95374->95292 95375->95295 95376->95298 95377->95233 95378->95235 95379->95237 95380->95239 95381->95241 95382->95243 95383->95245 95384->95251 95385->95254 95387 5322d9 95386->95387 95388 5322e7 95386->95388 95389 4ee5eb 29 API calls 95387->95389 95390 53232c 95388->95390 95391 4ee5eb 29 API calls 95388->95391 95410 5322f0 95388->95410 95389->95388 95415 532557 40 API calls __fread_nolock 95390->95415 95393 532311 95391->95393 95393->95390 95395 53231a 95393->95395 95394 532370 95396 532395 95394->95396 95397 532374 95394->95397 95395->95410 95423 4ee678 95395->95423 95416 532171 95396->95416 95399 532381 95397->95399 95402 4ee678 67 API calls 95397->95402 95405 4ee678 67 API calls 95399->95405 95399->95410 95401 53239d 95403 5323c3 95401->95403 95404 5323a3 95401->95404 95402->95399 95436 5323f3 74 API calls 95403->95436 95406 5323b0 95404->95406 95408 4ee678 67 API calls 95404->95408 95405->95410 95409 4ee678 67 API calls 95406->95409 95406->95410 95408->95406 95409->95410 95410->95253 95411 5323ca 95412 5323de 95411->95412 95413 4ee678 67 API calls 95411->95413 95412->95410 95414 4ee678 67 API calls 95412->95414 95413->95412 95414->95410 95415->95394 95417 4eea0c ___std_exception_copy 21 API calls 95416->95417 95418 53217f 95417->95418 95419 4eea0c ___std_exception_copy 21 API calls 95418->95419 95420 532190 95419->95420 95421 4eea0c ___std_exception_copy 21 API calls 95420->95421 95422 53219c 95421->95422 95422->95401 95424 4ee684 ___DestructExceptionObject 95423->95424 95425 4ee6aa 95424->95425 95426 4ee695 95424->95426 95435 4ee6a5 __fread_nolock 95425->95435 95437 4e918d EnterCriticalSection 95425->95437 95454 4ef2d9 20 API calls _free 95426->95454 95428 4ee69a 95455 4f27ec 26 API calls _strftime 95428->95455 95431 4ee6c6 95438 4ee602 95431->95438 95433 4ee6d1 95456 4ee6ee LeaveCriticalSection __fread_nolock 95433->95456 95435->95410 95436->95411 95437->95431 95439 4ee60f 95438->95439 95440 4ee624 95438->95440 95489 4ef2d9 20 API calls _free 95439->95489 95446 4ee61f 95440->95446 95457 4edc0b 95440->95457 95443 4ee614 95490 4f27ec 26 API calls _strftime 95443->95490 95446->95433 95450 4ee646 95474 4f862f 95450->95474 95453 4f29c8 _free 20 API calls 95453->95446 95454->95428 95455->95435 95456->95435 95458 4edc1f 95457->95458 95459 4edc23 95457->95459 95463 4f4d7a 95458->95463 95459->95458 95460 4ed955 __fread_nolock 26 API calls 95459->95460 95461 4edc43 95460->95461 95491 4f59be 62 API calls 6 library calls 95461->95491 95464 4ee640 95463->95464 95465 4f4d90 95463->95465 95467 4ed955 95464->95467 95465->95464 95466 4f29c8 _free 20 API calls 95465->95466 95466->95464 95468 4ed976 95467->95468 95469 4ed961 95467->95469 95468->95450 95492 4ef2d9 20 API calls _free 95469->95492 95471 4ed966 95493 4f27ec 26 API calls _strftime 95471->95493 95473 4ed971 95473->95450 95475 4f863e 95474->95475 95478 4f8653 95474->95478 95497 4ef2c6 20 API calls _free 95475->95497 95477 4f868e 95499 4ef2c6 20 API calls _free 95477->95499 95478->95477 95482 4f867a 95478->95482 95479 4f8643 95498 4ef2d9 20 API calls _free 95479->95498 95494 4f8607 95482->95494 95483 4f8693 95500 4ef2d9 20 API calls _free 95483->95500 95486 4ee64c 95486->95446 95486->95453 95487 4f869b 95501 4f27ec 26 API calls _strftime 95487->95501 95489->95443 95490->95446 95491->95458 95492->95471 95493->95473 95502 4f8585 95494->95502 95496 4f862b 95496->95486 95497->95479 95498->95486 95499->95483 95500->95487 95501->95486 95503 4f8591 ___DestructExceptionObject 95502->95503 95513 4f5147 EnterCriticalSection 95503->95513 95505 4f859f 95506 4f85c6 95505->95506 95507 4f85d1 95505->95507 95509 4f86ae __wsopen_s 29 API calls 95506->95509 95514 4ef2d9 20 API calls _free 95507->95514 95510 4f85cc 95509->95510 95515 4f85fb LeaveCriticalSection __wsopen_s 95510->95515 95512 4f85ee __fread_nolock 95512->95496 95513->95505 95514->95510 95515->95512 95516 512a00 95530 4cd7b0 ISource 95516->95530 95517 4cdb11 PeekMessageW 95517->95530 95518 4cd807 GetInputState 95518->95517 95518->95530 95520 511cbe TranslateAcceleratorW 95520->95530 95521 4cda04 timeGetTime 95521->95530 95522 4cdb8f PeekMessageW 95522->95530 95523 4cdb73 TranslateMessage DispatchMessageW 95523->95522 95524 4cdbaf Sleep 95541 4cdbc0 95524->95541 95525 512b74 Sleep 95525->95541 95526 511dda timeGetTime 95611 4de300 23 API calls 95526->95611 95527 4de551 timeGetTime 95527->95541 95530->95517 95530->95518 95530->95520 95530->95521 95530->95522 95530->95523 95530->95524 95530->95525 95530->95526 95533 4cd9d5 95530->95533 95544 4cec40 185 API calls 95530->95544 95546 4cbf40 185 API calls 95530->95546 95548 4cdd50 95530->95548 95555 4d1310 95530->95555 95609 4cdfd0 185 API calls 3 library calls 95530->95609 95610 4dedf6 IsDialogMessageW GetClassLongW 95530->95610 95612 533a2a 23 API calls 95530->95612 95613 53359c 82 API calls __wsopen_s 95530->95613 95531 512c0b GetExitCodeProcess 95535 512c21 WaitForSingleObject 95531->95535 95536 512c37 CloseHandle 95531->95536 95532 5529bf GetForegroundWindow 95532->95541 95535->95530 95535->95536 95536->95541 95537 512a31 95537->95533 95538 512ca9 Sleep 95538->95530 95541->95527 95541->95530 95541->95531 95541->95532 95541->95533 95541->95537 95541->95538 95614 545658 23 API calls 95541->95614 95615 52e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95541->95615 95616 52d4dc CreateToolhelp32Snapshot Process32FirstW 95541->95616 95544->95530 95546->95530 95549 4cdd6f 95548->95549 95550 4cdd83 95548->95550 95626 4cd260 95549->95626 95658 53359c 82 API calls __wsopen_s 95550->95658 95552 4cdd7a 95552->95530 95554 512f75 95554->95554 95556 4d1376 95555->95556 95557 4d17b0 95555->95557 95558 516331 95556->95558 95559 4d1390 95556->95559 95680 4e0242 5 API calls __Init_thread_wait 95557->95680 95691 54709c 185 API calls 95558->95691 95561 4d1940 9 API calls 95559->95561 95564 4d13a0 95561->95564 95563 4d17ba 95566 4d17fb 95563->95566 95681 4c9cb3 95563->95681 95568 4d1940 9 API calls 95564->95568 95565 51633d 95565->95530 95570 516346 95566->95570 95572 4d182c 95566->95572 95569 4d13b6 95568->95569 95569->95566 95571 4d13ec 95569->95571 95692 53359c 82 API calls __wsopen_s 95570->95692 95571->95570 95577 4d1408 __fread_nolock 95571->95577 95688 4caceb 23 API calls ISource 95572->95688 95575 4d17d4 95687 4e01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95575->95687 95576 4d1839 95689 4dd217 185 API calls 95576->95689 95577->95576 95580 51636e 95577->95580 95588 4dfddb 22 API calls 95577->95588 95589 4dfe0b 22 API calls 95577->95589 95594 4cec40 185 API calls 95577->95594 95595 4d152f 95577->95595 95596 5163b2 95577->95596 95599 516369 95577->95599 95693 53359c 82 API calls __wsopen_s 95580->95693 95582 5163d1 95695 545745 54 API calls _wcslen 95582->95695 95583 4d153c 95586 4d1940 9 API calls 95583->95586 95584 4d1872 95690 4dfaeb 23 API calls 95584->95690 95587 4d1549 95586->95587 95590 5164fa 95587->95590 95592 4d1940 9 API calls 95587->95592 95588->95577 95589->95577 95590->95599 95697 53359c 82 API calls __wsopen_s 95590->95697 95597 4d1563 95592->95597 95594->95577 95595->95582 95595->95583 95694 53359c 82 API calls __wsopen_s 95596->95694 95597->95590 95602 4d15c7 ISource 95597->95602 95696 4ca8c7 22 API calls __fread_nolock 95597->95696 95599->95530 95601 4d1940 9 API calls 95601->95602 95602->95584 95602->95590 95602->95599 95602->95601 95604 4d167b ISource 95602->95604 95666 54a2ea 95602->95666 95671 535c5a 95602->95671 95676 54ac5b 95602->95676 95603 4d171d 95603->95530 95604->95603 95679 4dce17 22 API calls ISource 95604->95679 95609->95530 95610->95530 95611->95530 95612->95530 95613->95530 95614->95541 95615->95541 95762 52def7 95616->95762 95618 52d5db FindCloseChangeNotification 95618->95541 95619 52d529 Process32NextW 95619->95618 95625 52d522 95619->95625 95620 4ca961 22 API calls 95620->95625 95621 4c9cb3 22 API calls 95621->95625 95625->95618 95625->95619 95625->95620 95625->95621 95768 4c525f 22 API calls 95625->95768 95769 4c6350 22 API calls 95625->95769 95770 4dce60 41 API calls 95625->95770 95627 4cec40 185 API calls 95626->95627 95630 4cd29d 95627->95630 95628 511bc4 95665 53359c 82 API calls __wsopen_s 95628->95665 95630->95628 95631 4cd30b ISource 95630->95631 95632 4cd6d5 95630->95632 95633 4cd3c3 95630->95633 95639 4cd4b8 95630->95639 95640 4dfddb 22 API calls 95630->95640 95653 4cd429 ISource __fread_nolock 95630->95653 95631->95552 95632->95631 95641 4dfe0b 22 API calls 95632->95641 95633->95632 95635 4cd3ce 95633->95635 95634 4cd5ff 95637 511bb5 95634->95637 95638 4cd614 95634->95638 95636 4dfddb 22 API calls 95635->95636 95646 4cd3d5 __fread_nolock 95636->95646 95664 545705 23 API calls 95637->95664 95643 4dfddb 22 API calls 95638->95643 95644 4dfe0b 22 API calls 95639->95644 95640->95630 95641->95646 95651 4cd46a 95643->95651 95644->95653 95645 4dfddb 22 API calls 95647 4cd3f6 95645->95647 95646->95645 95646->95647 95647->95653 95659 4cbec0 185 API calls 95647->95659 95649 511ba4 95663 53359c 82 API calls __wsopen_s 95649->95663 95651->95552 95653->95634 95653->95649 95653->95651 95654 511b7f 95653->95654 95656 511b5d 95653->95656 95660 4c1f6f 185 API calls 95653->95660 95662 53359c 82 API calls __wsopen_s 95654->95662 95661 53359c 82 API calls __wsopen_s 95656->95661 95658->95554 95659->95653 95660->95653 95661->95651 95662->95651 95663->95651 95664->95628 95665->95631 95698 4c7510 95666->95698 95669 52d4dc 47 API calls 95670 54a315 95669->95670 95670->95602 95672 4c7510 53 API calls 95671->95672 95673 535c6d 95672->95673 95725 52dbbe lstrlenW 95673->95725 95675 535c77 95675->95602 95730 54ad64 95676->95730 95678 54ac6f 95678->95602 95679->95604 95680->95563 95682 4c9cc2 _wcslen 95681->95682 95683 4dfe0b 22 API calls 95682->95683 95684 4c9cea __fread_nolock 95683->95684 95685 4dfddb 22 API calls 95684->95685 95686 4c9d00 95685->95686 95686->95575 95687->95566 95688->95576 95689->95584 95690->95584 95691->95565 95692->95599 95693->95599 95694->95599 95695->95597 95696->95602 95697->95599 95699 4c7525 95698->95699 95716 4c7522 95698->95716 95700 4c752d 95699->95700 95701 4c755b 95699->95701 95721 4e51c6 26 API calls 95700->95721 95703 5050f6 95701->95703 95706 4c756d 95701->95706 95707 50500f 95701->95707 95724 4e5183 26 API calls 95703->95724 95704 4c753d 95712 4dfddb 22 API calls 95704->95712 95722 4dfb21 51 API calls 95706->95722 95710 505088 95707->95710 95715 4dfe0b 22 API calls 95707->95715 95708 50510e 95708->95708 95723 4dfb21 51 API calls 95710->95723 95713 4c7547 95712->95713 95714 4c9cb3 22 API calls 95713->95714 95714->95716 95717 505058 95715->95717 95716->95669 95718 4dfddb 22 API calls 95717->95718 95719 50507f 95718->95719 95720 4c9cb3 22 API calls 95719->95720 95720->95710 95721->95704 95722->95704 95723->95703 95724->95708 95726 52dc06 95725->95726 95727 52dbdc GetFileAttributesW 95725->95727 95726->95675 95727->95726 95728 52dbe8 FindFirstFileW 95727->95728 95728->95726 95729 52dbf9 FindClose 95728->95729 95729->95726 95731 4ca961 22 API calls 95730->95731 95732 54ad77 ___scrt_fastfail 95731->95732 95733 4c7510 53 API calls 95732->95733 95747 54adce 95732->95747 95734 54adab 95733->95734 95739 4c7510 53 API calls 95734->95739 95734->95747 95735 4c7510 53 API calls 95738 54ade4 95735->95738 95736 4c7510 53 API calls 95749 54ae04 95736->95749 95737 54ae3a 95740 54ae4d ___scrt_fastfail 95737->95740 95761 4cb567 39 API calls 95737->95761 95759 4c7620 22 API calls _wcslen 95738->95759 95742 54adc4 95739->95742 95746 4c7510 53 API calls 95740->95746 95758 4c7620 22 API calls _wcslen 95742->95758 95744 54adee 95744->95736 95744->95737 95748 54ae85 ShellExecuteExW 95746->95748 95747->95735 95747->95744 95752 54aeb0 95748->95752 95749->95737 95750 4c7510 53 API calls 95749->95750 95751 54ae28 95750->95751 95751->95737 95760 4ca8c7 22 API calls __fread_nolock 95751->95760 95754 54aec8 95752->95754 95755 54af35 GetProcessId 95752->95755 95754->95678 95756 54af48 95755->95756 95757 54af58 CloseHandle 95756->95757 95757->95754 95758->95747 95759->95744 95760->95737 95761->95740 95766 52df02 95762->95766 95763 52df19 95772 4e62fb 39 API calls _strftime 95763->95772 95766->95763 95767 52df1f 95766->95767 95771 4e63b2 GetStringTypeW _strftime 95766->95771 95767->95625 95768->95625 95769->95625 95770->95625 95771->95766 95772->95767 95773 502402 95776 4c1410 95773->95776 95777 4c144f mciSendStringW 95776->95777 95778 5024b8 DestroyWindow 95776->95778 95779 4c146b 95777->95779 95780 4c16c6 95777->95780 95790 5024c4 95778->95790 95781 4c1479 95779->95781 95779->95790 95780->95779 95782 4c16d5 UnregisterHotKey 95780->95782 95809 4c182e 95781->95809 95782->95780 95784 5024e2 FindClose 95784->95790 95785 5024d8 95785->95790 95815 4c6246 CloseHandle 95785->95815 95787 502509 95791 50252d 95787->95791 95792 50251c FreeLibrary 95787->95792 95789 4c148e 95789->95791 95799 4c149c 95789->95799 95790->95784 95790->95785 95790->95787 95793 502541 VirtualFree 95791->95793 95800 4c1509 95791->95800 95792->95787 95793->95791 95794 4c14f8 OleUninitialize 95794->95800 95795 4c1514 95797 4c1524 95795->95797 95796 502589 95802 502598 ISource 95796->95802 95816 5332eb 6 API calls ISource 95796->95816 95813 4c1944 VirtualFreeEx CloseHandle 95797->95813 95799->95794 95800->95795 95800->95796 95805 502627 95802->95805 95817 5264d4 22 API calls ISource 95802->95817 95804 4c153a 95804->95802 95806 4c161f 95804->95806 95805->95805 95806->95805 95814 4c1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95806->95814 95808 4c16c1 95810 4c183b 95809->95810 95811 4c1480 95810->95811 95818 52702a 22 API calls 95810->95818 95811->95787 95811->95789 95813->95804 95814->95808 95815->95785 95816->95796 95817->95802 95818->95810 95819 4cf7bf 95820 4cfcb6 95819->95820 95821 4cf7d3 95819->95821 95856 4caceb 23 API calls ISource 95820->95856 95823 4cfcc2 95821->95823 95824 4dfddb 22 API calls 95821->95824 95857 4caceb 23 API calls ISource 95823->95857 95826 4cf7e5 95824->95826 95826->95823 95827 4cf83e 95826->95827 95828 4cfd3d 95826->95828 95830 4d1310 185 API calls 95827->95830 95841 4ced9d ISource 95827->95841 95858 531155 22 API calls 95828->95858 95835 4cec76 ISource 95830->95835 95831 514beb 95864 53359c 82 API calls __wsopen_s 95831->95864 95833 4cfef7 95833->95841 95860 4ca8c7 22 API calls __fread_nolock 95833->95860 95834 4dfddb 22 API calls 95834->95835 95835->95831 95835->95833 95835->95834 95836 4cf3ae ISource 95835->95836 95838 514600 95835->95838 95839 514b0b 95835->95839 95840 4ca8c7 22 API calls 95835->95840 95835->95841 95847 4e0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95835->95847 95848 4ca961 22 API calls 95835->95848 95849 4cfbe3 95835->95849 95852 4e00a3 29 API calls pre_c_initialization 95835->95852 95853 4e01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95835->95853 95854 4d01e0 185 API calls 2 library calls 95835->95854 95855 4d06a0 41 API calls ISource 95835->95855 95836->95841 95861 53359c 82 API calls __wsopen_s 95836->95861 95838->95841 95859 4ca8c7 22 API calls __fread_nolock 95838->95859 95862 53359c 82 API calls __wsopen_s 95839->95862 95840->95835 95847->95835 95848->95835 95849->95836 95849->95841 95850 514bdc 95849->95850 95863 53359c 82 API calls __wsopen_s 95850->95863 95852->95835 95853->95835 95854->95835 95855->95835 95856->95823 95857->95828 95858->95841 95859->95841 95860->95841 95861->95841 95862->95841 95863->95831 95864->95841 95865 4c1098 95870 4c42de 95865->95870 95869 4c10a7 95871 4ca961 22 API calls 95870->95871 95872 4c42f5 GetVersionExW 95871->95872 95873 4c6b57 22 API calls 95872->95873 95874 4c4342 95873->95874 95875 4c93b2 22 API calls 95874->95875 95887 4c4378 95874->95887 95876 4c436c 95875->95876 95878 4c37a0 22 API calls 95876->95878 95877 4c441b GetCurrentProcess IsWow64Process 95879 4c4437 95877->95879 95878->95887 95880 4c444f LoadLibraryA 95879->95880 95881 503824 GetSystemInfo 95879->95881 95882 4c449c GetSystemInfo 95880->95882 95883 4c4460 GetProcAddress 95880->95883 95886 4c4476 95882->95886 95883->95882 95885 4c4470 GetNativeSystemInfo 95883->95885 95884 5037df 95885->95886 95888 4c447a FreeLibrary 95886->95888 95889 4c109d 95886->95889 95887->95877 95887->95884 95888->95889 95890 4e00a3 29 API calls __onexit 95889->95890 95890->95869 95891 4e03fb 95892 4e0407 ___DestructExceptionObject 95891->95892 95920 4dfeb1 95892->95920 95894 4e040e 95895 4e0561 95894->95895 95898 4e0438 95894->95898 95950 4e083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95895->95950 95897 4e0568 95943 4e4e52 95897->95943 95907 4e0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95898->95907 95931 4f247d 95898->95931 95905 4e0457 95910 4e04d8 95907->95910 95946 4e4e1a 38 API calls 3 library calls 95907->95946 95939 4e0959 95910->95939 95911 4e04de 95912 4e04f3 95911->95912 95947 4e0992 GetModuleHandleW 95912->95947 95914 4e04fa 95914->95897 95915 4e04fe 95914->95915 95916 4e0507 95915->95916 95948 4e4df5 28 API calls _abort 95915->95948 95949 4e0040 13 API calls 2 library calls 95916->95949 95919 4e050f 95919->95905 95921 4dfeba 95920->95921 95952 4e0698 IsProcessorFeaturePresent 95921->95952 95923 4dfec6 95953 4e2c94 10 API calls 3 library calls 95923->95953 95925 4dfecb 95930 4dfecf 95925->95930 95954 4f2317 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95925->95954 95927 4dfed8 95928 4dfee6 95927->95928 95955 4e2cbd 8 API calls 3 library calls 95927->95955 95928->95894 95930->95894 95932 4f2494 95931->95932 95956 4e0a8c 95932->95956 95934 4e0451 95934->95905 95935 4f2421 95934->95935 95936 4f2450 95935->95936 95937 4e0a8c _ValidateLocalCookies 5 API calls 95936->95937 95938 4f2479 95937->95938 95938->95907 95964 4e2340 95939->95964 95942 4e097f 95942->95911 95966 4e4bcf 95943->95966 95946->95910 95947->95914 95948->95916 95949->95919 95950->95897 95952->95923 95953->95925 95954->95927 95955->95930 95957 4e0a97 IsProcessorFeaturePresent 95956->95957 95958 4e0a95 95956->95958 95960 4e0c5d 95957->95960 95958->95934 95963 4e0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95960->95963 95962 4e0d40 95962->95934 95963->95962 95965 4e096c GetStartupInfoW 95964->95965 95965->95942 95967 4e4bdb pair 95966->95967 95968 4e4bf4 95967->95968 95969 4e4be2 95967->95969 95990 4f2f5e EnterCriticalSection 95968->95990 96005 4e4d29 GetModuleHandleW 95969->96005 95972 4e4be7 95972->95968 96006 4e4d6d GetModuleHandleExW 95972->96006 95973 4e4c99 95994 4e4cd9 95973->95994 95977 4e4c70 95981 4e4c88 95977->95981 95985 4f2421 _abort 5 API calls 95977->95985 95979 4e4cb6 95997 4e4ce8 95979->95997 95980 4e4ce2 96014 501d29 5 API calls _ValidateLocalCookies 95980->96014 95986 4f2421 _abort 5 API calls 95981->95986 95985->95981 95986->95973 95987 4e4bfb 95987->95973 95987->95977 95991 4f21a8 95987->95991 95990->95987 96015 4f1ee1 95991->96015 96034 4f2fa6 LeaveCriticalSection 95994->96034 95996 4e4cb2 95996->95979 95996->95980 96035 4f360c 95997->96035 96000 4e4d16 96003 4e4d6d _abort 8 API calls 96000->96003 96001 4e4cf6 GetPEB 96001->96000 96002 4e4d06 GetCurrentProcess TerminateProcess 96001->96002 96002->96000 96004 4e4d1e ExitProcess 96003->96004 96005->95972 96007 4e4dba 96006->96007 96008 4e4d97 GetProcAddress 96006->96008 96010 4e4dc9 96007->96010 96011 4e4dc0 FreeLibrary 96007->96011 96009 4e4dac 96008->96009 96009->96007 96012 4e0a8c _ValidateLocalCookies 5 API calls 96010->96012 96011->96010 96013 4e4bf3 96012->96013 96013->95968 96018 4f1e90 96015->96018 96017 4f1f05 96017->95977 96019 4f1e9c ___DestructExceptionObject 96018->96019 96026 4f2f5e EnterCriticalSection 96019->96026 96021 4f1eaa 96027 4f1f31 96021->96027 96025 4f1ec8 __fread_nolock 96025->96017 96026->96021 96030 4f1f51 96027->96030 96031 4f1f59 96027->96031 96028 4e0a8c _ValidateLocalCookies 5 API calls 96029 4f1eb7 96028->96029 96033 4f1ed5 LeaveCriticalSection _abort 96029->96033 96030->96028 96031->96030 96032 4f29c8 _free 20 API calls 96031->96032 96032->96030 96033->96025 96034->95996 96036 4f3627 96035->96036 96037 4f3631 96035->96037 96039 4e0a8c _ValidateLocalCookies 5 API calls 96036->96039 96042 4f2fd7 5 API calls 2 library calls 96037->96042 96040 4e4cf2 96039->96040 96040->96000 96040->96001 96041 4f3648 96041->96036 96042->96041 96043 502ba5 96044 4c2b25 96043->96044 96045 502baf 96043->96045 96071 4c2b83 7 API calls 96044->96071 96089 4c3a5a 96045->96089 96048 502bb8 96051 4c9cb3 22 API calls 96048->96051 96053 502bc6 96051->96053 96052 4c2b2f 96062 4c2b44 96052->96062 96075 4c3837 96052->96075 96054 502bf5 96053->96054 96055 502bce 96053->96055 96058 4c33c6 22 API calls 96054->96058 96096 4c33c6 96055->96096 96070 502bf1 GetForegroundWindow ShellExecuteW 96058->96070 96061 4c2b5f 96068 4c2b66 SetCurrentDirectoryW 96061->96068 96062->96061 96085 4c30f2 96062->96085 96064 502be7 96067 4c33c6 22 API calls 96064->96067 96066 502c26 96066->96061 96067->96070 96069 4c2b7a 96068->96069 96070->96066 96106 4c2cd4 7 API calls 96071->96106 96073 4c2b2a 96074 4c2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96073->96074 96074->96052 96076 4c3862 ___scrt_fastfail 96075->96076 96107 4c4212 96076->96107 96079 4c38e8 96081 503386 Shell_NotifyIconW 96079->96081 96082 4c3906 Shell_NotifyIconW 96079->96082 96111 4c3923 96082->96111 96084 4c391c 96084->96062 96086 4c3154 96085->96086 96087 4c3104 ___scrt_fastfail 96085->96087 96086->96061 96088 4c3123 Shell_NotifyIconW 96087->96088 96088->96086 96090 501f50 __wsopen_s 96089->96090 96091 4c3a67 GetModuleFileNameW 96090->96091 96092 4c9cb3 22 API calls 96091->96092 96093 4c3a8d 96092->96093 96094 4c3aa2 23 API calls 96093->96094 96095 4c3a97 96094->96095 96095->96048 96097 4c33dd 96096->96097 96098 5030bb 96096->96098 96142 4c33ee 96097->96142 96100 4dfddb 22 API calls 96098->96100 96102 5030c5 _wcslen 96100->96102 96101 4c33e8 96105 4c6350 22 API calls 96101->96105 96103 4dfe0b 22 API calls 96102->96103 96104 5030fe __fread_nolock 96103->96104 96105->96064 96106->96073 96108 5035a4 96107->96108 96109 4c38b7 96107->96109 96108->96109 96110 5035ad DestroyIcon 96108->96110 96109->96079 96133 52c874 42 API calls _strftime 96109->96133 96110->96109 96112 4c393f 96111->96112 96131 4c3a13 96111->96131 96134 4c6270 96112->96134 96115 503393 LoadStringW 96118 5033ad 96115->96118 96116 4c395a 96117 4c6b57 22 API calls 96116->96117 96119 4c396f 96117->96119 96126 4c3994 ___scrt_fastfail 96118->96126 96140 4ca8c7 22 API calls __fread_nolock 96118->96140 96120 4c397c 96119->96120 96121 5033c9 96119->96121 96120->96118 96123 4c3986 96120->96123 96141 4c6350 22 API calls 96121->96141 96139 4c6350 22 API calls 96123->96139 96129 4c39f9 Shell_NotifyIconW 96126->96129 96127 5033d7 96127->96126 96128 4c33c6 22 API calls 96127->96128 96130 5033f9 96128->96130 96129->96131 96132 4c33c6 22 API calls 96130->96132 96131->96084 96132->96126 96133->96079 96135 4dfe0b 22 API calls 96134->96135 96136 4c6295 96135->96136 96137 4dfddb 22 API calls 96136->96137 96138 4c394d 96137->96138 96138->96115 96138->96116 96139->96126 96140->96126 96141->96127 96143 4c33fe _wcslen 96142->96143 96144 50311d 96143->96144 96145 4c3411 96143->96145 96147 4dfddb 22 API calls 96144->96147 96152 4ca587 96145->96152 96149 503127 96147->96149 96148 4c341e __fread_nolock 96148->96101 96150 4dfe0b 22 API calls 96149->96150 96151 503157 __fread_nolock 96150->96151 96153 4ca59d 96152->96153 96156 4ca598 __fread_nolock 96152->96156 96154 50f80f 96153->96154 96155 4dfe0b 22 API calls 96153->96155 96155->96156 96156->96148 96157 4c105b 96162 4c344d 96157->96162 96159 4c106a 96193 4e00a3 29 API calls __onexit 96159->96193 96161 4c1074 96163 4c345d __wsopen_s 96162->96163 96164 4ca961 22 API calls 96163->96164 96165 4c3513 96164->96165 96166 4c3a5a 24 API calls 96165->96166 96167 4c351c 96166->96167 96194 4c3357 96167->96194 96170 4c33c6 22 API calls 96171 4c3535 96170->96171 96172 4c515f 22 API calls 96171->96172 96173 4c3544 96172->96173 96174 4ca961 22 API calls 96173->96174 96175 4c354d 96174->96175 96176 4ca6c3 22 API calls 96175->96176 96177 4c3556 RegOpenKeyExW 96176->96177 96178 503176 RegQueryValueExW 96177->96178 96183 4c3578 96177->96183 96179 503193 96178->96179 96180 50320c RegCloseKey 96178->96180 96181 4dfe0b 22 API calls 96179->96181 96180->96183 96192 50321e _wcslen 96180->96192 96182 5031ac 96181->96182 96184 4c5722 22 API calls 96182->96184 96183->96159 96185 5031b7 RegQueryValueExW 96184->96185 96187 5031d4 96185->96187 96189 5031ee ISource 96185->96189 96186 4c4c6d 22 API calls 96186->96192 96188 4c6b57 22 API calls 96187->96188 96188->96189 96189->96180 96190 4c9cb3 22 API calls 96190->96192 96191 4c515f 22 API calls 96191->96192 96192->96183 96192->96186 96192->96190 96192->96191 96193->96161 96195 501f50 __wsopen_s 96194->96195 96196 4c3364 GetFullPathNameW 96195->96196 96197 4c3386 96196->96197 96198 4c6b57 22 API calls 96197->96198 96199 4c33a4 96198->96199 96199->96170 96200 4c3156 96203 4c3170 96200->96203 96204 4c3187 96203->96204 96205 4c318c 96204->96205 96206 4c31eb 96204->96206 96242 4c31e9 96204->96242 96210 4c3199 96205->96210 96211 4c3265 PostQuitMessage 96205->96211 96208 502dfb 96206->96208 96209 4c31f1 96206->96209 96207 4c31d0 DefWindowProcW 96244 4c316a 96207->96244 96251 4c18e2 10 API calls 96208->96251 96212 4c321d SetTimer RegisterWindowMessageW 96209->96212 96213 4c31f8 96209->96213 96215 4c31a4 96210->96215 96216 502e7c 96210->96216 96211->96244 96220 4c3246 CreatePopupMenu 96212->96220 96212->96244 96217 502d9c 96213->96217 96218 4c3201 KillTimer 96213->96218 96221 4c31ae 96215->96221 96222 502e68 96215->96222 96255 52bf30 34 API calls ___scrt_fastfail 96216->96255 96224 502da1 96217->96224 96225 502dd7 MoveWindow 96217->96225 96226 4c30f2 Shell_NotifyIconW 96218->96226 96219 502e1c 96252 4de499 42 API calls 96219->96252 96220->96244 96229 4c31b9 96221->96229 96230 502e4d 96221->96230 96254 52c161 27 API calls ___scrt_fastfail 96222->96254 96231 502dc6 SetFocus 96224->96231 96232 502da7 96224->96232 96225->96244 96233 4c3214 96226->96233 96234 4c3253 96229->96234 96240 4c31c4 96229->96240 96230->96207 96253 520ad7 22 API calls 96230->96253 96231->96244 96236 502db0 96232->96236 96232->96240 96248 4c3c50 DeleteObject DestroyWindow 96233->96248 96249 4c326f 44 API calls ___scrt_fastfail 96234->96249 96235 502e8e 96235->96207 96235->96244 96250 4c18e2 10 API calls 96236->96250 96240->96207 96245 4c30f2 Shell_NotifyIconW 96240->96245 96242->96207 96243 4c3263 96243->96244 96246 502e41 96245->96246 96247 4c3837 49 API calls 96246->96247 96247->96242 96248->96244 96249->96243 96250->96244 96251->96219 96252->96240 96253->96242 96254->96243 96255->96235 96256 4c2e37 96257 4ca961 22 API calls 96256->96257 96258 4c2e4d 96257->96258 96335 4c4ae3 96258->96335 96260 4c2e6b 96261 4c3a5a 24 API calls 96260->96261 96262 4c2e7f 96261->96262 96263 4c9cb3 22 API calls 96262->96263 96264 4c2e8c 96263->96264 96265 4c4ecb 94 API calls 96264->96265 96266 4c2ea5 96265->96266 96267 502cb0 96266->96267 96268 4c2ead 96266->96268 96269 532cf9 80 API calls 96267->96269 96349 4ca8c7 22 API calls __fread_nolock 96268->96349 96270 502cc3 96269->96270 96272 502ccf 96270->96272 96274 4c4f39 68 API calls 96270->96274 96276 4c4f39 68 API calls 96272->96276 96273 4c2ec3 96350 4c6f88 22 API calls 96273->96350 96274->96272 96278 502ce5 96276->96278 96277 4c2ecf 96279 4c9cb3 22 API calls 96277->96279 96367 4c3084 22 API calls 96278->96367 96280 4c2edc 96279->96280 96351 4ca81b 41 API calls 96280->96351 96283 4c2eec 96285 4c9cb3 22 API calls 96283->96285 96284 502d02 96368 4c3084 22 API calls 96284->96368 96286 4c2f12 96285->96286 96352 4ca81b 41 API calls 96286->96352 96289 502d1e 96290 4c3a5a 24 API calls 96289->96290 96291 502d44 96290->96291 96369 4c3084 22 API calls 96291->96369 96292 4c2f21 96295 4ca961 22 API calls 96292->96295 96294 502d50 96370 4ca8c7 22 API calls __fread_nolock 96294->96370 96297 4c2f3f 96295->96297 96353 4c3084 22 API calls 96297->96353 96298 502d5e 96371 4c3084 22 API calls 96298->96371 96301 4c2f4b 96354 4e4a28 40 API calls 2 library calls 96301->96354 96302 502d6d 96372 4ca8c7 22 API calls __fread_nolock 96302->96372 96304 4c2f59 96304->96278 96305 4c2f63 96304->96305 96355 4e4a28 40 API calls 2 library calls 96305->96355 96308 502d83 96373 4c3084 22 API calls 96308->96373 96309 4c2f6e 96309->96284 96310 4c2f78 96309->96310 96356 4e4a28 40 API calls 2 library calls 96310->96356 96313 502d90 96314 4c2f83 96314->96289 96315 4c2f8d 96314->96315 96357 4e4a28 40 API calls 2 library calls 96315->96357 96317 4c2f98 96318 4c2fdc 96317->96318 96358 4c3084 22 API calls 96317->96358 96318->96302 96319 4c2fe8 96318->96319 96319->96313 96361 4c63eb 22 API calls 96319->96361 96322 4c2fbf 96359 4ca8c7 22 API calls __fread_nolock 96322->96359 96323 4c2ff8 96362 4c6a50 22 API calls 96323->96362 96326 4c2fcd 96360 4c3084 22 API calls 96326->96360 96327 4c3006 96363 4c70b0 23 API calls 96327->96363 96332 4c3021 96333 4c3065 96332->96333 96364 4c6f88 22 API calls 96332->96364 96365 4c70b0 23 API calls 96332->96365 96366 4c3084 22 API calls 96332->96366 96336 4c4af0 __wsopen_s 96335->96336 96337 4c6b57 22 API calls 96336->96337 96338 4c4b22 96336->96338 96337->96338 96344 4c4b58 96338->96344 96374 4c4c6d 96338->96374 96340 4c9cb3 22 API calls 96342 4c4c52 96340->96342 96341 4c9cb3 22 API calls 96341->96344 96343 4c515f 22 API calls 96342->96343 96346 4c4c5e 96343->96346 96344->96341 96345 4c515f 22 API calls 96344->96345 96347 4c4c29 96344->96347 96348 4c4c6d 22 API calls 96344->96348 96345->96344 96346->96260 96347->96340 96347->96346 96348->96344 96349->96273 96350->96277 96351->96283 96352->96292 96353->96301 96354->96304 96355->96309 96356->96314 96357->96317 96358->96322 96359->96326 96360->96318 96361->96323 96362->96327 96363->96332 96364->96332 96365->96332 96366->96332 96367->96284 96368->96289 96369->96294 96370->96298 96371->96302 96372->96308 96373->96313 96375 4caec9 22 API calls 96374->96375 96376 4c4c78 96375->96376 96376->96338 96377 4c1033 96382 4c4c91 96377->96382 96381 4c1042 96383 4ca961 22 API calls 96382->96383 96384 4c4cff 96383->96384 96391 4c3af0 96384->96391 96386 503cb6 96388 4c4d9c 96388->96386 96389 4c1038 96388->96389 96394 4c51f7 22 API calls __fread_nolock 96388->96394 96390 4e00a3 29 API calls __onexit 96389->96390 96390->96381 96395 4c3b1c 96391->96395 96394->96388 96396 4c3b29 96395->96396 96398 4c3b0f 96395->96398 96397 4c3b30 RegOpenKeyExW 96396->96397 96396->96398 96397->96398 96399 4c3b4a RegQueryValueExW 96397->96399 96398->96388 96400 4c3b6b 96399->96400 96401 4c3b80 RegCloseKey 96399->96401 96400->96401 96401->96398

                                                                              Executed Functions

                                                                              Function 004C42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 234 4c42de-4c434d call 4ca961 GetVersionExW call 4c6b57 239 503617-50362a 234->239 240 4c4353 234->240 242 50362b-50362f 239->242 241 4c4355-4c4357 240->241 243 4c435d-4c43bc call 4c93b2 call 4c37a0 241->243 244 503656 241->244 245 503631 242->245 246 503632-50363e 242->246 263 4c43c2-4c43c4 243->263 264 5037df-5037e6 243->264 250 50365d-503660 244->250 245->246 246->242 247 503640-503642 246->247 247->241 249 503648-50364f 247->249 249->239 252 503651 249->252 253 503666-5036a8 250->253 254 4c441b-4c4435 GetCurrentProcess IsWow64Process 250->254 252->244 253->254 258 5036ae-5036b1 253->258 256 4c4494-4c449a 254->256 257 4c4437 254->257 260 4c443d-4c4449 256->260 257->260 261 5036b3-5036bd 258->261 262 5036db-5036e5 258->262 265 4c444f-4c445e LoadLibraryA 260->265 266 503824-503828 GetSystemInfo 260->266 267 5036ca-5036d6 261->267 268 5036bf-5036c5 261->268 270 5036e7-5036f3 262->270 271 5036f8-503702 262->271 263->250 269 4c43ca-4c43dd 263->269 272 503806-503809 264->272 273 5037e8 264->273 276 4c449c-4c44a6 GetSystemInfo 265->276 277 4c4460-4c446e GetProcAddress 265->277 267->254 268->254 278 503726-50372f 269->278 279 4c43e3-4c43e5 269->279 270->254 281 503704-503710 271->281 282 503715-503721 271->282 274 5037f4-5037fc 272->274 275 50380b-50381a 272->275 280 5037ee 273->280 274->272 275->280 285 50381c-503822 275->285 287 4c4476-4c4478 276->287 277->276 286 4c4470-4c4474 GetNativeSystemInfo 277->286 283 503731-503737 278->283 284 50373c-503748 278->284 288 4c43eb-4c43ee 279->288 289 50374d-503762 279->289 280->274 281->254 282->254 283->254 284->254 285->274 286->287 292 4c447a-4c447b FreeLibrary 287->292 293 4c4481-4c4493 287->293 294 503791-503794 288->294 295 4c43f4-4c440f 288->295 290 503764-50376a 289->290 291 50376f-50377b 289->291 290->254 291->254 292->293 294->254 298 50379a-5037c1 294->298 296 503780-50378c 295->296 297 4c4415 295->297 296->254 297->254 299 5037c3-5037c9 298->299 300 5037ce-5037da 298->300 299->254 300->254
                                                                              APIs
                                                                              • GetVersionExW.KERNEL32(?), ref: 004C430D
                                                                                • Part of subcall function 004C6B57: _wcslen.LIBCMT ref: 004C6B6A
                                                                              • GetCurrentProcess.KERNEL32(?,0055CB64,00000000,?,?), ref: 004C4422
                                                                              • IsWow64Process.KERNEL32(00000000,?,?), ref: 004C4429
                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 004C4454
                                                                              • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 004C4466
                                                                              • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 004C4474
                                                                              • FreeLibrary.KERNEL32(00000000,?,?), ref: 004C447B
                                                                              • GetSystemInfo.KERNEL32(?,?,?), ref: 004C44A0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                              • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                              • API String ID: 3290436268-3101561225
                                                                              • Opcode ID: 90bd09d905c103b24d24bed07723dd0c25bb3431c0eab26d6d585d0858748800
                                                                              • Instruction ID: 3e1693f9014efcd417384e7de5f268a1306673b713f22c8d77d92df380da1a5e
                                                                              • Opcode Fuzzy Hash: 90bd09d905c103b24d24bed07723dd0c25bb3431c0eab26d6d585d0858748800
                                                                              • Instruction Fuzzy Hash: E1A1186990ABF2DFC715C7797D406A93FB87B72340B2A4C9FD44193A61D224060DEB2E
                                                                              Function 004C42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 638 4c42a2-4c42ba CreateStreamOnHGlobal 639 4c42bc-4c42d3 FindResourceExW 638->639 640 4c42da-4c42dd 638->640 641 4c42d9 639->641 642 5035ba-5035c9 LoadResource 639->642 641->640 642->641 643 5035cf-5035dd SizeofResource 642->643 643->641 644 5035e3-5035ee LockResource 643->644 644->641 645 5035f4-503612 644->645 645->641
                                                                              APIs
                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,004C50AA,?,?,00000000,00000000), ref: 004C42B2
                                                                              • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,004C50AA,?,?,00000000,00000000), ref: 004C42C9
                                                                              • LoadResource.KERNEL32(?,00000000,?,?,004C50AA,?,?,00000000,00000000,?,?,?,?,?,?,004C4F20), ref: 005035BE
                                                                              • SizeofResource.KERNEL32(?,00000000,?,?,004C50AA,?,?,00000000,00000000,?,?,?,?,?,?,004C4F20), ref: 005035D3
                                                                              • LockResource.KERNEL32(004C50AA,?,?,004C50AA,?,?,00000000,00000000,?,?,?,?,?,?,004C4F20,?), ref: 005035E6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                              • String ID: SCRIPT
                                                                              • API String ID: 3051347437-3967369404
                                                                              • Opcode ID: 2773ee760fae0f1bef240c886d5d5187e35ed9ddf84d37a003071b144c555008
                                                                              • Instruction ID: a4e703aaf4796b2a913884e96fc0a4d410de5e208070e6e59312b5a02c7a7d62
                                                                              • Opcode Fuzzy Hash: 2773ee760fae0f1bef240c886d5d5187e35ed9ddf84d37a003071b144c555008
                                                                              • Instruction Fuzzy Hash: D4117C78200700BFD7218B65DD59F277FB9EBD5B92F2081AEF806962A0DB71D804E620
                                                                              Function 00502BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 004C2B6B
                                                                                • Part of subcall function 004C3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00591418,?,004C2E7F,?,?,?,00000000), ref: 004C3A78
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                              • GetForegroundWindow.USER32(runas,?,?,?,?,?,00582224), ref: 00502C10
                                                                              • ShellExecuteW.SHELL32(00000000,?,?,00582224), ref: 00502C17
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                              • String ID: runas
                                                                              • API String ID: 448630720-4000483414
                                                                              • Opcode ID: 533a2d3bec970d19a5e2e7f91a8718c8c440ae318ab22ad39afa543642b9f7aa
                                                                              • Instruction ID: 02b61d0d15100cbc98c95d91cc2f9809ab2aecb65a51111fcffad7e629d06e23
                                                                              • Opcode Fuzzy Hash: 533a2d3bec970d19a5e2e7f91a8718c8c440ae318ab22ad39afa543642b9f7aa
                                                                              • Instruction Fuzzy Hash: 7611E7392083416ACB84FF21D955F7E7FA4ABA4745F04442FF446120A2DFA8990AD71A
                                                                              Function 0052D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1153 52d4dc-52d524 CreateToolhelp32Snapshot Process32FirstW call 52def7 1156 52d5d2-52d5d5 1153->1156 1157 52d5db-52d5ea FindCloseChangeNotification 1156->1157 1158 52d529-52d538 Process32NextW 1156->1158 1158->1157 1159 52d53e-52d5ad call 4ca961 * 2 call 4c9cb3 call 4c525f call 4c988f call 4c6350 call 4dce60 1158->1159 1174 52d5b7-52d5be 1159->1174 1175 52d5af-52d5b1 1159->1175 1176 52d5c0-52d5cd call 4c988f * 2 1174->1176 1175->1176 1177 52d5b3-52d5b5 1175->1177 1176->1156 1177->1174 1177->1176
                                                                              APIs
                                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 0052D501
                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 0052D50F
                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 0052D52F
                                                                              • FindCloseChangeNotification.KERNEL32(00000000), ref: 0052D5DC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                              • String ID:
                                                                              • API String ID: 3243318325-0
                                                                              • Opcode ID: be75b828f0e8aa50c94ffd4ec812b725d3e53e61b891a9b684617e868e338199
                                                                              • Instruction ID: d9a01b5a6258f4e605bcaed40871b30180450d2f4050329de82300ba2c9ca151
                                                                              • Opcode Fuzzy Hash: be75b828f0e8aa50c94ffd4ec812b725d3e53e61b891a9b684617e868e338199
                                                                              • Instruction Fuzzy Hash: 5F3170711083009FD300EF54D895EAFBFF8EF9A358F14092DF581861A1EB719948CBA2
                                                                              Function 0052DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1181 52dbbe-52dbda lstrlenW 1182 52dc06 1181->1182 1183 52dbdc-52dbe6 GetFileAttributesW 1181->1183 1184 52dc09-52dc0d 1182->1184 1183->1184 1185 52dbe8-52dbf7 FindFirstFileW 1183->1185 1185->1182 1186 52dbf9-52dc04 FindClose 1185->1186 1186->1184
                                                                              APIs
                                                                              • lstrlenW.KERNEL32(?,00505222), ref: 0052DBCE
                                                                              • GetFileAttributesW.KERNEL32(?), ref: 0052DBDD
                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0052DBEE
                                                                              • FindClose.KERNEL32(00000000), ref: 0052DBFA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                              • String ID:
                                                                              • API String ID: 2695905019-0
                                                                              • Opcode ID: 0e06f15983b5c149be46f3b220b4a6a7f97945f194f96b05603acdb65b6125cf
                                                                              • Instruction ID: 1353282212ab9d5d9b53fda1b0c6fd416ba9c3b7be536413193ee96f07bbe922
                                                                              • Opcode Fuzzy Hash: 0e06f15983b5c149be46f3b220b4a6a7f97945f194f96b05603acdb65b6125cf
                                                                              • Instruction Fuzzy Hash: 00F0A730410B205B82206B78AC0D46A3F7CAF52336B104702F476E10E0EBB06D58D9A5
                                                                              Function 004E4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(004F28E9,?,004E4CBE,004F28E9,005888B8,0000000C,004E4E15,004F28E9,00000002,00000000,?,004F28E9), ref: 004E4D09
                                                                              • TerminateProcess.KERNEL32(00000000,?,004E4CBE,004F28E9,005888B8,0000000C,004E4E15,004F28E9,00000002,00000000,?,004F28E9), ref: 004E4D10
                                                                              • ExitProcess.KERNEL32 ref: 004E4D22
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Process$CurrentExitTerminate
                                                                              • String ID:
                                                                              • API String ID: 1703294689-0
                                                                              • Opcode ID: b46aa1faf0bd11362756a5b8a58840b80ee5979bbfd4ead4e940d0e5475e9985
                                                                              • Instruction ID: b4688545a7d2de362ff29a6dab512b239758c657ef3504cdf03906105bdb42df
                                                                              • Opcode Fuzzy Hash: b46aa1faf0bd11362756a5b8a58840b80ee5979bbfd4ead4e940d0e5475e9985
                                                                              • Instruction Fuzzy Hash: 1BE0B631000788AFCF21AF56DD19E593F69EF91787B114459FD05CA223CB39DD46DA84
                                                                              Function 004CBF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: BuffCharUpper
                                                                              • String ID: p#Y
                                                                              • API String ID: 3964851224-128855923
                                                                              • Opcode ID: 0a94c25968aeaa389d6558498b93be6513748091f5db0a37faa6f95c9a981b7e
                                                                              • Instruction ID: 8cd277d18cadd3093de205a694a75e6e48fba892f4aede9e6c5578d4478648de
                                                                              • Opcode Fuzzy Hash: 0a94c25968aeaa389d6558498b93be6513748091f5db0a37faa6f95c9a981b7e
                                                                              • Instruction Fuzzy Hash: C8A27C746083019FD750DF15C4D0B6ABBE1BF89304F14896EE88A8B392D779EC85CB96
                                                                              Function 004CD730 Relevance: 21.6, APIs: 14, Instructions: 625windowsleeptimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetInputState.USER32 ref: 004CD807
                                                                              • timeGetTime.WINMM ref: 004CDA07
                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004CDB28
                                                                              • TranslateMessage.USER32(?), ref: 004CDB7B
                                                                              • DispatchMessageW.USER32(?), ref: 004CDB89
                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004CDB9F
                                                                              • Sleep.KERNEL32(0000000A), ref: 004CDBB1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                              • String ID:
                                                                              • API String ID: 2189390790-0
                                                                              • Opcode ID: 28b8f05bfcd487439e091f8365a69d708b154c8c57998ea65b5c8b4b82e765cb
                                                                              • Instruction ID: f64637c9c69ee010df316a0d8e99d00a0a74d4f53fb631be519b22913a44b996
                                                                              • Opcode Fuzzy Hash: 28b8f05bfcd487439e091f8365a69d708b154c8c57998ea65b5c8b4b82e765cb
                                                                              • Instruction Fuzzy Hash: 2C421578A08741EFE764CF24C844FAABBE0BF85304F14456EE45687391D778E894CB9A
                                                                              Function 004C2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetSysColorBrush.USER32(0000000F), ref: 004C2D07
                                                                              • RegisterClassExW.USER32(00000030), ref: 004C2D31
                                                                              • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004C2D42
                                                                              • InitCommonControlsEx.COMCTL32(?), ref: 004C2D5F
                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 004C2D6F
                                                                              • LoadIconW.USER32(000000A9), ref: 004C2D85
                                                                              • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 004C2D94
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                              • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                              • API String ID: 2914291525-1005189915
                                                                              • Opcode ID: add2ef34fc1cb382ab42baf4ce721c40beeb888b91fe36e022f8598fb5d62b21
                                                                              • Instruction ID: 594fa68335444a638df933bcf5d352eecbc11edc52a9a0c95601c9ccfa3b1373
                                                                              • Opcode Fuzzy Hash: add2ef34fc1cb382ab42baf4ce721c40beeb888b91fe36e022f8598fb5d62b21
                                                                              • Instruction Fuzzy Hash: F521E0B1911329AFDB00DFA4EC99BDDBFB4FB18702F00811AF911A62A0D7B10548EF94
                                                                              Function 0050065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 302 50065b-50068b call 50042f 305 5006a6-5006b2 call 4f5221 302->305 306 50068d-500698 call 4ef2c6 302->306 312 5006b4-5006c9 call 4ef2c6 call 4ef2d9 305->312 313 5006cb-500714 call 50039a 305->313 311 50069a-5006a1 call 4ef2d9 306->311 320 50097d-500983 311->320 312->311 322 500781-50078a GetFileType 313->322 323 500716-50071f 313->323 324 5007d3-5007d6 322->324 325 50078c-5007bd GetLastError call 4ef2a3 CloseHandle 322->325 327 500721-500725 323->327 328 500756-50077c GetLastError call 4ef2a3 323->328 332 5007d8-5007dd 324->332 333 5007df-5007e5 324->333 325->311 341 5007c3-5007ce call 4ef2d9 325->341 327->328 329 500727-500754 call 50039a 327->329 328->311 329->322 329->328 335 5007e9-500837 call 4f516a 332->335 334 5007e7 333->334 333->335 334->335 344 500847-50086b call 50014d 335->344 345 500839-500845 call 5005ab 335->345 341->311 352 50086d 344->352 353 50087e-5008c1 344->353 345->344 351 50086f-500879 call 4f86ae 345->351 351->320 352->351 355 5008e2-5008f0 353->355 356 5008c3-5008c7 353->356 358 5008f6-5008fa 355->358 359 50097b 355->359 356->355 357 5008c9-5008dd 356->357 357->355 358->359 361 5008fc-50092f CloseHandle call 50039a 358->361 359->320 364 500931-50095d GetLastError call 4ef2a3 call 4f5333 361->364 365 500963-500977 361->365 364->365 365->359
                                                                              APIs
                                                                                • Part of subcall function 0050039A: CreateFileW.KERNEL32(00000000,00000000,?,00500704,?,?,00000000,?,00500704,00000000,0000000C), ref: 005003B7
                                                                              • GetLastError.KERNEL32 ref: 0050076F
                                                                              • __dosmaperr.LIBCMT ref: 00500776
                                                                              • GetFileType.KERNEL32(00000000), ref: 00500782
                                                                              • GetLastError.KERNEL32 ref: 0050078C
                                                                              • __dosmaperr.LIBCMT ref: 00500795
                                                                              • CloseHandle.KERNEL32(00000000), ref: 005007B5
                                                                              • CloseHandle.KERNEL32(?), ref: 005008FF
                                                                              • GetLastError.KERNEL32 ref: 00500931
                                                                              • __dosmaperr.LIBCMT ref: 00500938
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                              • String ID: H
                                                                              • API String ID: 4237864984-2852464175
                                                                              • Opcode ID: 90834d142116d004ff316bbc26aa0e2f7f751b55136e032d32217d362096af06
                                                                              • Instruction ID: 53de677b9b063b2859e243cbafd8cea1adcc5f8dd56537f47be56fae49c74057
                                                                              • Opcode Fuzzy Hash: 90834d142116d004ff316bbc26aa0e2f7f751b55136e032d32217d362096af06
                                                                              • Instruction Fuzzy Hash: 12A14332A002488FDF19AF68D851BAE3FA0FB06324F14119EF815AF2D1DB359D16DB91
                                                                              Function 004C344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                                • Part of subcall function 004C3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00591418,?,004C2E7F,?,?,?,00000000), ref: 004C3A78
                                                                                • Part of subcall function 004C3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 004C3379
                                                                              • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 004C356A
                                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0050318D
                                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 005031CE
                                                                              • RegCloseKey.ADVAPI32(?), ref: 00503210
                                                                              • _wcslen.LIBCMT ref: 00503277
                                                                              • _wcslen.LIBCMT ref: 00503286
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                              • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                              • API String ID: 98802146-2727554177
                                                                              • Opcode ID: ef7cf34e2168374d560dee349514e809d43a59afe6ecb86dc36ca0320045393e
                                                                              • Instruction ID: 512590cf71eebab4a342765a311caea4d9ea14e149b867fb337834f3149905ac
                                                                              • Opcode Fuzzy Hash: ef7cf34e2168374d560dee349514e809d43a59afe6ecb86dc36ca0320045393e
                                                                              • Instruction Fuzzy Hash: 5F718C75404301AEC314EF26EC969ABBBE8FFA5344F41092FF445831A0EB349A4CCB66
                                                                              Function 004C2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetSysColorBrush.USER32(0000000F), ref: 004C2B8E
                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 004C2B9D
                                                                              • LoadIconW.USER32(00000063), ref: 004C2BB3
                                                                              • LoadIconW.USER32(000000A4), ref: 004C2BC5
                                                                              • LoadIconW.USER32(000000A2), ref: 004C2BD7
                                                                              • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 004C2BEF
                                                                              • RegisterClassExW.USER32(?), ref: 004C2C40
                                                                                • Part of subcall function 004C2CD4: GetSysColorBrush.USER32(0000000F), ref: 004C2D07
                                                                                • Part of subcall function 004C2CD4: RegisterClassExW.USER32(00000030), ref: 004C2D31
                                                                                • Part of subcall function 004C2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004C2D42
                                                                                • Part of subcall function 004C2CD4: InitCommonControlsEx.COMCTL32(?), ref: 004C2D5F
                                                                                • Part of subcall function 004C2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 004C2D6F
                                                                                • Part of subcall function 004C2CD4: LoadIconW.USER32(000000A9), ref: 004C2D85
                                                                                • Part of subcall function 004C2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 004C2D94
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                              • String ID: #$0$AutoIt v3
                                                                              • API String ID: 423443420-4155596026
                                                                              • Opcode ID: 0e9b90cb479a3fd0f9cd315c8e36230d7f66882b259d01617a667164959de487
                                                                              • Instruction ID: 6778d52ed4bc84169242d6fe4973da1bb2727e908cf2b2078dbe4410f2c0997c
                                                                              • Opcode Fuzzy Hash: 0e9b90cb479a3fd0f9cd315c8e36230d7f66882b259d01617a667164959de487
                                                                              • Instruction Fuzzy Hash: 0C218B70E10329AFCB109FA6EC54BAD7FB4FB18B41F01041BF504A26A0D3B10508EF88
                                                                              Function 004C3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 443 4c3170-4c3185 444 4c31e5-4c31e7 443->444 445 4c3187-4c318a 443->445 444->445 446 4c31e9 444->446 447 4c318c-4c3193 445->447 448 4c31eb 445->448 449 4c31d0-4c31d8 DefWindowProcW 446->449 452 4c3199-4c319e 447->452 453 4c3265-4c326d PostQuitMessage 447->453 450 502dfb-502e23 call 4c18e2 call 4de499 448->450 451 4c31f1-4c31f6 448->451 459 4c31de-4c31e4 449->459 489 502e28-502e2f 450->489 454 4c321d-4c3244 SetTimer RegisterWindowMessageW 451->454 455 4c31f8-4c31fb 451->455 457 4c31a4-4c31a8 452->457 458 502e7c-502e90 call 52bf30 452->458 460 4c3219-4c321b 453->460 454->460 464 4c3246-4c3251 CreatePopupMenu 454->464 461 502d9c-502d9f 455->461 462 4c3201-4c320f KillTimer call 4c30f2 455->462 465 4c31ae-4c31b3 457->465 466 502e68-502e77 call 52c161 457->466 458->460 484 502e96 458->484 460->459 468 502da1-502da5 461->468 469 502dd7-502df6 MoveWindow 461->469 479 4c3214 call 4c3c50 462->479 464->460 473 4c31b9-4c31be 465->473 474 502e4d-502e54 465->474 466->460 476 502dc6-502dd2 SetFocus 468->476 477 502da7-502daa 468->477 469->460 482 4c31c4-4c31ca 473->482 483 4c3253-4c3263 call 4c326f 473->483 474->449 478 502e5a-502e63 call 520ad7 474->478 476->460 477->482 485 502db0-502dc1 call 4c18e2 477->485 478->449 479->460 482->449 482->489 483->460 484->449 485->460 489->449 493 502e35-502e48 call 4c30f2 call 4c3837 489->493 493->449
                                                                              APIs
                                                                              • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,004C316A,?,?), ref: 004C31D8
                                                                              • KillTimer.USER32(?,00000001,?,?,?,?,?,004C316A,?,?), ref: 004C3204
                                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 004C3227
                                                                              • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,004C316A,?,?), ref: 004C3232
                                                                              • CreatePopupMenu.USER32 ref: 004C3246
                                                                              • PostQuitMessage.USER32(00000000), ref: 004C3267
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                              • String ID: TaskbarCreated
                                                                              • API String ID: 129472671-2362178303
                                                                              • Opcode ID: 68e0b19935c1f2d0794f867b5472fcc17352b93b8c3b4e342c4261a29281eece
                                                                              • Instruction ID: bdd18206c587133fe4fd0654438d2eed286c8e98857aaec8d36d7562ce7f964b
                                                                              • Opcode Fuzzy Hash: 68e0b19935c1f2d0794f867b5472fcc17352b93b8c3b4e342c4261a29281eece
                                                                              • Instruction Fuzzy Hash: D841353D250211AEDF551F789C1EFBE3E68FB15346F08811FF502852E1CB689E05AA6E
                                                                              Function 004C1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 499 4c1410-4c1449 500 4c144f-4c1465 mciSendStringW 499->500 501 5024b8-5024b9 DestroyWindow 499->501 502 4c146b-4c1473 500->502 503 4c16c6-4c16d3 500->503 504 5024c4-5024d1 501->504 502->504 505 4c1479-4c1488 call 4c182e 502->505 506 4c16f8-4c16ff 503->506 507 4c16d5-4c16f0 UnregisterHotKey 503->507 508 502500-502507 504->508 509 5024d3-5024d6 504->509 520 4c148e-4c1496 505->520 521 50250e-50251a 505->521 506->502 512 4c1705 506->512 507->506 511 4c16f2-4c16f3 call 4c10d0 507->511 508->504 517 502509 508->517 513 5024e2-5024e5 FindClose 509->513 514 5024d8-5024e0 call 4c6246 509->514 511->506 512->503 519 5024eb-5024f8 513->519 514->519 517->521 519->508 523 5024fa-5024fb call 5332b1 519->523 524 4c149c-4c14c1 call 4ccfa0 520->524 525 502532-50253f 520->525 526 502524-50252b 521->526 527 50251c-50251e FreeLibrary 521->527 523->508 537 4c14f8-4c1503 OleUninitialize 524->537 538 4c14c3 524->538 529 502541-50255e VirtualFree 525->529 530 502566-50256d 525->530 526->521 528 50252d 526->528 527->526 528->525 529->530 533 502560-502561 call 533317 529->533 530->525 534 50256f 530->534 533->530 539 502574-502578 534->539 537->539 540 4c1509-4c150e 537->540 541 4c14c6-4c14f6 call 4c1a05 call 4c19ae 538->541 539->540 544 50257e-502584 539->544 542 4c1514-4c151e 540->542 543 502589-502596 call 5332eb 540->543 541->537 546 4c1524-4c15a5 call 4c988f call 4c1944 call 4c17d5 call 4dfe14 call 4c177c call 4c988f call 4ccfa0 call 4c17fe call 4dfe14 542->546 547 4c1707-4c1714 call 4df80e 542->547 555 502598 543->555 544->540 561 50259d-5025bf call 4dfdcd 546->561 589 4c15ab-4c15cf call 4dfe14 546->589 547->546 560 4c171a 547->560 555->561 560->547 567 5025c1 561->567 570 5025c6-5025e8 call 4dfdcd 567->570 577 5025ea 570->577 580 5025ef-502611 call 4dfdcd 577->580 586 502613 580->586 588 502618-502625 call 5264d4 586->588 594 502627 588->594 589->570 595 4c15d5-4c15f9 call 4dfe14 589->595 597 50262c-502639 call 4dac64 594->597 595->580 600 4c15ff-4c1619 call 4dfe14 595->600 603 50263b 597->603 600->588 605 4c161f-4c1643 call 4c17d5 call 4dfe14 600->605 607 502640-50264d call 533245 603->607 605->597 614 4c1649-4c1651 605->614 613 50264f 607->613 615 502654-502661 call 5332cc 613->615 614->607 616 4c1657-4c1675 call 4c988f call 4c190a 614->616 621 502663 615->621 616->615 625 4c167b-4c1689 616->625 624 502668-502675 call 5332cc 621->624 630 502677 624->630 625->624 627 4c168f-4c16c5 call 4c988f * 3 call 4c1876 625->627 630->630
                                                                              APIs
                                                                              • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 004C1459
                                                                              • OleUninitialize.OLE32(?,00000000), ref: 004C14F8
                                                                              • UnregisterHotKey.USER32(?), ref: 004C16DD
                                                                              • DestroyWindow.USER32(?), ref: 005024B9
                                                                              • FreeLibrary.KERNEL32(?), ref: 0050251E
                                                                              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0050254B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                              • String ID: close all
                                                                              • API String ID: 469580280-3243417748
                                                                              • Opcode ID: eda2c1bc1239d75cc65eb762c7716741f735a02d7994e9f5bc7bd1a923a89276
                                                                              • Instruction ID: faef9a7479a1c3e9c483ebb70953cbba7bb2ddcde48c92b26f2682e6c44a3989
                                                                              • Opcode Fuzzy Hash: eda2c1bc1239d75cc65eb762c7716741f735a02d7994e9f5bc7bd1a923a89276
                                                                              • Instruction Fuzzy Hash: 5AD19034701212CFCB29EF15C899F29FBA4BF05704F14419EE44A6B2A2DB35AD16CF59
                                                                              Function 004C2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 648 4c2c63-4c2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                              APIs
                                                                              • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 004C2C91
                                                                              • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 004C2CB2
                                                                              • ShowWindow.USER32(00000000,?,?,?,?,?,?,004C1CAD,?), ref: 004C2CC6
                                                                              • ShowWindow.USER32(00000000,?,?,?,?,?,?,004C1CAD,?), ref: 004C2CCF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$CreateShow
                                                                              • String ID: AutoIt v3$edit
                                                                              • API String ID: 1584632944-3779509399
                                                                              • Opcode ID: eee7a3e89b5b92aef197e5556185b767c44f2d0d64b411f3d520380bc3edd853
                                                                              • Instruction ID: 22a753be929121bac4c292886f32f523c6c9d9d34401603b6419673cc6cf86da
                                                                              • Opcode Fuzzy Hash: eee7a3e89b5b92aef197e5556185b767c44f2d0d64b411f3d520380bc3edd853
                                                                              • Instruction Fuzzy Hash: 12F03A755403A17EEB300723AC18E772EBDE7EAF51B02045FF904A25A0C6751848EAB8
                                                                              Function 0054AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 763 54ad64-54ad9c call 4ca961 call 4e2340 768 54add1-54add5 763->768 769 54ad9e-54adb5 call 4c7510 763->769 771 54add7-54adee call 4c7510 call 4c7620 768->771 772 54adf1-54adf5 768->772 769->768 778 54adb7-54adce call 4c7510 call 4c7620 769->778 771->772 773 54adf7-54ae0e call 4c7510 772->773 774 54ae3a 772->774 779 54ae3c-54ae40 773->779 787 54ae10-54ae21 call 4c9b47 773->787 774->779 778->768 783 54ae42-54ae50 call 4cb567 779->783 784 54ae53-54aeae call 4e2340 call 4c7510 ShellExecuteExW 779->784 783->784 800 54aeb7-54aeb9 784->800 801 54aeb0-54aeb6 call 4dfe14 784->801 787->774 799 54ae23-54ae2e call 4c7510 787->799 799->774 808 54ae30-54ae35 call 4ca8c7 799->808 805 54aec2-54aec6 800->805 806 54aebb-54aec1 call 4dfe14 800->806 801->800 810 54aec8-54aed6 805->810 811 54af0a-54af0e 805->811 806->805 808->774 816 54aed8 810->816 817 54aedb-54aeeb 810->817 812 54af10-54af19 811->812 813 54af1b-54af33 call 4ccfa0 811->813 820 54af6d-54af7b call 4c988f 812->820 813->820 827 54af35-54af46 GetProcessId 813->827 816->817 818 54aef0-54af08 call 4ccfa0 817->818 819 54aeed 817->819 818->820 819->818 828 54af4e-54af67 call 4ccfa0 CloseHandle 827->828 829 54af48 827->829 828->820 829->828
                                                                              APIs
                                                                              • ShellExecuteExW.SHELL32(0000003C), ref: 0054AEA3
                                                                                • Part of subcall function 004C7620: _wcslen.LIBCMT ref: 004C7625
                                                                              • GetProcessId.KERNEL32(00000000), ref: 0054AF38
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0054AF67
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                              • String ID: <$@
                                                                              • API String ID: 146682121-1426351568
                                                                              • Opcode ID: 6691104509199c0f213dc58d91c7cf7f0dca534889a33d46201b45f49eb08201
                                                                              • Instruction ID: 923da937f104626ad227596ff95033d39a95a5855917bf7b1eb4de3dd614abec
                                                                              • Opcode Fuzzy Hash: 6691104509199c0f213dc58d91c7cf7f0dca534889a33d46201b45f49eb08201
                                                                              • Instruction Fuzzy Hash: 4F715678A00619DFCB54DF65C484A9EBBF4BF08318F04849EE816AB392C778ED45CB95
                                                                              Function 004C3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1142 4c3b1c-4c3b27 1143 4c3b99-4c3b9b 1142->1143 1144 4c3b29-4c3b2e 1142->1144 1146 4c3b8c-4c3b8f 1143->1146 1144->1143 1145 4c3b30-4c3b48 RegOpenKeyExW 1144->1145 1145->1143 1147 4c3b4a-4c3b69 RegQueryValueExW 1145->1147 1148 4c3b6b-4c3b76 1147->1148 1149 4c3b80-4c3b8b RegCloseKey 1147->1149 1150 4c3b78-4c3b7a 1148->1150 1151 4c3b90-4c3b97 1148->1151 1149->1146 1152 4c3b7e 1150->1152 1151->1152 1152->1149
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,004C3B0F,SwapMouseButtons,00000004,?), ref: 004C3B40
                                                                              • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,004C3B0F,SwapMouseButtons,00000004,?), ref: 004C3B61
                                                                              • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,004C3B0F,SwapMouseButtons,00000004,?), ref: 004C3B83
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CloseOpenQueryValue
                                                                              • String ID: Control Panel\Mouse
                                                                              • API String ID: 3677997916-824357125
                                                                              • Opcode ID: 5157e39597921eb1b457cad3cbcc1bdce01738b5175a28746f2c045243ea1031
                                                                              • Instruction ID: 7c0936794a46a10d3814ce7c9ab8ab29e6b98675282477902312194a54a0dba7
                                                                              • Opcode Fuzzy Hash: 5157e39597921eb1b457cad3cbcc1bdce01738b5175a28746f2c045243ea1031
                                                                              • Instruction Fuzzy Hash: C8112EB5510208FFDB608FA5DC44EEFBBB8EF05755B10845AB805D7211E235AE449B64
                                                                              Function 004C3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 005033A2
                                                                                • Part of subcall function 004C6B57: _wcslen.LIBCMT ref: 004C6B6A
                                                                              • Shell_NotifyIconW.SHELL32(00000001,?), ref: 004C3A04
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: IconLoadNotifyShell_String_wcslen
                                                                              • String ID: Line:
                                                                              • API String ID: 2289894680-1585850449
                                                                              • Opcode ID: eaaf08f0e97954f6e8da9780386decf45799ff5657919554d051902b23cd5458
                                                                              • Instruction ID: 2ea18e1cdbdc02c580f5343e5993c57c5e50a5a7d768469743cc3e84bcac85d5
                                                                              • Opcode Fuzzy Hash: eaaf08f0e97954f6e8da9780386decf45799ff5657919554d051902b23cd5458
                                                                              • Instruction Fuzzy Hash: FC31E375408311AAD760EF20DC45FEFB7E8AB40719F00892FF49993191EB789A48C7CA
                                                                              Function 004C2DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetOpenFileNameW.COMDLG32(?), ref: 00502C8C
                                                                                • Part of subcall function 004C3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004C3A97,?,?,004C2E7F,?,?,?,00000000), ref: 004C3AC2
                                                                                • Part of subcall function 004C2DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 004C2DC4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Name$Path$FileFullLongOpen
                                                                              • String ID: X$`eX
                                                                              • API String ID: 779396738-3573335674
                                                                              • Opcode ID: ea609144a6513e66a07b6531e7338d462d1cac71365a40ea2eab1f40ddf69ebc
                                                                              • Instruction ID: 150c0bb272d522a89155b17518d2b384fe24135facf539e814ebd59496a834dd
                                                                              • Opcode Fuzzy Hash: ea609144a6513e66a07b6531e7338d462d1cac71365a40ea2eab1f40ddf69ebc
                                                                              • Instruction Fuzzy Hash: A3219671A00258AFDB41EF95C849BEE7BF8AF48319F00805EE405B7281DBF859498F65
                                                                              Function 004DFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 004E0668
                                                                                • Part of subcall function 004E32A4: RaiseException.KERNEL32(?,?,?,004E068A,?,00591444,?,?,?,?,?,?,004E068A,004C1129,00588738,004C1129), ref: 004E3304
                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 004E0685
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Exception@8Throw$ExceptionRaise
                                                                              • String ID: Unknown exception
                                                                              • API String ID: 3476068407-410509341
                                                                              • Opcode ID: 999471fbf99f4421ded006d2460a16aa91a601332e20a35829d9be33b793d74c
                                                                              • Instruction ID: 0f7ec9b8d6660be636a73c32f2246e19a46d9a043191ae55f3055f8a5557b399
                                                                              • Opcode Fuzzy Hash: 999471fbf99f4421ded006d2460a16aa91a601332e20a35829d9be33b793d74c
                                                                              • Instruction Fuzzy Hash: 4CF0283080028C73CB10BA77D856D9E7B7DAF00305BA0447BB965D6691EFB9DA59C688
                                                                              Function 004C10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 004C1BF4
                                                                                • Part of subcall function 004C1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 004C1BFC
                                                                                • Part of subcall function 004C1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 004C1C07
                                                                                • Part of subcall function 004C1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 004C1C12
                                                                                • Part of subcall function 004C1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 004C1C1A
                                                                                • Part of subcall function 004C1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 004C1C22
                                                                                • Part of subcall function 004C1B4A: RegisterWindowMessageW.USER32(00000004,?,004C12C4), ref: 004C1BA2
                                                                              • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 004C136A
                                                                              • OleInitialize.OLE32 ref: 004C1388
                                                                              • CloseHandle.KERNEL32(00000000,00000000), ref: 005024AB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                              • String ID:
                                                                              • API String ID: 1986988660-0
                                                                              • Opcode ID: de53e7a688692e2190c00d2a0ece299a8c37c9af6ee2ca7a8800f3e487788394
                                                                              • Instruction ID: c762ba53189e55255a3f7d7f1af7e21587f9a8311effe2cf6f14e3a1422d9cda
                                                                              • Opcode Fuzzy Hash: de53e7a688692e2190c00d2a0ece299a8c37c9af6ee2ca7a8800f3e487788394
                                                                              • Instruction Fuzzy Hash: BB71CEB8901B228FCB84DF7AA955A553EE0FBA9348717812FD41AC7361EB344409EF4C
                                                                              Function 004F86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,004F85CC,?,00588CC8,0000000C), ref: 004F8704
                                                                              • GetLastError.KERNEL32(?,004F85CC,?,00588CC8,0000000C), ref: 004F870E
                                                                              • __dosmaperr.LIBCMT ref: 004F8739
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                              • String ID:
                                                                              • API String ID: 490808831-0
                                                                              • Opcode ID: eaca3f8520b0072eb1159477b4b3c8b8d16b124cfaf113dc415f6a6286387012
                                                                              • Instruction ID: 7a989f564c9b54fbec93a49b6b16cce87002e0c501e257a9c909fe6f62e7c91a
                                                                              • Opcode Fuzzy Hash: eaca3f8520b0072eb1159477b4b3c8b8d16b124cfaf113dc415f6a6286387012
                                                                              • Instruction Fuzzy Hash: 3A016B33604A281AE2206239684977F2B994B9277DF3A011FFF04CF2D2DEAC8C81815C
                                                                              Function 004D1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __Init_thread_footer.LIBCMT ref: 004D17F6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Init_thread_footer
                                                                              • String ID: CALL
                                                                              • API String ID: 1385522511-4196123274
                                                                              • Opcode ID: 8d4bfc2f00ab21d1a6f4a172a8af594cc95f142ae55c2ab0d4f1a501a226411e
                                                                              • Instruction ID: 69c18633eb1364986b3038c6b7a6ea4fba567cfb81d0b4c58ad58b7cf43646b1
                                                                              • Opcode Fuzzy Hash: 8d4bfc2f00ab21d1a6f4a172a8af594cc95f142ae55c2ab0d4f1a501a226411e
                                                                              • Instruction Fuzzy Hash: 5622AB70608201AFD714DF15C4A4B2ABBF1BF89314F14895FF8968B361D739E885CB96
                                                                              Function 004C3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Shell_NotifyIconW.SHELL32(00000000,?), ref: 004C3908
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: IconNotifyShell_
                                                                              • String ID:
                                                                              • API String ID: 1144537725-0
                                                                              • Opcode ID: 33ef8252564c4e317adfc5dea6c5a05b85c6460754ae18bce2943737b2bb84cb
                                                                              • Instruction ID: 75cda2794b839d0e66e5e4d4383db5944a9e9cf08bdf73a9ad7fbaf03d1e3ae9
                                                                              • Opcode Fuzzy Hash: 33ef8252564c4e317adfc5dea6c5a05b85c6460754ae18bce2943737b2bb84cb
                                                                              • Instruction Fuzzy Hash: 5231A0745047018FD760EF24D885B9BBBF8FB59309F00092FF59983240E775AA48CB5A
                                                                              Function 004C4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,004C4EDD,?,00591418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004C4E9C
                                                                                • Part of subcall function 004C4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 004C4EAE
                                                                                • Part of subcall function 004C4E90: FreeLibrary.KERNEL32(00000000,?,?,004C4EDD,?,00591418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004C4EC0
                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00591418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004C4EFD
                                                                                • Part of subcall function 004C4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00503CDE,?,00591418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004C4E62
                                                                                • Part of subcall function 004C4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 004C4E74
                                                                                • Part of subcall function 004C4E59: FreeLibrary.KERNEL32(00000000,?,?,00503CDE,?,00591418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004C4E87
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Library$Load$AddressFreeProc
                                                                              • String ID:
                                                                              • API String ID: 2632591731-0
                                                                              • Opcode ID: 031dc796cdea6dec9d9a971ff15883ca7aff04532a728be0091e294c9c53e2f2
                                                                              • Instruction ID: d2576109f8d559af7f47a63cbdaca8102c1d9bba040c22bcc397d657d99eb64b
                                                                              • Opcode Fuzzy Hash: 031dc796cdea6dec9d9a971ff15883ca7aff04532a728be0091e294c9c53e2f2
                                                                              • Instruction Fuzzy Hash: AF117A35600301AACF10FF62DD22FAD7BA4AF80714F10842FF042A61C1EE78AE059758
                                                                              Function 004F8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: __wsopen_s
                                                                              • String ID:
                                                                              • API String ID: 3347428461-0
                                                                              • Opcode ID: 81acaafb338800956aef6cb2d1d5fcdb2299e984e1c1d552a66cb218e67a22a1
                                                                              • Instruction ID: 21b2fa5841320fc27a18a3f2617a3e4d7128827f92e3a5c8b829f0bb13777f22
                                                                              • Opcode Fuzzy Hash: 81acaafb338800956aef6cb2d1d5fcdb2299e984e1c1d552a66cb218e67a22a1
                                                                              • Instruction Fuzzy Hash: 2211367190410AAFCB05DF58E9419AF7BF5EF48304F14405AF908AB352EA30DA118BA9
                                                                              Function 004EE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                              • Instruction ID: abf3b4b21cf70baf7ae9ac8304927dd213d0c725b2076980137b1e46972bc972
                                                                              • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                              • Instruction Fuzzy Hash: EAF0F932911A54D6D6313A779C05B6733989F6233AF100B1FF620972D2DF7CD40685AD
                                                                              Function 004F3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(00000000,?,00591444,?,004DFDF5,?,?,004CA976,00000010,00591440,004C13FC,?,004C13C6,?,004C1129), ref: 004F3852
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: cd14b101fb0fd7cb13dad0942b1d4460d94953f73194946a2e7b3fc900ae657f
                                                                              • Instruction ID: 8390cb30a7550ebbab035e3d3dc4ddb2f1cb4d087fe772dde1733aad2d62a85b
                                                                              • Opcode Fuzzy Hash: cd14b101fb0fd7cb13dad0942b1d4460d94953f73194946a2e7b3fc900ae657f
                                                                              • Instruction Fuzzy Hash: BDE0A031100668A6D6213E779D00BAB37C8AB827F3B050027BE44926C0DB1D9D0191AD
                                                                              Function 004C4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FreeLibrary.KERNEL32(?,?,00591418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004C4F6D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: FreeLibrary
                                                                              • String ID:
                                                                              • API String ID: 3664257935-0
                                                                              • Opcode ID: b73839786054496486f4e7cb55f504822474ef014c742ca9c927114694685a14
                                                                              • Instruction ID: 6bb4d0f6ab606a88354ca8d1d9945a991d2a9929a0ec40805cba0fa78c4e1120
                                                                              • Opcode Fuzzy Hash: b73839786054496486f4e7cb55f504822474ef014c742ca9c927114694685a14
                                                                              • Instruction Fuzzy Hash: 6DF0A074005741CFDB748F21D5A0E12BBE0AF54319310897FE1DA82610C7359844DF18
                                                                              Function 004C30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Shell_NotifyIconW.SHELL32(00000002,?), ref: 004C314E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: IconNotifyShell_
                                                                              • String ID:
                                                                              • API String ID: 1144537725-0
                                                                              • Opcode ID: 41aaeecf5c13aee3cd504edd40aff1db04191cabc310b477a5d7291fafa9503a
                                                                              • Instruction ID: 79096be593419fd13fbb62a32dafaf1949d09547de151091b058325e06738e0e
                                                                              • Opcode Fuzzy Hash: 41aaeecf5c13aee3cd504edd40aff1db04191cabc310b477a5d7291fafa9503a
                                                                              • Instruction Fuzzy Hash: 20F0A7709003149FEB529F24DC46BD67BBCA70170CF0001EAA54896281DB744B8CCF45
                                                                              Function 004C2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 004C2DC4
                                                                                • Part of subcall function 004C6B57: _wcslen.LIBCMT ref: 004C6B6A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: LongNamePath_wcslen
                                                                              • String ID:
                                                                              • API String ID: 541455249-0
                                                                              • Opcode ID: 68a914138dfa74c69ef60d84138b0a5b6157d386b60c7bcc3ec0d5276327de22
                                                                              • Instruction ID: 9cecb9f710bee6ccc639701a24fe82802adedd7dc74c8a0ee48f5bf3dc998000
                                                                              • Opcode Fuzzy Hash: 68a914138dfa74c69ef60d84138b0a5b6157d386b60c7bcc3ec0d5276327de22
                                                                              • Instruction Fuzzy Hash: BEE0CD766002245BC710D2589C05FDA77DDDFC8790F054075FD09E7248D964BD848555
                                                                              Function 004C2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 004C3908
                                                                                • Part of subcall function 004CD730: GetInputState.USER32 ref: 004CD807
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 004C2B6B
                                                                                • Part of subcall function 004C30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 004C314E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                              • String ID:
                                                                              • API String ID: 3667716007-0
                                                                              • Opcode ID: c7fc084338a680d9e151955d3eae2ec520314a75c76fd7d02adcc50042c0ff2a
                                                                              • Instruction ID: b370946c8d0de7ba395dcab304dbbc6e3ab07fdc1844acc69896201b698ce221
                                                                              • Opcode Fuzzy Hash: c7fc084338a680d9e151955d3eae2ec520314a75c76fd7d02adcc50042c0ff2a
                                                                              • Instruction Fuzzy Hash: B8E0262A30030506CE84BF329816F7DB7899BE535AF00543FF04643162CF6C494A426D
                                                                              Function 0050039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileW.KERNEL32(00000000,00000000,?,00500704,?,?,00000000,?,00500704,00000000,0000000C), ref: 005003B7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFile
                                                                              • String ID:
                                                                              • API String ID: 823142352-0
                                                                              • Opcode ID: e690a6e22498297c106cc317fb088cfe3dd27a0ad28fb0d08369d43dbe3b0b43
                                                                              • Instruction ID: abb2406fd43e9555f829376dd8bba8af0c7ae25c4cf0102a26b600483d3e4155
                                                                              • Opcode Fuzzy Hash: e690a6e22498297c106cc317fb088cfe3dd27a0ad28fb0d08369d43dbe3b0b43
                                                                              • Instruction Fuzzy Hash: A8D06C3204020DBFDF028F84DD06EDA3FAAFB48714F014000BE1856020C732E821EB90
                                                                              Function 004C1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 004C1CBC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InfoParametersSystem
                                                                              • String ID:
                                                                              • API String ID: 3098949447-0
                                                                              • Opcode ID: dcecca9f4bb68ddaf287dc7e69c884e534d3a29cd2d6990c66ca8b7b09320e46
                                                                              • Instruction ID: 5474e6b87550ed8889f7810d9f64d4f50eb2ccf85c4186c2145b7b88397816dc
                                                                              • Opcode Fuzzy Hash: dcecca9f4bb68ddaf287dc7e69c884e534d3a29cd2d6990c66ca8b7b09320e46
                                                                              • Instruction Fuzzy Hash: 8AC0923A280305AFF2148BD0BC5AF107B64A368B02F468402F60DA95E3D3B22828FA54

                                                                              Non-executed Functions

                                                                              Function 00559576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004D9BB2
                                                                              • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0055961A
                                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0055965B
                                                                              • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0055969F
                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 005596C9
                                                                              • SendMessageW.USER32 ref: 005596F2
                                                                              • GetKeyState.USER32(00000011), ref: 0055978B
                                                                              • GetKeyState.USER32(00000009), ref: 00559798
                                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 005597AE
                                                                              • GetKeyState.USER32(00000010), ref: 005597B8
                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 005597E9
                                                                              • SendMessageW.USER32 ref: 00559810
                                                                              • SendMessageW.USER32(?,00001030,?,00557E95), ref: 00559918
                                                                              • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0055992E
                                                                              • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00559941
                                                                              • SetCapture.USER32(?), ref: 0055994A
                                                                              • ClientToScreen.USER32(?,?), ref: 005599AF
                                                                              • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 005599BC
                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 005599D6
                                                                              • ReleaseCapture.USER32 ref: 005599E1
                                                                              • GetCursorPos.USER32(?), ref: 00559A19
                                                                              • ScreenToClient.USER32(?,?), ref: 00559A26
                                                                              • SendMessageW.USER32(?,00001012,00000000,?), ref: 00559A80
                                                                              • SendMessageW.USER32 ref: 00559AAE
                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00559AEB
                                                                              • SendMessageW.USER32 ref: 00559B1A
                                                                              • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00559B3B
                                                                              • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00559B4A
                                                                              • GetCursorPos.USER32(?), ref: 00559B68
                                                                              • ScreenToClient.USER32(?,?), ref: 00559B75
                                                                              • GetParent.USER32(?), ref: 00559B93
                                                                              • SendMessageW.USER32(?,00001012,00000000,?), ref: 00559BFA
                                                                              • SendMessageW.USER32 ref: 00559C2B
                                                                              • ClientToScreen.USER32(?,?), ref: 00559C84
                                                                              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00559CB4
                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00559CDE
                                                                              • SendMessageW.USER32 ref: 00559D01
                                                                              • ClientToScreen.USER32(?,?), ref: 00559D4E
                                                                              • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00559D82
                                                                                • Part of subcall function 004D9944: GetWindowLongW.USER32(?,000000EB), ref: 004D9952
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00559E05
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                              • String ID: @GUI_DRAGID$F$p#Y
                                                                              • API String ID: 3429851547-4190006493
                                                                              • Opcode ID: 1b8b5f7bc5272ba74e73f37310fd9dc91a15619fe0dd1364a9c593188a6c4dd8
                                                                              • Instruction ID: d546af89e0964798e07a87ebfd43bd2782692cdb24171930eb659c90a598ccd4
                                                                              • Opcode Fuzzy Hash: 1b8b5f7bc5272ba74e73f37310fd9dc91a15619fe0dd1364a9c593188a6c4dd8
                                                                              • Instruction Fuzzy Hash: 79429E34204301EFDB21CF28CD64AAABFE5FF49315F140A1EF9598B2A1D735A958EB41
                                                                              Function 00554873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 005548F3
                                                                              • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00554908
                                                                              • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00554927
                                                                              • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0055494B
                                                                              • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0055495C
                                                                              • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0055497B
                                                                              • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 005549AE
                                                                              • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 005549D4
                                                                              • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00554A0F
                                                                              • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00554A56
                                                                              • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00554A7E
                                                                              • IsMenu.USER32(?), ref: 00554A97
                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00554AF2
                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00554B20
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00554B94
                                                                              • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00554BE3
                                                                              • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00554C82
                                                                              • wsprintfW.USER32 ref: 00554CAE
                                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00554CC9
                                                                              • GetWindowTextW.USER32(?,00000000,00000001), ref: 00554CF1
                                                                              • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00554D13
                                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00554D33
                                                                              • GetWindowTextW.USER32(?,00000000,00000001), ref: 00554D5A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                              • String ID: %d/%02d/%02d
                                                                              • API String ID: 4054740463-328681919
                                                                              • Opcode ID: e6c29a4cee950e6a35a7871bf82f907720bb99871063540337f962b897369d6b
                                                                              • Instruction ID: 0e16566e9bf6e500161c485cc68555c4c7bcfcf2632b8518e4782edfc23770c5
                                                                              • Opcode Fuzzy Hash: e6c29a4cee950e6a35a7871bf82f907720bb99871063540337f962b897369d6b
                                                                              • Instruction Fuzzy Hash: 4112DF71600314ABEB248F29CC59FAE7FB8FF4531AF10451AF916DA2A1D7749A88CF50
                                                                              Function 004DF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 004DF998
                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0051F474
                                                                              • IsIconic.USER32(00000000), ref: 0051F47D
                                                                              • ShowWindow.USER32(00000000,00000009), ref: 0051F48A
                                                                              • SetForegroundWindow.USER32(00000000), ref: 0051F494
                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0051F4AA
                                                                              • GetCurrentThreadId.KERNEL32 ref: 0051F4B1
                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0051F4BD
                                                                              • AttachThreadInput.USER32(?,00000000,00000001), ref: 0051F4CE
                                                                              • AttachThreadInput.USER32(?,00000000,00000001), ref: 0051F4D6
                                                                              • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0051F4DE
                                                                              • SetForegroundWindow.USER32(00000000), ref: 0051F4E1
                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0051F4F6
                                                                              • keybd_event.USER32(00000012,00000000), ref: 0051F501
                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0051F50B
                                                                              • keybd_event.USER32(00000012,00000000), ref: 0051F510
                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0051F519
                                                                              • keybd_event.USER32(00000012,00000000), ref: 0051F51E
                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0051F528
                                                                              • keybd_event.USER32(00000012,00000000), ref: 0051F52D
                                                                              • SetForegroundWindow.USER32(00000000), ref: 0051F530
                                                                              • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0051F557
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                              • String ID: Shell_TrayWnd
                                                                              • API String ID: 4125248594-2988720461
                                                                              • Opcode ID: f235d505330c3a37be34659bb82f5b29af302989ecfd8196b181471e65e318f6
                                                                              • Instruction ID: 60c2122bf8ef54f4bee02fb6a2e759ecab932665e4cbdb2e2cb4cd9ae4aa46d5
                                                                              • Opcode Fuzzy Hash: f235d505330c3a37be34659bb82f5b29af302989ecfd8196b181471e65e318f6
                                                                              • Instruction Fuzzy Hash: 09314C71A40318BFFB216BB55C4AFBF7E6DEB44B51F110066FA01E61D1D6B05D40ABA0
                                                                              Function 00521201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 005216C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0052170D
                                                                                • Part of subcall function 005216C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0052173A
                                                                                • Part of subcall function 005216C3: GetLastError.KERNEL32 ref: 0052174A
                                                                              • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00521286
                                                                              • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 005212A8
                                                                              • CloseHandle.KERNEL32(?), ref: 005212B9
                                                                              • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 005212D1
                                                                              • GetProcessWindowStation.USER32 ref: 005212EA
                                                                              • SetProcessWindowStation.USER32(00000000), ref: 005212F4
                                                                              • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00521310
                                                                                • Part of subcall function 005210BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,005211FC), ref: 005210D4
                                                                                • Part of subcall function 005210BF: CloseHandle.KERNEL32(?,?,005211FC), ref: 005210E9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                              • String ID: $default$winsta0$ZX
                                                                              • API String ID: 22674027-2524630618
                                                                              • Opcode ID: ba4fe32d009ad66fa7877613aee860c51a37845932cd184148eb458cea0b2386
                                                                              • Instruction ID: ccd3990eb294579eef163dd46910ba768143f8c949c48706354f39b007b71a4d
                                                                              • Opcode Fuzzy Hash: ba4fe32d009ad66fa7877613aee860c51a37845932cd184148eb458cea0b2386
                                                                              • Instruction Fuzzy Hash: BB818771900319AFDF20AFA4EC49BAF7FB9FF19705F144129F915A61A0D7318A44CBA8
                                                                              Function 00520B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 005210F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00521114
                                                                                • Part of subcall function 005210F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00520B9B,?,?,?), ref: 00521120
                                                                                • Part of subcall function 005210F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00520B9B,?,?,?), ref: 0052112F
                                                                                • Part of subcall function 005210F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00520B9B,?,?,?), ref: 00521136
                                                                                • Part of subcall function 005210F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0052114D
                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00520BCC
                                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00520C00
                                                                              • GetLengthSid.ADVAPI32(?), ref: 00520C17
                                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 00520C51
                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00520C6D
                                                                              • GetLengthSid.ADVAPI32(?), ref: 00520C84
                                                                              • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00520C8C
                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00520C93
                                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00520CB4
                                                                              • CopySid.ADVAPI32(00000000), ref: 00520CBB
                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00520CEA
                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00520D0C
                                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00520D1E
                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00520D45
                                                                              • HeapFree.KERNEL32(00000000), ref: 00520D4C
                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00520D55
                                                                              • HeapFree.KERNEL32(00000000), ref: 00520D5C
                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00520D65
                                                                              • HeapFree.KERNEL32(00000000), ref: 00520D6C
                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00520D78
                                                                              • HeapFree.KERNEL32(00000000), ref: 00520D7F
                                                                                • Part of subcall function 00521193: GetProcessHeap.KERNEL32(00000008,00520BB1,?,00000000,?,00520BB1,?), ref: 005211A1
                                                                                • Part of subcall function 00521193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00520BB1,?), ref: 005211A8
                                                                                • Part of subcall function 00521193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00520BB1,?), ref: 005211B7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                              • String ID:
                                                                              • API String ID: 4175595110-0
                                                                              • Opcode ID: 15035deb012f95a47ca2191d7819ba0a62c2e00e7ea4b94de54fbf8df2756839
                                                                              • Instruction ID: 3668060879d9722daff1e42b10c26dc1149b2a3af12f4b97fe77a1af1520c053
                                                                              • Opcode Fuzzy Hash: 15035deb012f95a47ca2191d7819ba0a62c2e00e7ea4b94de54fbf8df2756839
                                                                              • Instruction Fuzzy Hash: 9B71697290231AAFDF109FA4EC48BAEBFB8FF15311F044515E914A62D2D771AA05CF60
                                                                              Function 0053EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • OpenClipboard.USER32(0055CC08), ref: 0053EB29
                                                                              • IsClipboardFormatAvailable.USER32(0000000D), ref: 0053EB37
                                                                              • GetClipboardData.USER32(0000000D), ref: 0053EB43
                                                                              • CloseClipboard.USER32 ref: 0053EB4F
                                                                              • GlobalLock.KERNEL32(00000000), ref: 0053EB87
                                                                              • CloseClipboard.USER32 ref: 0053EB91
                                                                              • GlobalUnlock.KERNEL32(00000000,00000000), ref: 0053EBBC
                                                                              • IsClipboardFormatAvailable.USER32(00000001), ref: 0053EBC9
                                                                              • GetClipboardData.USER32(00000001), ref: 0053EBD1
                                                                              • GlobalLock.KERNEL32(00000000), ref: 0053EBE2
                                                                              • GlobalUnlock.KERNEL32(00000000,?), ref: 0053EC22
                                                                              • IsClipboardFormatAvailable.USER32(0000000F), ref: 0053EC38
                                                                              • GetClipboardData.USER32(0000000F), ref: 0053EC44
                                                                              • GlobalLock.KERNEL32(00000000), ref: 0053EC55
                                                                              • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0053EC77
                                                                              • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0053EC94
                                                                              • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0053ECD2
                                                                              • GlobalUnlock.KERNEL32(00000000,?,?), ref: 0053ECF3
                                                                              • CountClipboardFormats.USER32 ref: 0053ED14
                                                                              • CloseClipboard.USER32 ref: 0053ED59
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                              • String ID:
                                                                              • API String ID: 420908878-0
                                                                              • Opcode ID: 3c8a9d8ceaed2c55f491910ab8c1bfc6ac0abb6c4bae5bfd1ae95e1dcebdd0c3
                                                                              • Instruction ID: 1fcd092e08944af57102e3358b7ebf5e8da8005dbbd37d54c300b5d8e09037c8
                                                                              • Opcode Fuzzy Hash: 3c8a9d8ceaed2c55f491910ab8c1bfc6ac0abb6c4bae5bfd1ae95e1dcebdd0c3
                                                                              • Instruction Fuzzy Hash: AD617A38204301AFD301EF64D8AAF6ABBE4BB94705F14495DF456972E1CB31DD09DB62
                                                                              Function 0053698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 005369BE
                                                                              • FindClose.KERNEL32(00000000), ref: 00536A12
                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00536A4E
                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00536A75
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00536AB2
                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00536ADF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                              • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                              • API String ID: 3830820486-3289030164
                                                                              • Opcode ID: 4c14105d695903035051dc96a0286cb7250e918c89eb5e1c82a33b87b57f55a2
                                                                              • Instruction ID: da8aa07d747be057785152611b933b2bed554ce3e7dc7c5e6f54932eda87bb21
                                                                              • Opcode Fuzzy Hash: 4c14105d695903035051dc96a0286cb7250e918c89eb5e1c82a33b87b57f55a2
                                                                              • Instruction Fuzzy Hash: FED17475508300AFC310EBA5C895EABB7ECBF98708F04491EF585D7191EB78DA48CB66
                                                                              Function 00539642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00539663
                                                                              • GetFileAttributesW.KERNEL32(?), ref: 005396A1
                                                                              • SetFileAttributesW.KERNEL32(?,?), ref: 005396BB
                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 005396D3
                                                                              • FindClose.KERNEL32(00000000), ref: 005396DE
                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 005396FA
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0053974A
                                                                              • SetCurrentDirectoryW.KERNEL32(00586B7C), ref: 00539768
                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 00539772
                                                                              • FindClose.KERNEL32(00000000), ref: 0053977F
                                                                              • FindClose.KERNEL32(00000000), ref: 0053978F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                              • String ID: *.*
                                                                              • API String ID: 1409584000-438819550
                                                                              • Opcode ID: d16127ec1fe8416de2ff1b1c2bd8fc049e92a5e6d01a5ba638e8c91f8cc949cf
                                                                              • Instruction ID: 21067e0427141c756a002dfb9b1de9258cfc8ee8be415fd79a85c9320bac657f
                                                                              • Opcode Fuzzy Hash: d16127ec1fe8416de2ff1b1c2bd8fc049e92a5e6d01a5ba638e8c91f8cc949cf
                                                                              • Instruction Fuzzy Hash: BD31D07654131A6EDB10AFB5DC59AEE3FACFF0A326F104096E915E20A0DB74DD448E14
                                                                              Function 0053979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 005397BE
                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00539819
                                                                              • FindClose.KERNEL32(00000000), ref: 00539824
                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 00539840
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00539890
                                                                              • SetCurrentDirectoryW.KERNEL32(00586B7C), ref: 005398AE
                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 005398B8
                                                                              • FindClose.KERNEL32(00000000), ref: 005398C5
                                                                              • FindClose.KERNEL32(00000000), ref: 005398D5
                                                                                • Part of subcall function 0052DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0052DB00
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                              • String ID: *.*
                                                                              • API String ID: 2640511053-438819550
                                                                              • Opcode ID: cb322eb3478037f6b202514291bf9fab89c3c691128b0a1037d620ab80089416
                                                                              • Instruction ID: 133abae265474c64edad1a081ba0f77b15b815ee6d60130698ac824d1f1fe6bc
                                                                              • Opcode Fuzzy Hash: cb322eb3478037f6b202514291bf9fab89c3c691128b0a1037d620ab80089416
                                                                              • Instruction Fuzzy Hash: A931C57150031A6EDB10AFB5DC58ADEBFACBF86325F104196E950A20A0DB74DD49CF64
                                                                              Function 0054BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0054C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0054B6AE,?,?), ref: 0054C9B5
                                                                                • Part of subcall function 0054C998: _wcslen.LIBCMT ref: 0054C9F1
                                                                                • Part of subcall function 0054C998: _wcslen.LIBCMT ref: 0054CA68
                                                                                • Part of subcall function 0054C998: _wcslen.LIBCMT ref: 0054CA9E
                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0054BF3E
                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0054BFA9
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0054BFCD
                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0054C02C
                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0054C0E7
                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0054C154
                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0054C1E9
                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0054C23A
                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0054C2E3
                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0054C382
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0054C38F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                              • String ID:
                                                                              • API String ID: 3102970594-0
                                                                              • Opcode ID: 5d73768c7a96379260c464990dd1203ef466da1a9372fee7dacfb3562f55e20a
                                                                              • Instruction ID: f475782953b0d94e3808274ddf5a176c0e41f2e4277a268547c446370d3edab0
                                                                              • Opcode Fuzzy Hash: 5d73768c7a96379260c464990dd1203ef466da1a9372fee7dacfb3562f55e20a
                                                                              • Instruction Fuzzy Hash: A5024A75604200AFD754DF28C895E6ABBE5BF89318F18C89DF84ACB2A2D731EC45CB51
                                                                              Function 00538195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLocalTime.KERNEL32(?), ref: 00538257
                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00538267
                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00538273
                                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00538310
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00538324
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00538356
                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0053838C
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00538395
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentDirectoryTime$File$Local$System
                                                                              • String ID: *.*
                                                                              • API String ID: 1464919966-438819550
                                                                              • Opcode ID: 1128e2b82df16f1f831387e65460a576702633a869b5293e971311dde1e0d703
                                                                              • Instruction ID: e9e5272e876ba9a15dbecd00b7e77820de0f4f0f408556acd96b28e3c0cc81cd
                                                                              • Opcode Fuzzy Hash: 1128e2b82df16f1f831387e65460a576702633a869b5293e971311dde1e0d703
                                                                              • Instruction Fuzzy Hash: 9A618B76504305AFC714EF61C885EAEB7E8FF89314F04492EF98987251DB35E909CB92
                                                                              Function 0052D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004C3A97,?,?,004C2E7F,?,?,?,00000000), ref: 004C3AC2
                                                                                • Part of subcall function 0052E199: GetFileAttributesW.KERNEL32(?,0052CF95), ref: 0052E19A
                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0052D122
                                                                              • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0052D1DD
                                                                              • MoveFileW.KERNEL32(?,?), ref: 0052D1F0
                                                                              • DeleteFileW.KERNEL32(?,?,?,?), ref: 0052D20D
                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 0052D237
                                                                                • Part of subcall function 0052D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0052D21C,?,?), ref: 0052D2B2
                                                                              • FindClose.KERNEL32(00000000,?,?,?), ref: 0052D253
                                                                              • FindClose.KERNEL32(00000000), ref: 0052D264
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                              • String ID: \*.*
                                                                              • API String ID: 1946585618-1173974218
                                                                              • Opcode ID: 18f1d722aedf2c6c1f290d9cc8209b8a5eef1a3491afc6ffe491c11915330ccc
                                                                              • Instruction ID: e50bdb5bfd25b347dec25d1e4d07832a307c5630379ac30e02a9b644bf3fcac1
                                                                              • Opcode Fuzzy Hash: 18f1d722aedf2c6c1f290d9cc8209b8a5eef1a3491afc6ffe491c11915330ccc
                                                                              • Instruction Fuzzy Hash: 05619E3580121DAECF05EBE1E996EEDBBB5BF52304F24416AE40273191EB346F09CB64
                                                                              Function 0053ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                              • String ID:
                                                                              • API String ID: 1737998785-0
                                                                              • Opcode ID: 383006626b76dba84f9169ba938c3f8241bc259325ac832b2df4351649a2ffac
                                                                              • Instruction ID: 09def7f3bf5f748ba480ed4b594999f4f4826c10cfef7a58d5ffba368ecf1256
                                                                              • Opcode Fuzzy Hash: 383006626b76dba84f9169ba938c3f8241bc259325ac832b2df4351649a2ffac
                                                                              • Instruction Fuzzy Hash: 0D41AB35204611AFE320CF19D89AF2ABFE5FF54329F14849DE4198B6A2C735ED42DB90
                                                                              Function 0052E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 005216C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0052170D
                                                                                • Part of subcall function 005216C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0052173A
                                                                                • Part of subcall function 005216C3: GetLastError.KERNEL32 ref: 0052174A
                                                                              • ExitWindowsEx.USER32(?,00000000), ref: 0052E932
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                              • String ID: $ $@$SeShutdownPrivilege
                                                                              • API String ID: 2234035333-3163812486
                                                                              • Opcode ID: d4539ec804cc045addfdb75b2c0e06951aca9e8237eefdb9be247568b4177d7b
                                                                              • Instruction ID: c6c1084ad4e457142ca5d30978dfc289b3767643c3acfb89e3bfe9950477496e
                                                                              • Opcode Fuzzy Hash: d4539ec804cc045addfdb75b2c0e06951aca9e8237eefdb9be247568b4177d7b
                                                                              • Instruction Fuzzy Hash: 6501A272610331AFEB5466B4BC9BBBF7A5CBF26751F150822F802E21D2D5A05C849294
                                                                              Function 00541204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00541276
                                                                              • WSAGetLastError.WSOCK32 ref: 00541283
                                                                              • bind.WSOCK32(00000000,?,00000010), ref: 005412BA
                                                                              • WSAGetLastError.WSOCK32 ref: 005412C5
                                                                              • closesocket.WSOCK32(00000000), ref: 005412F4
                                                                              • listen.WSOCK32(00000000,00000005), ref: 00541303
                                                                              • WSAGetLastError.WSOCK32 ref: 0054130D
                                                                              • closesocket.WSOCK32(00000000), ref: 0054133C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$closesocket$bindlistensocket
                                                                              • String ID:
                                                                              • API String ID: 540024437-0
                                                                              • Opcode ID: 422edf6ea2d9d203dd42f3f0deea4bb52a3d3c66daf45927007af8efeaaf29ab
                                                                              • Instruction ID: 55d923ad6f76510bf62783f5b473c939826826392c6b6c2a30cb93fad0db3c78
                                                                              • Opcode Fuzzy Hash: 422edf6ea2d9d203dd42f3f0deea4bb52a3d3c66daf45927007af8efeaaf29ab
                                                                              • Instruction Fuzzy Hash: F0418D356006009FD710DF65C498B6ABBE6BF56318F18859CE8568F292C771EC85CBA0
                                                                              Function 004FB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _free.LIBCMT ref: 004FB9D4
                                                                              • _free.LIBCMT ref: 004FB9F8
                                                                              • _free.LIBCMT ref: 004FBB7F
                                                                              • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00563700), ref: 004FBB91
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,0059121C,000000FF,00000000,0000003F,00000000,?,?), ref: 004FBC09
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00591270,000000FF,?,0000003F,00000000,?), ref: 004FBC36
                                                                              • _free.LIBCMT ref: 004FBD4B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                              • String ID:
                                                                              • API String ID: 314583886-0
                                                                              • Opcode ID: 62320bd6b36e3151ef0965be707fe026a0b1cc7f20526229bb3f6413336fabaf
                                                                              • Instruction ID: 11ee431ffb6ffc8d4a486f84f352347b48474aeab89cb56bf86e5d37f5e43c68
                                                                              • Opcode Fuzzy Hash: 62320bd6b36e3151ef0965be707fe026a0b1cc7f20526229bb3f6413336fabaf
                                                                              • Instruction Fuzzy Hash: 5FC12675A0424D9ECB20AF6ADC41ABF7BA8EF53310F14419FEA9097355E7389E0187D8
                                                                              Function 0052D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004C3A97,?,?,004C2E7F,?,?,?,00000000), ref: 004C3AC2
                                                                                • Part of subcall function 0052E199: GetFileAttributesW.KERNEL32(?,0052CF95), ref: 0052E19A
                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0052D420
                                                                              • DeleteFileW.KERNEL32(?,?,?,?), ref: 0052D470
                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 0052D481
                                                                              • FindClose.KERNEL32(00000000), ref: 0052D498
                                                                              • FindClose.KERNEL32(00000000), ref: 0052D4A1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                              • String ID: \*.*
                                                                              • API String ID: 2649000838-1173974218
                                                                              • Opcode ID: 25abb93335e5548c8577bb63b574b446ee760b7fc7af823be125675f5e669474
                                                                              • Instruction ID: 32ec43140407d92358558144b710d397e06713a804e8a640f5ddf02b372cd990
                                                                              • Opcode Fuzzy Hash: 25abb93335e5548c8577bb63b574b446ee760b7fc7af823be125675f5e669474
                                                                              • Instruction Fuzzy Hash: 63319E750083459FC644FF60D892DAF7BA8BE92308F444E1EF4D153191EB34AA198BA6
                                                                              Function 004FE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: __floor_pentium4
                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                              • API String ID: 4168288129-2761157908
                                                                              • Opcode ID: 900888decaec8311b6cdffcc165ef36aa55ff1f666d4225a7b828a8cdf189767
                                                                              • Instruction ID: 34e4c63f9c4aca8381f137775ea0e4530dfd139007d65c48f5732a2f985aedf7
                                                                              • Opcode Fuzzy Hash: 900888decaec8311b6cdffcc165ef36aa55ff1f666d4225a7b828a8cdf189767
                                                                              • Instruction Fuzzy Hash: DAC25871E086288FDB24CE299D407EAB7B5EF44305F1441EBDA0DE7250E778AE858F45
                                                                              Function 0053648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _wcslen.LIBCMT ref: 005364DC
                                                                              • CoInitialize.OLE32(00000000), ref: 00536639
                                                                              • CoCreateInstance.OLE32(0055FCF8,00000000,00000001,0055FB68,?), ref: 00536650
                                                                              • CoUninitialize.OLE32 ref: 005368D4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                              • String ID: .lnk
                                                                              • API String ID: 886957087-24824748
                                                                              • Opcode ID: 7ae3d2002c1f89b7df9eefff585e274a025885ed5f46e24a44cc649b7aa7ce4e
                                                                              • Instruction ID: 25626bfe4684892bbb42235922a8759f52b3d4264b731e44c0c6f3530d72ac98
                                                                              • Opcode Fuzzy Hash: 7ae3d2002c1f89b7df9eefff585e274a025885ed5f46e24a44cc649b7aa7ce4e
                                                                              • Instruction Fuzzy Hash: 47D14975508201AFC314EF25C891E6BBBE8FF98708F40896DF5958B291DB70ED05CBA6
                                                                              Function 005422DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetForegroundWindow.USER32(?,?,00000000), ref: 005422E8
                                                                                • Part of subcall function 0053E4EC: GetWindowRect.USER32(?,?), ref: 0053E504
                                                                              • GetDesktopWindow.USER32 ref: 00542312
                                                                              • GetWindowRect.USER32(00000000), ref: 00542319
                                                                              • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00542355
                                                                              • GetCursorPos.USER32(?), ref: 00542381
                                                                              • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 005423DF
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                              • String ID:
                                                                              • API String ID: 2387181109-0
                                                                              • Opcode ID: 535abbb3fbc7c60375db569385acd525bf62214e91d8006de503cb3a3f79f51e
                                                                              • Instruction ID: 3bc3b2234141b93265c6944840a1d445d86cd4a367e33893ac30addd0993b96f
                                                                              • Opcode Fuzzy Hash: 535abbb3fbc7c60375db569385acd525bf62214e91d8006de503cb3a3f79f51e
                                                                              • Instruction Fuzzy Hash: 5331CD72504325AFCB20DF54D849A9BBFA9FFC8318F400919F98597281DB34EA08CB92
                                                                              Function 00539B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                              • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00539B78
                                                                              • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00539C8B
                                                                                • Part of subcall function 00533874: GetInputState.USER32 ref: 005338CB
                                                                                • Part of subcall function 00533874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00533966
                                                                              • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00539BA8
                                                                              • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00539C75
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                              • String ID: *.*
                                                                              • API String ID: 1972594611-438819550
                                                                              • Opcode ID: 072ff5303ead462c27ded5c3e5dac8cda791f0c95c8afc6aa6dc6ff116e85a41
                                                                              • Instruction ID: 4c1f22dc8a1f7d41ad12194f7d057339c195b5fc280056f112e4b292a281fcd3
                                                                              • Opcode Fuzzy Hash: 072ff5303ead462c27ded5c3e5dac8cda791f0c95c8afc6aa6dc6ff116e85a41
                                                                              • Instruction Fuzzy Hash: 4741A1B190420EAFCF54DF64C899AEEBFB4FF05315F14415AE805A2191EB709E84CF64
                                                                              Function 004D997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004D9BB2
                                                                              • DefDlgProcW.USER32(?,?,?,?,?), ref: 004D9A4E
                                                                              • GetSysColor.USER32(0000000F), ref: 004D9B23
                                                                              • SetBkColor.GDI32(?,00000000), ref: 004D9B36
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Color$LongProcWindow
                                                                              • String ID:
                                                                              • API String ID: 3131106179-0
                                                                              • Opcode ID: c4cef436781c9d50ba303db5932a2b2dea00deb3a411be2265e9b14c06082305
                                                                              • Instruction ID: 1f2d8e09127116e56239f667b2c7ceb0c9c4caf33b6ff396cecdd5ff03178a30
                                                                              • Opcode Fuzzy Hash: c4cef436781c9d50ba303db5932a2b2dea00deb3a411be2265e9b14c06082305
                                                                              • Instruction Fuzzy Hash: E0A10A71108559BEF724AA2D8C7CDBB2EADFB86340F15020BF402C67D1DA2D9D46D27A
                                                                              Function 00541806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0054304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0054307A
                                                                                • Part of subcall function 0054304E: _wcslen.LIBCMT ref: 0054309B
                                                                              • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0054185D
                                                                              • WSAGetLastError.WSOCK32 ref: 00541884
                                                                              • bind.WSOCK32(00000000,?,00000010), ref: 005418DB
                                                                              • WSAGetLastError.WSOCK32 ref: 005418E6
                                                                              • closesocket.WSOCK32(00000000), ref: 00541915
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                              • String ID:
                                                                              • API String ID: 1601658205-0
                                                                              • Opcode ID: 98cd2bd48f06aa3fa29871a2aa40fc6b579db7060bc3b6f33a933e5b0f5c9bc5
                                                                              • Instruction ID: 84f86edaafd49a1227fcbe98e006496d56c1b78a7873838f3308955fff591e1a
                                                                              • Opcode Fuzzy Hash: 98cd2bd48f06aa3fa29871a2aa40fc6b579db7060bc3b6f33a933e5b0f5c9bc5
                                                                              • Instruction Fuzzy Hash: AC51C375A00200AFDB10AF25C896F6A7BE5EB4471CF08849DF90A5F3D3C775AD418BA5
                                                                              Function 00551C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                              • String ID:
                                                                              • API String ID: 292994002-0
                                                                              • Opcode ID: a26049902f48d524abd150c45ef90e3b3924f3226c4b81cd7784934cd7c7bb0b
                                                                              • Instruction ID: fba04dfedfc564f1eea5c36dadb2d6e191487b126a841a5f7e94d7d73b1785e5
                                                                              • Opcode Fuzzy Hash: a26049902f48d524abd150c45ef90e3b3924f3226c4b81cd7784934cd7c7bb0b
                                                                              • Instruction Fuzzy Hash: 9121A2317406015FD7208F1AC8A4F267FA5BF95316F18806EEC468B351CB72EC4ACB98
                                                                              Function 004C8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                              • API String ID: 0-1546025612
                                                                              • Opcode ID: 4e99fe97dfb84176a90cd8485e7f6364db91776a92dc17aad768880371f81cca
                                                                              • Instruction ID: 64ba89ba6ea104c0a905ebc0ba0bad2b3eaeece8997f64fb11b16b57444edba8
                                                                              • Opcode Fuzzy Hash: 4e99fe97dfb84176a90cd8485e7f6364db91776a92dc17aad768880371f81cca
                                                                              • Instruction Fuzzy Hash: CCA29E78E0021ACBDF64CF58C844BAEBBB1BB54310F2485AED815A7381EB749D91CF95
                                                                              Function 00528298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • lstrlenW.KERNEL32(?,?,?,00000000), ref: 005282AA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: lstrlen
                                                                              • String ID: ($tbX$|
                                                                              • API String ID: 1659193697-2861184411
                                                                              • Opcode ID: aa34774635f680391aaf77ab2d3a770c4f36f5f138c3402fa4861f7173c6aad3
                                                                              • Instruction ID: d9ac2e5e8cf5f5ffc8f1b1b63facc356c9420b5d19754d63223b95bdefa155c0
                                                                              • Opcode Fuzzy Hash: aa34774635f680391aaf77ab2d3a770c4f36f5f138c3402fa4861f7173c6aad3
                                                                              • Instruction Fuzzy Hash: CA323574A016159FCB28CF59D480A6ABBF0FF48710B15C86EE49ADB7A1EB70E941CB44
                                                                              Function 0052AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0052AAAC
                                                                              • SetKeyboardState.USER32(00000080), ref: 0052AAC8
                                                                              • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0052AB36
                                                                              • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0052AB88
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: KeyboardState$InputMessagePostSend
                                                                              • String ID:
                                                                              • API String ID: 432972143-0
                                                                              • Opcode ID: e1a5c09d2a571fc714156b1bbc48a9d570fa682d3273f864ea76749b705e0872
                                                                              • Instruction ID: 3fc02c182fa2495b4523ec3560d3c61e39eb98fc0af0d3598fa6f7dfa3a090bd
                                                                              • Opcode Fuzzy Hash: e1a5c09d2a571fc714156b1bbc48a9d570fa682d3273f864ea76749b705e0872
                                                                              • Instruction Fuzzy Hash: FE311830A40368AFFF358A64AC09BFA7FA6BF96310F04421AF181561D0D7758985D762
                                                                              Function 0053CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InternetReadFile.WININET(?,?,00000400,?), ref: 0053CE89
                                                                              • GetLastError.KERNEL32(?,00000000), ref: 0053CEEA
                                                                              • SetEvent.KERNEL32(?,?,00000000), ref: 0053CEFE
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorEventFileInternetLastRead
                                                                              • String ID:
                                                                              • API String ID: 234945975-0
                                                                              • Opcode ID: 98eefc0b98adb1df9b223e24206b1e0dd98c8fdea772d0b59f9a782e3de6c30f
                                                                              • Instruction ID: 1ffa443a9ed2204a8b5ed6b9879a2181b30a97a9f4dd1c3800db3bc83f4c7989
                                                                              • Opcode Fuzzy Hash: 98eefc0b98adb1df9b223e24206b1e0dd98c8fdea772d0b59f9a782e3de6c30f
                                                                              • Instruction Fuzzy Hash: 8F21BD71500305AFD721DFA6C948BAA7FFCFB10319F10481EE546E2151E774EE08AB54
                                                                              Function 00535C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00535CC1
                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00535D17
                                                                              • FindClose.KERNEL32(?), ref: 00535D5F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Find$File$CloseFirstNext
                                                                              • String ID:
                                                                              • API String ID: 3541575487-0
                                                                              • Opcode ID: 213a512172df91d6a5b7d7208f0484eafd525945463896782e797bd968271432
                                                                              • Instruction ID: f573e675f2b98a084e7456e663b6f5c15550891d1162f49c6a2d8d744052a9c6
                                                                              • Opcode Fuzzy Hash: 213a512172df91d6a5b7d7208f0484eafd525945463896782e797bd968271432
                                                                              • Instruction Fuzzy Hash: C0517774604B019FC714CF28C494E9ABBE4FF49318F14895EE99A8B3A2DB30ED05CB91
                                                                              Function 004F2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsDebuggerPresent.KERNEL32 ref: 004F271A
                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004F2724
                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 004F2731
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                              • String ID:
                                                                              • API String ID: 3906539128-0
                                                                              • Opcode ID: 69343221d4cf9c96764dce519bed71a827c833ecd2d8dfecc8720136cd74a12a
                                                                              • Instruction ID: ae6462342cb95d21993a3f638eccd1fcfa5c1248bab2693aa4a3f2e830df5947
                                                                              • Opcode Fuzzy Hash: 69343221d4cf9c96764dce519bed71a827c833ecd2d8dfecc8720136cd74a12a
                                                                              • Instruction Fuzzy Hash: 4931D37490131CABCB21DF69DD8879DBBB8AF18311F5041EAE81CA7260E7749F858F49
                                                                              Function 005351CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetErrorMode.KERNEL32(00000001), ref: 005351DA
                                                                              • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00535238
                                                                              • SetErrorMode.KERNEL32(00000000), ref: 005352A1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorMode$DiskFreeSpace
                                                                              • String ID:
                                                                              • API String ID: 1682464887-0
                                                                              • Opcode ID: 05107b1ad67242fb74a4f4a0e633df5c08adfc0ca392f8456165e91e59bb0096
                                                                              • Instruction ID: a84074554ec3d77b522773f8c10fdd2a232781da58afcc352969c69380908265
                                                                              • Opcode Fuzzy Hash: 05107b1ad67242fb74a4f4a0e633df5c08adfc0ca392f8456165e91e59bb0096
                                                                              • Instruction Fuzzy Hash: 24312175500618DFDB00DF55D894FADBBB4FF49318F448099E8059B392DB35E855CB90
                                                                              Function 005216C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004DFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 004E0668
                                                                                • Part of subcall function 004DFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 004E0685
                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0052170D
                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0052173A
                                                                              • GetLastError.KERNEL32 ref: 0052174A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                              • String ID:
                                                                              • API String ID: 577356006-0
                                                                              • Opcode ID: 5c13a82321901b1fbe572b6ec65979aa9688c1be8ece13e9368b2e533b6cac63
                                                                              • Instruction ID: b3940a2c02a61fa71d0b8b4e552b07591a0e07720fcb324ae3fb460a15447061
                                                                              • Opcode Fuzzy Hash: 5c13a82321901b1fbe572b6ec65979aa9688c1be8ece13e9368b2e533b6cac63
                                                                              • Instruction Fuzzy Hash: 5F11C1B2400304AFD7289F54EC86D6FBBB9FF44724B24852EE05657281EB70BC458A24
                                                                              Function 0052D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0052D608
                                                                              • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0052D645
                                                                              • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0052D650
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CloseControlCreateDeviceFileHandle
                                                                              • String ID:
                                                                              • API String ID: 33631002-0
                                                                              • Opcode ID: a3358a8ee7e6d321f2ea4d3bce8437c94a55ce50f5dcc2e62159331abf76c55b
                                                                              • Instruction ID: 74e37282c06e148e0ee802e7cb1d48329eec3f69a6ba31bd2736b32fa0e66cab
                                                                              • Opcode Fuzzy Hash: a3358a8ee7e6d321f2ea4d3bce8437c94a55ce50f5dcc2e62159331abf76c55b
                                                                              • Instruction Fuzzy Hash: F9117C75E01328BFDB108F94AC44FAFBFBCEB45B50F108111F914E7290C2705A058BA1
                                                                              Function 00521663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0052168C
                                                                              • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 005216A1
                                                                              • FreeSid.ADVAPI32(?), ref: 005216B1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                              • String ID:
                                                                              • API String ID: 3429775523-0
                                                                              • Opcode ID: 2cd128d6e2126ec2bb900ed5288ff317ea934f7a284c5c1faec159d2a4693e54
                                                                              • Instruction ID: 4c245142ba27b532e0b9dde6fd43beb1ec175b3c4b99eaf829aa64a608c03130
                                                                              • Opcode Fuzzy Hash: 2cd128d6e2126ec2bb900ed5288ff317ea934f7a284c5c1faec159d2a4693e54
                                                                              • Instruction Fuzzy Hash: D9F04471940308FFDB00CFE09C89AAEBBBCFB08301F004460E500E2190E330AA489A50
                                                                              Function 004FC2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: /
                                                                              • API String ID: 0-2043925204
                                                                              • Opcode ID: 37e45fb4740bc62e2f53c8e5acb0dc227b2850371639dde20dd1849129d0c65b
                                                                              • Instruction ID: 02fc217346cb5ef83575897708f231aa5f77532d59046d00dd315ae501366e79
                                                                              • Opcode Fuzzy Hash: 37e45fb4740bc62e2f53c8e5acb0dc227b2850371639dde20dd1849129d0c65b
                                                                              • Instruction Fuzzy Hash: 7F415B7290021DAFCB209FB9CD88DBB77B9EB84354F1042AEFA05D7280E6749D41CB58
                                                                              Function 0051D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetUserNameW.ADVAPI32(?,?), ref: 0051D28C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: NameUser
                                                                              • String ID: X64
                                                                              • API String ID: 2645101109-893830106
                                                                              • Opcode ID: 102588ebfba495c14a31336e648191166babb27a051905634a64686c36ed8ddc
                                                                              • Instruction ID: e5d4149a96193cbffd42782c865e83b242c9143a3483f14e931cc55029f7a7a4
                                                                              • Opcode Fuzzy Hash: 102588ebfba495c14a31336e648191166babb27a051905634a64686c36ed8ddc
                                                                              • Instruction Fuzzy Hash: F7D0C9B480121DEECF90CB90DC8CDDDB7BCBB14305F100552F106A2140D77895499F20
                                                                              Function 004ECAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                              • Instruction ID: 97b8041c90ea9d64b60f8da25372edf2a7007d280d0936b6ed3bd854995f53d0
                                                                              • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                              • Instruction Fuzzy Hash: D3022D72E002599FDF14CFA9C9806AEBBF1FF88315F25416AD919E7380D735A9428B84
                                                                              Function 004CCAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Variable is not of type 'Object'.$p#Y
                                                                              • API String ID: 0-1130651261
                                                                              • Opcode ID: 22a374bbba5275d4437b84b674094f0f61a9948af3116d13d54cb6041cddc9a0
                                                                              • Instruction ID: d3b9f31e80e10ad7b731ede3d0c8fc63584802922efc464728edfa9fb8f86a55
                                                                              • Opcode Fuzzy Hash: 22a374bbba5275d4437b84b674094f0f61a9948af3116d13d54cb6041cddc9a0
                                                                              • Instruction Fuzzy Hash: 9B328E38900218DBDF54DF91C881FEDBBB5BF05308F14406EE80AAB291D779AD86CB65
                                                                              Function 005368EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00536918
                                                                              • FindClose.KERNEL32(00000000), ref: 00536961
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Find$CloseFileFirst
                                                                              • String ID:
                                                                              • API String ID: 2295610775-0
                                                                              • Opcode ID: aa1aabdfa2ab20f7c0c82631a271fe1a056495e89c5a12ff1e38d8e5a62278ca
                                                                              • Instruction ID: da66f00b356aee9e30c1c4b5a10051196729b00a29c148df98dc31703cd6fa8a
                                                                              • Opcode Fuzzy Hash: aa1aabdfa2ab20f7c0c82631a271fe1a056495e89c5a12ff1e38d8e5a62278ca
                                                                              • Instruction Fuzzy Hash: 5E118E36604200AFC710DF2AD484B16BBE5FF85329F14C6ADE4698F6A2C734EC05CB91
                                                                              Function 005337B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00544891,?,?,00000035,?), ref: 005337E4
                                                                              • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00544891,?,?,00000035,?), ref: 005337F4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFormatLastMessage
                                                                              • String ID:
                                                                              • API String ID: 3479602957-0
                                                                              • Opcode ID: 74e96b663980e786d8ec030ce1ea5562c2e4d1dffd6e9b29d84360235d9b0eff
                                                                              • Instruction ID: 6ccf276c52f4ee5bca24d8d28084d4700ba7166ad37e98e1a7f1d2bbe5078434
                                                                              • Opcode Fuzzy Hash: 74e96b663980e786d8ec030ce1ea5562c2e4d1dffd6e9b29d84360235d9b0eff
                                                                              • Instruction Fuzzy Hash: BDF0E5B46043292AE72057668C4DFEB3FAEEFC4761F000165F509D3291DA609E08C7B0
                                                                              Function 0052B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0052B25D
                                                                              • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 0052B270
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InputSendkeybd_event
                                                                              • String ID:
                                                                              • API String ID: 3536248340-0
                                                                              • Opcode ID: 0a3468e86f70a6aebfab2a9c70549abc64bec941d87610b2ca41b52c44b8b9b3
                                                                              • Instruction ID: 8752ef0209687f1e59555adba4c796304cdc45f4f8e8b78bc28e0bd719a47dbc
                                                                              • Opcode Fuzzy Hash: 0a3468e86f70a6aebfab2a9c70549abc64bec941d87610b2ca41b52c44b8b9b3
                                                                              • Instruction Fuzzy Hash: 82F01D7580434DAFEB059FA0D805BAE7FB4FF09305F008409F955A5192D3798615DF94
                                                                              Function 005210BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,005211FC), ref: 005210D4
                                                                              • CloseHandle.KERNEL32(?,?,005211FC), ref: 005210E9
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: AdjustCloseHandlePrivilegesToken
                                                                              • String ID:
                                                                              • API String ID: 81990902-0
                                                                              • Opcode ID: 21e31cdaae530b8b821ab416d790dbb62c0aeebf34c97f9b71e671b3ef3b32c8
                                                                              • Instruction ID: c423975dd5cc16895d3ea4d4f275caa3f5ec4276f3e8aea2bcb61834b9cba1a5
                                                                              • Opcode Fuzzy Hash: 21e31cdaae530b8b821ab416d790dbb62c0aeebf34c97f9b71e671b3ef3b32c8
                                                                              • Instruction Fuzzy Hash: 8BE04F32004710AFE7252B52FC09E777BE9EF04311B10882EF4A6804B1DB626C94EB54
                                                                              Function 004F676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,004F6766,?,?,00000008,?,?,004FFEFE,00000000), ref: 004F6998
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionRaise
                                                                              • String ID:
                                                                              • API String ID: 3997070919-0
                                                                              • Opcode ID: 3f63ff6eb1b6358214d6ae1a16edc630b6cd9a969009941632bd0fb60dd3f2b1
                                                                              • Instruction ID: 1821daaafde5d95b90afbcebbc7898ae0bfaa0e1939d9c5a69b9c649605ca82a
                                                                              • Opcode Fuzzy Hash: 3f63ff6eb1b6358214d6ae1a16edc630b6cd9a969009941632bd0fb60dd3f2b1
                                                                              • Instruction Fuzzy Hash: F2B15B716106089FD715CF28C48AB667BE0FF05364F26865DE999CF3A2C339E982CB44
                                                                              Function 004DB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID: 0-3916222277
                                                                              • Opcode ID: 7067eab1fe6d0404854cb0037505e0a07aa98937ef545368f801e89a0186dfd6
                                                                              • Instruction ID: d039906e711c44909993f84f70388e99cd4fca0e253be219e91a51d6b7549cb9
                                                                              • Opcode Fuzzy Hash: 7067eab1fe6d0404854cb0037505e0a07aa98937ef545368f801e89a0186dfd6
                                                                              • Instruction Fuzzy Hash: 7E125C75900229DBDB24CF58C890AEEBBB5FF48310F15819BE849EB351DB349E81DB94
                                                                              Function 0053EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • BlockInput.USER32(00000001), ref: 0053EABD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: BlockInput
                                                                              • String ID:
                                                                              • API String ID: 3456056419-0
                                                                              • Opcode ID: 55b4cf1ccbd28c81588960c0f9b17ad7c8d2d1274ea12ea215b72de3dbe0a7ac
                                                                              • Instruction ID: a171583628cee21bf63dc2257848ab661211281cb952f7b6a7fe663097058cd0
                                                                              • Opcode Fuzzy Hash: 55b4cf1ccbd28c81588960c0f9b17ad7c8d2d1274ea12ea215b72de3dbe0a7ac
                                                                              • Instruction Fuzzy Hash: CFE01A35200205AFC710EF5AD849E9ABBE9BFA8764F00842AFC49C7391DA74A8418B90
                                                                              Function 004E09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,004E03EE), ref: 004E09DA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled
                                                                              • String ID:
                                                                              • API String ID: 3192549508-0
                                                                              • Opcode ID: 20edfc45f0371fb32660ed656c904051edd763acbf2c0c04064dfe949bbcdf65
                                                                              • Instruction ID: cd2d648f6445d4ddf683b917924291e433eb61e8181d70a2f447ccee9404de84
                                                                              • Opcode Fuzzy Hash: 20edfc45f0371fb32660ed656c904051edd763acbf2c0c04064dfe949bbcdf65
                                                                              • Instruction Fuzzy Hash:
                                                                              Function 004E781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 0
                                                                              • API String ID: 0-4108050209
                                                                              • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                              • Instruction ID: 5499a266ae92811b6334ad30e64f92a6185fb2cc9794c127bb8a51d3b33a18d8
                                                                              • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                              • Instruction Fuzzy Hash: 87517AB160C6C556EF38666B48597BF2785AF22366F18091FD886C7383C60DDE02D35E
                                                                              Function 00532046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 0&Y
                                                                              • API String ID: 0-172185334
                                                                              • Opcode ID: e68153a08c72ad09e1e74f28b5309fde83cc98706d5ce36fe10438f676ca7091
                                                                              • Instruction ID: 155d90be688c79a334343784ad09d7eeee75e9143c368e997d556bdceaaf2e8b
                                                                              • Opcode Fuzzy Hash: e68153a08c72ad09e1e74f28b5309fde83cc98706d5ce36fe10438f676ca7091
                                                                              • Instruction Fuzzy Hash: 2821A8326215118BD72CCE79C81767E77E5B764310F15862EE4A7C77D0DE35A908D780
                                                                              Function 004F6DD9 Relevance: .6, Instructions: 637COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 49b50b792d954534f7bc8044c99d5970b72710d85eb1e2bb41d764ad71b925ce
                                                                              • Instruction ID: c70d6b6a4652be171c8cfcd8ff4206ebc4cfdeeb072218a08231382057f8c352
                                                                              • Opcode Fuzzy Hash: 49b50b792d954534f7bc8044c99d5970b72710d85eb1e2bb41d764ad71b925ce
                                                                              • Instruction Fuzzy Hash: 73323222D29F054DD7239638C822336A249AFB73C5F15D737E81AB6AA9EB6DC4835101
                                                                              Function 004DCC39 Relevance: .6, Instructions: 635COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7b995b8551ddad08cb4cb69c8004601a2ec0e5323d078a118d3858e55cf605f5
                                                                              • Instruction ID: 7bbbf69a2e5c8ce1be9138b6a33ef533a6d4788ca6dc24e739ac2133e3964176
                                                                              • Opcode Fuzzy Hash: 7b995b8551ddad08cb4cb69c8004601a2ec0e5323d078a118d3858e55cf605f5
                                                                              • Instruction Fuzzy Hash: BD322231A841468BEF28CA28C4E06FD7FA1FF45700F28856BD95A9B791D236DDC1DB41
                                                                              Function 004C7920 Relevance: .6, Instructions: 563COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a498140282ff7b756d108196a96e8fb62fab5a0955f870b1ddd1a77894e12461
                                                                              • Instruction ID: 109e422861a7ebd8cfb5fc6ee288b153d388972590effffe62f113e405f0f9f3
                                                                              • Opcode Fuzzy Hash: a498140282ff7b756d108196a96e8fb62fab5a0955f870b1ddd1a77894e12461
                                                                              • Instruction Fuzzy Hash: 6822BEB4A0060A9FDF14CFA5C881BAEB7B5FF44304F14452EE816A7291EB3AAD15CF54
                                                                              Function 004C91C0 Relevance: .5, Instructions: 475COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7887dd2dda6e4ea567fbd4b478b69630267142b7a89bd1c591d3a7a9afe54792
                                                                              • Instruction ID: 0a9e8ffef574efd4c888f43d62e333aa89a6a75c4600a71b7162726a997ed968
                                                                              • Opcode Fuzzy Hash: 7887dd2dda6e4ea567fbd4b478b69630267142b7a89bd1c591d3a7a9afe54792
                                                                              • Instruction Fuzzy Hash: 3C02E7B1A00205EBDB04DF55D846BAEBBB1FF44304F20856EE8069B3D1EB359E15CB95
                                                                              Function 004F9EEE Relevance: .3, Instructions: 294COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f0017ee9cf0135b095b32645df85f0c09a872cbcabe5ba8b6cb3dbf2f4732679
                                                                              • Instruction ID: 0ab1a64b983f8ba0321edc74d38766f60ebc2eca2d903581427b146e55dfe7eb
                                                                              • Opcode Fuzzy Hash: f0017ee9cf0135b095b32645df85f0c09a872cbcabe5ba8b6cb3dbf2f4732679
                                                                              • Instruction Fuzzy Hash: 60B10420E2AF404DD32396398831336B75CAFBB6D5F91D71BFC1A75E62EB2185879140
                                                                              Function 004E1C77 Relevance: .3, Instructions: 254COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                              • Instruction ID: 183afe6797239fc8e048e97a72505158f3c375fca73e51f93bfa68176536bddc
                                                                              • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                              • Instruction Fuzzy Hash: 479155726480E349DB29463F857443FFEE15B523A331A079FE4F2CA2E1EE389954D624
                                                                              Function 004E19B0 Relevance: .2, Instructions: 240COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                              • Instruction ID: 4cffc87fb7508be4e28bbfb70ac93497303f1ca68be1eae879c05a3ab171d88b
                                                                              • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                              • Instruction Fuzzy Hash: A49141722490E34EDB29427B857403EFEE15B923A331A07AFD4F2CA2E1FD389555D624
                                                                              Function 004E7A4A Relevance: .2, Instructions: 237COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 38973886dda92afe0f06c984d159e547cfba3b5c23a07d0839304a139f6ac320
                                                                              • Instruction ID: 457c9a1bf4cabde4bd8b022472edf5fc97bb2a6e4db5a98556d16e71c1b4259f
                                                                              • Opcode Fuzzy Hash: 38973886dda92afe0f06c984d159e547cfba3b5c23a07d0839304a139f6ac320
                                                                              • Instruction Fuzzy Hash: 07614B716087C59ADE34992B48557BF3394DF4177BF20092FE982DB382D51DAE42831E
                                                                              Function 004E7CA7 Relevance: .2, Instructions: 237COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b2180561514fac8d21c9656b0ff06f7ee3cd98a4be92c753a5539eb472910142
                                                                              • Instruction ID: 4fc46a3a4e1e45f33f0cee6bae4df7fd4eacef4c4dca7ef167ee717001866471
                                                                              • Opcode Fuzzy Hash: b2180561514fac8d21c9656b0ff06f7ee3cd98a4be92c753a5539eb472910142
                                                                              • Instruction Fuzzy Hash: 7D6179712087C966DE384A2F5C91FBF23899F41777F10095FE942CB381DA1E9D42821E
                                                                              Function 004E1706 Relevance: .2, Instructions: 232COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                              • Instruction ID: 9589cdd98b32c30e1a7e9e0dbac763f9748f97e4851554a02046b3d24da383d9
                                                                              • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                              • Instruction Fuzzy Hash: C08151726480E349DB29423B857443FFFE16B923A331A079FD4F2CA2E1EE388554D624
                                                                              Function 00542ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DeleteObject.GDI32(00000000), ref: 00542B30
                                                                              • DeleteObject.GDI32(00000000), ref: 00542B43
                                                                              • DestroyWindow.USER32 ref: 00542B52
                                                                              • GetDesktopWindow.USER32 ref: 00542B6D
                                                                              • GetWindowRect.USER32(00000000), ref: 00542B74
                                                                              • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00542CA3
                                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00542CB1
                                                                              • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00542CF8
                                                                              • GetClientRect.USER32(00000000,?), ref: 00542D04
                                                                              • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00542D40
                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00542D62
                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00542D75
                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00542D80
                                                                              • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00542D89
                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00542D98
                                                                              • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00542DA1
                                                                              • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00542DA8
                                                                              • GlobalFree.KERNEL32(00000000), ref: 00542DB3
                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00542DC5
                                                                              • OleLoadPicture.OLEAUT32(?,00000000,00000000,0055FC38,00000000), ref: 00542DDB
                                                                              • GlobalFree.KERNEL32(00000000), ref: 00542DEB
                                                                              • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00542E11
                                                                              • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00542E30
                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00542E52
                                                                              • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0054303F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                              • String ID: $AutoIt v3$DISPLAY$static
                                                                              • API String ID: 2211948467-2373415609
                                                                              • Opcode ID: bfe11cf8af592a6442470124a81ee56662b7c3577d594fd87ff2ca8109922bee
                                                                              • Instruction ID: 77be21a3ff5c4cce1f1bf437c6121b3bd7fffb55ef0f1ac090cdbe90e44f0ab5
                                                                              • Opcode Fuzzy Hash: bfe11cf8af592a6442470124a81ee56662b7c3577d594fd87ff2ca8109922bee
                                                                              • Instruction Fuzzy Hash: EA029975900219AFDB14CFA4CC89EAE7FB9FB58319F008549F815AB2A1CB34AD04DF60
                                                                              Function 005570D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetTextColor.GDI32(?,00000000), ref: 0055712F
                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00557160
                                                                              • GetSysColor.USER32(0000000F), ref: 0055716C
                                                                              • SetBkColor.GDI32(?,000000FF), ref: 00557186
                                                                              • SelectObject.GDI32(?,?), ref: 00557195
                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 005571C0
                                                                              • GetSysColor.USER32(00000010), ref: 005571C8
                                                                              • CreateSolidBrush.GDI32(00000000), ref: 005571CF
                                                                              • FrameRect.USER32(?,?,00000000), ref: 005571DE
                                                                              • DeleteObject.GDI32(00000000), ref: 005571E5
                                                                              • InflateRect.USER32(?,000000FE,000000FE), ref: 00557230
                                                                              • FillRect.USER32(?,?,?), ref: 00557262
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00557284
                                                                                • Part of subcall function 005573E8: GetSysColor.USER32(00000012), ref: 00557421
                                                                                • Part of subcall function 005573E8: SetTextColor.GDI32(?,?), ref: 00557425
                                                                                • Part of subcall function 005573E8: GetSysColorBrush.USER32(0000000F), ref: 0055743B
                                                                                • Part of subcall function 005573E8: GetSysColor.USER32(0000000F), ref: 00557446
                                                                                • Part of subcall function 005573E8: GetSysColor.USER32(00000011), ref: 00557463
                                                                                • Part of subcall function 005573E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00557471
                                                                                • Part of subcall function 005573E8: SelectObject.GDI32(?,00000000), ref: 00557482
                                                                                • Part of subcall function 005573E8: SetBkColor.GDI32(?,00000000), ref: 0055748B
                                                                                • Part of subcall function 005573E8: SelectObject.GDI32(?,?), ref: 00557498
                                                                                • Part of subcall function 005573E8: InflateRect.USER32(?,000000FF,000000FF), ref: 005574B7
                                                                                • Part of subcall function 005573E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 005574CE
                                                                                • Part of subcall function 005573E8: GetWindowLongW.USER32(00000000,000000F0), ref: 005574DB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                              • String ID:
                                                                              • API String ID: 4124339563-0
                                                                              • Opcode ID: f90f45f11a865b4dcab73b825a4ae0c863ed11b868b2ea41c1266189bbff20d5
                                                                              • Instruction ID: 3175131f4307e2ab6f7465e43bfc9bf5cbf4b93afe2445cde08b30b4331d6db6
                                                                              • Opcode Fuzzy Hash: f90f45f11a865b4dcab73b825a4ae0c863ed11b868b2ea41c1266189bbff20d5
                                                                              • Instruction Fuzzy Hash: AAA1A072008705AFDB009FA4DC58A5BBFA9FB59322F100A1AF9A2961E1D770E948DB51
                                                                              Function 004D8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DestroyWindow.USER32(?,?), ref: 004D8E14
                                                                              • SendMessageW.USER32(?,00001308,?,00000000), ref: 00516AC5
                                                                              • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00516AFE
                                                                              • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00516F43
                                                                                • Part of subcall function 004D8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,004D8BE8,?,00000000,?,?,?,?,004D8BBA,00000000,?), ref: 004D8FC5
                                                                              • SendMessageW.USER32(?,00001053), ref: 00516F7F
                                                                              • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00516F96
                                                                              • ImageList_Destroy.COMCTL32(00000000,?), ref: 00516FAC
                                                                              • ImageList_Destroy.COMCTL32(00000000,?), ref: 00516FB7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                              • String ID: 0
                                                                              • API String ID: 2760611726-4108050209
                                                                              • Opcode ID: 3922c4e98008dbf38342784919af6c80ce0fb3a74e617301838db49bfac0b11d
                                                                              • Instruction ID: d9f2b12ee94fd7239fa9fbc078f30935fab8f9d80162a03df28cd8663a9533bd
                                                                              • Opcode Fuzzy Hash: 3922c4e98008dbf38342784919af6c80ce0fb3a74e617301838db49bfac0b11d
                                                                              • Instruction Fuzzy Hash: C912AB302046129FEB25CF24C8A8BBABBE5FB54304F14456EE485CB261CB35EC96DF95
                                                                              Function 00542711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DestroyWindow.USER32(00000000), ref: 0054273E
                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0054286A
                                                                              • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 005428A9
                                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 005428B9
                                                                              • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00542900
                                                                              • GetClientRect.USER32(00000000,?), ref: 0054290C
                                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00542955
                                                                              • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00542964
                                                                              • GetStockObject.GDI32(00000011), ref: 00542974
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00542978
                                                                              • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00542988
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00542991
                                                                              • DeleteDC.GDI32(00000000), ref: 0054299A
                                                                              • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 005429C6
                                                                              • SendMessageW.USER32(00000030,00000000,00000001), ref: 005429DD
                                                                              • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00542A1D
                                                                              • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00542A31
                                                                              • SendMessageW.USER32(00000404,00000001,00000000), ref: 00542A42
                                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00542A77
                                                                              • GetStockObject.GDI32(00000011), ref: 00542A82
                                                                              • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00542A8D
                                                                              • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00542A97
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                              • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                              • API String ID: 2910397461-517079104
                                                                              • Opcode ID: e8809854bf53ac35091b8a2a195ddfb10bcf57542d22d3822c19ce680f6e0f77
                                                                              • Instruction ID: 46fef0308e63362cc6c1276e8fc1f61ee8819922495904c67bbf5347b19abc0e
                                                                              • Opcode Fuzzy Hash: e8809854bf53ac35091b8a2a195ddfb10bcf57542d22d3822c19ce680f6e0f77
                                                                              • Instruction Fuzzy Hash: 3CB17975A00215AFEB10DFA8CC8AFAE7BB9FB18715F008519F915E7290D774A904CBA4
                                                                              Function 00534ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetErrorMode.KERNEL32(00000001), ref: 00534AED
                                                                              • GetDriveTypeW.KERNEL32(?,0055CB68,?,\\.\,0055CC08), ref: 00534BCA
                                                                              • SetErrorMode.KERNEL32(00000000,0055CB68,?,\\.\,0055CC08), ref: 00534D36
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorMode$DriveType
                                                                              • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                              • API String ID: 2907320926-4222207086
                                                                              • Opcode ID: 91db8693b3d851133739f44378992ce0b1315557199aab8314a29a3e599810c4
                                                                              • Instruction ID: 266c592a24ad80c496d1b9a9d27ca023c69898e4d85dc165a6e898664a392034
                                                                              • Opcode Fuzzy Hash: 91db8693b3d851133739f44378992ce0b1315557199aab8314a29a3e599810c4
                                                                              • Instruction Fuzzy Hash: 5861A43460520A9FCB04EF14CA95E69BFA0FB44744F24981AFC06AB692DB35FD41DF51
                                                                              Function 005573E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSysColor.USER32(00000012), ref: 00557421
                                                                              • SetTextColor.GDI32(?,?), ref: 00557425
                                                                              • GetSysColorBrush.USER32(0000000F), ref: 0055743B
                                                                              • GetSysColor.USER32(0000000F), ref: 00557446
                                                                              • CreateSolidBrush.GDI32(?), ref: 0055744B
                                                                              • GetSysColor.USER32(00000011), ref: 00557463
                                                                              • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00557471
                                                                              • SelectObject.GDI32(?,00000000), ref: 00557482
                                                                              • SetBkColor.GDI32(?,00000000), ref: 0055748B
                                                                              • SelectObject.GDI32(?,?), ref: 00557498
                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 005574B7
                                                                              • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 005574CE
                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 005574DB
                                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0055752A
                                                                              • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00557554
                                                                              • InflateRect.USER32(?,000000FD,000000FD), ref: 00557572
                                                                              • DrawFocusRect.USER32(?,?), ref: 0055757D
                                                                              • GetSysColor.USER32(00000011), ref: 0055758E
                                                                              • SetTextColor.GDI32(?,00000000), ref: 00557596
                                                                              • DrawTextW.USER32(?,005570F5,000000FF,?,00000000), ref: 005575A8
                                                                              • SelectObject.GDI32(?,?), ref: 005575BF
                                                                              • DeleteObject.GDI32(?), ref: 005575CA
                                                                              • SelectObject.GDI32(?,?), ref: 005575D0
                                                                              • DeleteObject.GDI32(?), ref: 005575D5
                                                                              • SetTextColor.GDI32(?,?), ref: 005575DB
                                                                              • SetBkColor.GDI32(?,?), ref: 005575E5
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                              • String ID:
                                                                              • API String ID: 1996641542-0
                                                                              • Opcode ID: 01af1b6666f8905943937fbb7844e69a9393cc4e1a5c0aefd1dfd394179fb6b1
                                                                              • Instruction ID: 7759ffa78e0478bbb527d6db1657eb5766cefdb16fba999ab78234e0edde0d09
                                                                              • Opcode Fuzzy Hash: 01af1b6666f8905943937fbb7844e69a9393cc4e1a5c0aefd1dfd394179fb6b1
                                                                              • Instruction Fuzzy Hash: F4617E72900318AFDF019FA4DC59EAE7FB9FB08322F104116F916AB2A1E7749944DF90
                                                                              Function 00550FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCursorPos.USER32(?), ref: 00551128
                                                                              • GetDesktopWindow.USER32 ref: 0055113D
                                                                              • GetWindowRect.USER32(00000000), ref: 00551144
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00551199
                                                                              • DestroyWindow.USER32(?), ref: 005511B9
                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 005511ED
                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0055120B
                                                                              • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0055121D
                                                                              • SendMessageW.USER32(00000000,00000421,?,?), ref: 00551232
                                                                              • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00551245
                                                                              • IsWindowVisible.USER32(00000000), ref: 005512A1
                                                                              • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 005512BC
                                                                              • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 005512D0
                                                                              • GetWindowRect.USER32(00000000,?), ref: 005512E8
                                                                              • MonitorFromPoint.USER32(?,?,00000002), ref: 0055130E
                                                                              • GetMonitorInfoW.USER32(00000000,?), ref: 00551328
                                                                              • CopyRect.USER32(?,?), ref: 0055133F
                                                                              • SendMessageW.USER32(00000000,00000412,00000000), ref: 005513AA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                              • String ID: ($0$tooltips_class32
                                                                              • API String ID: 698492251-4156429822
                                                                              • Opcode ID: ba7d69ddce4d346c5d955060e436011272d2f3511f2c1ee72111f412ab54b7b3
                                                                              • Instruction ID: bd53515208f97cfbdbb0dfa3b74bb651b22650e837a8393db3adc8faa621d386
                                                                              • Opcode Fuzzy Hash: ba7d69ddce4d346c5d955060e436011272d2f3511f2c1ee72111f412ab54b7b3
                                                                              • Instruction Fuzzy Hash: FCB19A71604741AFD700DF65C898B6ABFE4FF84345F00891EF9999B2A1DB31E848CB95
                                                                              Function 00550241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CharUpperBuffW.USER32(?,?), ref: 005502E5
                                                                              • _wcslen.LIBCMT ref: 0055031F
                                                                              • _wcslen.LIBCMT ref: 00550389
                                                                              • _wcslen.LIBCMT ref: 005503F1
                                                                              • _wcslen.LIBCMT ref: 00550475
                                                                              • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 005504C5
                                                                              • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00550504
                                                                                • Part of subcall function 004DF9F2: _wcslen.LIBCMT ref: 004DF9FD
                                                                                • Part of subcall function 0052223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00522258
                                                                                • Part of subcall function 0052223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0052228A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                              • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                              • API String ID: 1103490817-719923060
                                                                              • Opcode ID: b92adabcf94da4852f8b090aec5600262264e25ab0165031894b7a7ed2748e96
                                                                              • Instruction ID: e9a9c43355a5aca6906fdfca1036f12067d974f1e6cf5d91963a9b09b6748fd1
                                                                              • Opcode Fuzzy Hash: b92adabcf94da4852f8b090aec5600262264e25ab0165031894b7a7ed2748e96
                                                                              • Instruction Fuzzy Hash: B0E1BE352082019FCB14EF25C46192ABBE1BF98359F14495EFC96AB3E1DB34ED49CB81
                                                                              Function 004D8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 004D8968
                                                                              • GetSystemMetrics.USER32(00000007), ref: 004D8970
                                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 004D899B
                                                                              • GetSystemMetrics.USER32(00000008), ref: 004D89A3
                                                                              • GetSystemMetrics.USER32(00000004), ref: 004D89C8
                                                                              • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 004D89E5
                                                                              • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 004D89F5
                                                                              • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 004D8A28
                                                                              • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 004D8A3C
                                                                              • GetClientRect.USER32(00000000,000000FF), ref: 004D8A5A
                                                                              • GetStockObject.GDI32(00000011), ref: 004D8A76
                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 004D8A81
                                                                                • Part of subcall function 004D912D: GetCursorPos.USER32(?), ref: 004D9141
                                                                                • Part of subcall function 004D912D: ScreenToClient.USER32(00000000,?), ref: 004D915E
                                                                                • Part of subcall function 004D912D: GetAsyncKeyState.USER32(00000001), ref: 004D9183
                                                                                • Part of subcall function 004D912D: GetAsyncKeyState.USER32(00000002), ref: 004D919D
                                                                              • SetTimer.USER32(00000000,00000000,00000028,004D90FC), ref: 004D8AA8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                              • String ID: AutoIt v3 GUI
                                                                              • API String ID: 1458621304-248962490
                                                                              • Opcode ID: 159fc020b520ffb5e78240c44ac20bcb2a4e69655647d05600192c394a4167d8
                                                                              • Instruction ID: 609c70766a09e6f8a0b549915e9ab0054fa0559b40e817acac160452f794fe2c
                                                                              • Opcode Fuzzy Hash: 159fc020b520ffb5e78240c44ac20bcb2a4e69655647d05600192c394a4167d8
                                                                              • Instruction Fuzzy Hash: 6DB18D71A0030AAFDF14DFA8CCA5BAE3BB5FB48315F11411AFA15A7290DB34E841DB55
                                                                              Function 00520D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 005210F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00521114
                                                                                • Part of subcall function 005210F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00520B9B,?,?,?), ref: 00521120
                                                                                • Part of subcall function 005210F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00520B9B,?,?,?), ref: 0052112F
                                                                                • Part of subcall function 005210F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00520B9B,?,?,?), ref: 00521136
                                                                                • Part of subcall function 005210F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0052114D
                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00520DF5
                                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00520E29
                                                                              • GetLengthSid.ADVAPI32(?), ref: 00520E40
                                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 00520E7A
                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00520E96
                                                                              • GetLengthSid.ADVAPI32(?), ref: 00520EAD
                                                                              • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00520EB5
                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00520EBC
                                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00520EDD
                                                                              • CopySid.ADVAPI32(00000000), ref: 00520EE4
                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00520F13
                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00520F35
                                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00520F47
                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00520F6E
                                                                              • HeapFree.KERNEL32(00000000), ref: 00520F75
                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00520F7E
                                                                              • HeapFree.KERNEL32(00000000), ref: 00520F85
                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00520F8E
                                                                              • HeapFree.KERNEL32(00000000), ref: 00520F95
                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00520FA1
                                                                              • HeapFree.KERNEL32(00000000), ref: 00520FA8
                                                                                • Part of subcall function 00521193: GetProcessHeap.KERNEL32(00000008,00520BB1,?,00000000,?,00520BB1,?), ref: 005211A1
                                                                                • Part of subcall function 00521193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00520BB1,?), ref: 005211A8
                                                                                • Part of subcall function 00521193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00520BB1,?), ref: 005211B7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                              • String ID:
                                                                              • API String ID: 4175595110-0
                                                                              • Opcode ID: e608f117d0136cea48b9928332c54ebcb7f68e43d51d989d3b5a4d36db2507fd
                                                                              • Instruction ID: ebd2736e45bccce4a9af9cc6d86cdc86a8c53c399b1d191cd558dd3516ae6520
                                                                              • Opcode Fuzzy Hash: e608f117d0136cea48b9928332c54ebcb7f68e43d51d989d3b5a4d36db2507fd
                                                                              • Instruction Fuzzy Hash: BB717C7290131AAFDF209FA4ED48BAEBFB8FF15311F044115F919A61D2D7309A09CB60
                                                                              Function 0054C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0054C4BD
                                                                              • RegCreateKeyExW.ADVAPI32(?,?,00000000,0055CC08,00000000,?,00000000,?,?), ref: 0054C544
                                                                              • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0054C5A4
                                                                              • _wcslen.LIBCMT ref: 0054C5F4
                                                                              • _wcslen.LIBCMT ref: 0054C66F
                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0054C6B2
                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0054C7C1
                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0054C84D
                                                                              • RegCloseKey.ADVAPI32(?), ref: 0054C881
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0054C88E
                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0054C960
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                              • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                              • API String ID: 9721498-966354055
                                                                              • Opcode ID: 67764c501c1b2d967cc5c6482d224e9688036b203b9a221c941344e9a39db9f2
                                                                              • Instruction ID: 840bf45b145a803fad3b2b78c0d0422274b3ab3f8b7b24d84c76fbb0afaacc2c
                                                                              • Opcode Fuzzy Hash: 67764c501c1b2d967cc5c6482d224e9688036b203b9a221c941344e9a39db9f2
                                                                              • Instruction Fuzzy Hash: 2E124739604201AFC754DF15C891F6ABBE5FF88718F04885DF84A9B2A2DB35ED41CB85
                                                                              Function 0055091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CharUpperBuffW.USER32(?,?), ref: 005509C6
                                                                              • _wcslen.LIBCMT ref: 00550A01
                                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00550A54
                                                                              • _wcslen.LIBCMT ref: 00550A8A
                                                                              • _wcslen.LIBCMT ref: 00550B06
                                                                              • _wcslen.LIBCMT ref: 00550B81
                                                                                • Part of subcall function 004DF9F2: _wcslen.LIBCMT ref: 004DF9FD
                                                                                • Part of subcall function 00522BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00522BFA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                              • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                              • API String ID: 1103490817-4258414348
                                                                              • Opcode ID: f5e1a784cadbca61a64ba48c875f6aff923ba92f3aa108d31ea9cfa73c9ed7ab
                                                                              • Instruction ID: db8927076c84aff178e37ecbd3ad779b4a09d0b78d3be8f9f60daf80710c3d90
                                                                              • Opcode Fuzzy Hash: f5e1a784cadbca61a64ba48c875f6aff923ba92f3aa108d31ea9cfa73c9ed7ab
                                                                              • Instruction Fuzzy Hash: 2AE190352083019FC714EF25C4A092ABBE1BF98359F14495EFC966B3A2D735ED49CB81
                                                                              Function 0054C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$BuffCharUpper
                                                                              • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                              • API String ID: 1256254125-909552448
                                                                              • Opcode ID: b3eca16c74d6aa45f7e9e8c70b77ecebb6769698b000152d8ffee7f4ef52a501
                                                                              • Instruction ID: 26489f321abb2e09fa0db13bc03aee7b1d5a2d9393fbdb0eb02765466245ca75
                                                                              • Opcode Fuzzy Hash: b3eca16c74d6aa45f7e9e8c70b77ecebb6769698b000152d8ffee7f4ef52a501
                                                                              • Instruction Fuzzy Hash: 5271153260112A8BCB60DE7AC8515FA3F91FFE475CB650529FC66A7284EA35CD44C3A0
                                                                              Function 0055833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _wcslen.LIBCMT ref: 0055835A
                                                                              • _wcslen.LIBCMT ref: 0055836E
                                                                              • _wcslen.LIBCMT ref: 00558391
                                                                              • _wcslen.LIBCMT ref: 005583B4
                                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 005583F2
                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00555BF2), ref: 0055844E
                                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00558487
                                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 005584CA
                                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00558501
                                                                              • FreeLibrary.KERNEL32(?), ref: 0055850D
                                                                              • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0055851D
                                                                              • DestroyIcon.USER32(?,?,?,?,?,00555BF2), ref: 0055852C
                                                                              • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00558549
                                                                              • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00558555
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                              • String ID: .dll$.exe$.icl
                                                                              • API String ID: 799131459-1154884017
                                                                              • Opcode ID: c341b64fdc5ad7af8f7ed8785c7398de9d97a27680840dd62c717e3ce739e784
                                                                              • Instruction ID: a39534ea7d18975dcafa9ed9dc0fb22b732ab1fd2a2676244e0208afc472a626
                                                                              • Opcode Fuzzy Hash: c341b64fdc5ad7af8f7ed8785c7398de9d97a27680840dd62c717e3ce739e784
                                                                              • Instruction Fuzzy Hash: 6361D071500305FEEB14DF65CC91BBE7BA8BB08726F10450AFD15E61D1EB74A988DBA0
                                                                              Function 004C7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                              • API String ID: 0-1645009161
                                                                              • Opcode ID: 83b9f4cd6b5a67c06ee19d5c8b975e57bf7fd6ea35b7c76c7ec8069ca7179d2a
                                                                              • Instruction ID: b6a186dde7b73e86c147669d79e9b501bff4ade209b4e216c5fe1da654262723
                                                                              • Opcode Fuzzy Hash: 83b9f4cd6b5a67c06ee19d5c8b975e57bf7fd6ea35b7c76c7ec8069ca7179d2a
                                                                              • Instruction Fuzzy Hash: F2810A75604205BBDB60AF65CC52FAF3BA4BF15304F04402FF905AB292EB78D915CBA9
                                                                              Function 00533E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CharLowerBuffW.USER32(?,?), ref: 00533EF8
                                                                              • _wcslen.LIBCMT ref: 00533F03
                                                                              • _wcslen.LIBCMT ref: 00533F5A
                                                                              • _wcslen.LIBCMT ref: 00533F98
                                                                              • GetDriveTypeW.KERNEL32(?), ref: 00533FD6
                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0053401E
                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00534059
                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00534087
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                              • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                              • API String ID: 1839972693-4113822522
                                                                              • Opcode ID: aef11a9390047fb5c24b8dfb94c3f6b3814a4195ba7cc2bce94cb32a529f3cf0
                                                                              • Instruction ID: e6bd6f9527b39f1302a39c0a6ebebcc5bba4b0abf2f0b17a523b8fcbf525a24e
                                                                              • Opcode Fuzzy Hash: aef11a9390047fb5c24b8dfb94c3f6b3814a4195ba7cc2bce94cb32a529f3cf0
                                                                              • Instruction Fuzzy Hash: D471E2766043029FC310EF25C88196ABBF4FF94758F40492EF896A7261EB38ED45CB91
                                                                              Function 00525A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadIconW.USER32(00000063), ref: 00525A2E
                                                                              • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00525A40
                                                                              • SetWindowTextW.USER32(?,?), ref: 00525A57
                                                                              • GetDlgItem.USER32(?,000003EA), ref: 00525A6C
                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00525A72
                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00525A82
                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00525A88
                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00525AA9
                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00525AC3
                                                                              • GetWindowRect.USER32(?,?), ref: 00525ACC
                                                                              • _wcslen.LIBCMT ref: 00525B33
                                                                              • SetWindowTextW.USER32(?,?), ref: 00525B6F
                                                                              • GetDesktopWindow.USER32 ref: 00525B75
                                                                              • GetWindowRect.USER32(00000000), ref: 00525B7C
                                                                              • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00525BD3
                                                                              • GetClientRect.USER32(?,?), ref: 00525BE0
                                                                              • PostMessageW.USER32(?,00000005,00000000,?), ref: 00525C05
                                                                              • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00525C2F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                              • String ID:
                                                                              • API String ID: 895679908-0
                                                                              • Opcode ID: 403a4509ea849b826f35ded119fe2f83fe876eed4d66494bcc80cde4dd9fe984
                                                                              • Instruction ID: bde9b7c4df3aa807276afa03ce345564d68e49cc69b71d17b6f25070b4bbfb85
                                                                              • Opcode Fuzzy Hash: 403a4509ea849b826f35ded119fe2f83fe876eed4d66494bcc80cde4dd9fe984
                                                                              • Instruction Fuzzy Hash: DB718E31900B19AFDB20DFA8DE89A6EBFF5FF48705F104918E583A25A0E774E944DB50
                                                                              Function 0053FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadCursorW.USER32(00000000,00007F89), ref: 0053FE27
                                                                              • LoadCursorW.USER32(00000000,00007F8A), ref: 0053FE32
                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 0053FE3D
                                                                              • LoadCursorW.USER32(00000000,00007F03), ref: 0053FE48
                                                                              • LoadCursorW.USER32(00000000,00007F8B), ref: 0053FE53
                                                                              • LoadCursorW.USER32(00000000,00007F01), ref: 0053FE5E
                                                                              • LoadCursorW.USER32(00000000,00007F81), ref: 0053FE69
                                                                              • LoadCursorW.USER32(00000000,00007F88), ref: 0053FE74
                                                                              • LoadCursorW.USER32(00000000,00007F80), ref: 0053FE7F
                                                                              • LoadCursorW.USER32(00000000,00007F86), ref: 0053FE8A
                                                                              • LoadCursorW.USER32(00000000,00007F83), ref: 0053FE95
                                                                              • LoadCursorW.USER32(00000000,00007F85), ref: 0053FEA0
                                                                              • LoadCursorW.USER32(00000000,00007F82), ref: 0053FEAB
                                                                              • LoadCursorW.USER32(00000000,00007F84), ref: 0053FEB6
                                                                              • LoadCursorW.USER32(00000000,00007F04), ref: 0053FEC1
                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 0053FECC
                                                                              • GetCursorInfo.USER32(?), ref: 0053FEDC
                                                                              • GetLastError.KERNEL32 ref: 0053FF1E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Cursor$Load$ErrorInfoLast
                                                                              • String ID:
                                                                              • API String ID: 3215588206-0
                                                                              • Opcode ID: f987f56733ba2694ca978e8e61c26b3955ef39a9e17220e22fef4bdb7f2abf90
                                                                              • Instruction ID: 24afc0cf1edb86f3e513809bbdd3398654f24b44de1c61230346b008f4f17066
                                                                              • Opcode Fuzzy Hash: f987f56733ba2694ca978e8e61c26b3955ef39a9e17220e22fef4bdb7f2abf90
                                                                              • Instruction Fuzzy Hash: 744122B0D043196ADB109FBA8C89C5EBFE8FF04754B50452AE51DE7291DB78E901CF91
                                                                              Function 005230F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen
                                                                              • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[X
                                                                              • API String ID: 176396367-2240712376
                                                                              • Opcode ID: 93c745c2ca23716bfe8fc05ee191298fa1b0aeccec626d88ef1eefbe6372ccc4
                                                                              • Instruction ID: 4115b29783d3b989160c3cc6bc7ca8bfa184d9a4e9a0d8e788e52068e863f1ef
                                                                              • Opcode Fuzzy Hash: 93c745c2ca23716bfe8fc05ee191298fa1b0aeccec626d88ef1eefbe6372ccc4
                                                                              • Instruction Fuzzy Hash: 3DE1F532A005269BCF18EF64D451AEDBFB0BF55714F14855AE856B3280EB38AF85C7D0
                                                                              Function 004E00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 004E00C6
                                                                                • Part of subcall function 004E00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0059070C,00000FA0,E14519C3,?,?,?,?,005023B3,000000FF), ref: 004E011C
                                                                                • Part of subcall function 004E00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,005023B3,000000FF), ref: 004E0127
                                                                                • Part of subcall function 004E00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,005023B3,000000FF), ref: 004E0138
                                                                                • Part of subcall function 004E00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 004E014E
                                                                                • Part of subcall function 004E00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 004E015C
                                                                                • Part of subcall function 004E00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 004E016A
                                                                                • Part of subcall function 004E00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 004E0195
                                                                                • Part of subcall function 004E00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 004E01A0
                                                                              • ___scrt_fastfail.LIBCMT ref: 004E00E7
                                                                                • Part of subcall function 004E00A3: __onexit.LIBCMT ref: 004E00A9
                                                                              Strings
                                                                              • kernel32.dll, xrefs: 004E0133
                                                                              • InitializeConditionVariable, xrefs: 004E0148
                                                                              • SleepConditionVariableCS, xrefs: 004E0154
                                                                              • api-ms-win-core-synch-l1-2-0.dll, xrefs: 004E0122
                                                                              • WakeAllConditionVariable, xrefs: 004E0162
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                              • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                              • API String ID: 66158676-1714406822
                                                                              • Opcode ID: af5a255e6a5684a1a4108756249e293943e7787969a499a0946ae24597c1fa39
                                                                              • Instruction ID: 64b1ed0a6b91413665fd5bfb3d0fd159354a74f03ab1884b30aaf64e251888a6
                                                                              • Opcode Fuzzy Hash: af5a255e6a5684a1a4108756249e293943e7787969a499a0946ae24597c1fa39
                                                                              • Instruction Fuzzy Hash: F62129326447406FD7106BB6AC15B2E7BE4EB14B67F00052BFC11A63D1DBB89C48DA98
                                                                              Function 005344C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CharLowerBuffW.USER32(00000000,00000000,0055CC08), ref: 00534527
                                                                              • _wcslen.LIBCMT ref: 0053453B
                                                                              • _wcslen.LIBCMT ref: 00534599
                                                                              • _wcslen.LIBCMT ref: 005345F4
                                                                              • _wcslen.LIBCMT ref: 0053463F
                                                                              • _wcslen.LIBCMT ref: 005346A7
                                                                                • Part of subcall function 004DF9F2: _wcslen.LIBCMT ref: 004DF9FD
                                                                              • GetDriveTypeW.KERNEL32(?,00586BF0,00000061), ref: 00534743
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$BuffCharDriveLowerType
                                                                              • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                              • API String ID: 2055661098-1000479233
                                                                              • Opcode ID: 7d5eae4929f193acafba094f31f4f8fbebe042160c9779486605b229b4ef448d
                                                                              • Instruction ID: e9f99d6c889050df7b7a67064753e965c5282973dfa5a7e77113bab5bc699170
                                                                              • Opcode Fuzzy Hash: 7d5eae4929f193acafba094f31f4f8fbebe042160c9779486605b229b4ef448d
                                                                              • Instruction Fuzzy Hash: DEB10E716083029FC310DF29C891A6ABBE4FFA5768F10891EF496C7291D734E845CFA2
                                                                              Function 0055911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004D9BB2
                                                                              • DragQueryPoint.SHELL32(?,?), ref: 00559147
                                                                                • Part of subcall function 00557674: ClientToScreen.USER32(?,?), ref: 0055769A
                                                                                • Part of subcall function 00557674: GetWindowRect.USER32(?,?), ref: 00557710
                                                                                • Part of subcall function 00557674: PtInRect.USER32(?,?,00558B89), ref: 00557720
                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 005591B0
                                                                              • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 005591BB
                                                                              • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 005591DE
                                                                              • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00559225
                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 0055923E
                                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 00559255
                                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 00559277
                                                                              • DragFinish.SHELL32(?), ref: 0055927E
                                                                              • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00559371
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                              • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#Y
                                                                              • API String ID: 221274066-1660863757
                                                                              • Opcode ID: c6f9c846b6b0a22f18d8407abb6c06fd18b5bdb4d96cf7fff18a956f45622db5
                                                                              • Instruction ID: 0fcce73d61759e5062c8dadcde291d7a89e2be220a5800717a052e664d4f8dd6
                                                                              • Opcode Fuzzy Hash: c6f9c846b6b0a22f18d8407abb6c06fd18b5bdb4d96cf7fff18a956f45622db5
                                                                              • Instruction Fuzzy Hash: E0617771108301AFC701EF65DC99EABBFE8FB98355F00092EF995971A0DB309A49CB56
                                                                              Function 0054AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _wcslen.LIBCMT ref: 0054B198
                                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0054B1B0
                                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0054B1D4
                                                                              • _wcslen.LIBCMT ref: 0054B200
                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0054B214
                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0054B236
                                                                              • _wcslen.LIBCMT ref: 0054B332
                                                                                • Part of subcall function 005305A7: GetStdHandle.KERNEL32(000000F6), ref: 005305C6
                                                                              • _wcslen.LIBCMT ref: 0054B34B
                                                                              • _wcslen.LIBCMT ref: 0054B366
                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0054B3B6
                                                                              • GetLastError.KERNEL32(00000000), ref: 0054B407
                                                                              • CloseHandle.KERNEL32(?), ref: 0054B439
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0054B44A
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0054B45C
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0054B46E
                                                                              • CloseHandle.KERNEL32(?), ref: 0054B4E3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                              • String ID:
                                                                              • API String ID: 2178637699-0
                                                                              • Opcode ID: f5ee658d6e9089ac4a3c7fc3482ed1ef62e8aaea282f7aa20e1971f8d5f63216
                                                                              • Instruction ID: 7ef81e05430f33302689efefa418a2401a8128e2932ddfbc0147a75725fc722c
                                                                              • Opcode Fuzzy Hash: f5ee658d6e9089ac4a3c7fc3482ed1ef62e8aaea282f7aa20e1971f8d5f63216
                                                                              • Instruction Fuzzy Hash: DDF1C2355083009FD714EF25C895B6EBBE5BF85318F14895EF8895B2A2CB35EC04CB56
                                                                              Function 004C326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenuItemCount.USER32(00591990), ref: 00502F8D
                                                                              • GetMenuItemCount.USER32(00591990), ref: 0050303D
                                                                              • GetCursorPos.USER32(?), ref: 00503081
                                                                              • SetForegroundWindow.USER32(00000000), ref: 0050308A
                                                                              • TrackPopupMenuEx.USER32(00591990,00000000,?,00000000,00000000,00000000), ref: 0050309D
                                                                              • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 005030A9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                              • String ID: 0
                                                                              • API String ID: 36266755-4108050209
                                                                              • Opcode ID: c8cf8bcbb197a46555ac32f88adb0ab0951cc64b8f1e335cd4bd55036b8e4f97
                                                                              • Instruction ID: 9c98b9118c5d7f149b2eef66964686e6c225e825f408b8e4b8943b4ce36044a4
                                                                              • Opcode Fuzzy Hash: c8cf8bcbb197a46555ac32f88adb0ab0951cc64b8f1e335cd4bd55036b8e4f97
                                                                              • Instruction Fuzzy Hash: 4C710570640216BEEB218F64DC9EFAEBF68FF01364F204246F9256A1E0C7B1AD14DB51
                                                                              Function 00556CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DestroyWindow.USER32(00000000,?), ref: 00556DEB
                                                                                • Part of subcall function 004C6B57: _wcslen.LIBCMT ref: 004C6B6A
                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00556E5F
                                                                              • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00556E81
                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00556E94
                                                                              • DestroyWindow.USER32(?), ref: 00556EB5
                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,004C0000,00000000), ref: 00556EE4
                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00556EFD
                                                                              • GetDesktopWindow.USER32 ref: 00556F16
                                                                              • GetWindowRect.USER32(00000000), ref: 00556F1D
                                                                              • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00556F35
                                                                              • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00556F4D
                                                                                • Part of subcall function 004D9944: GetWindowLongW.USER32(?,000000EB), ref: 004D9952
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                              • String ID: 0$tooltips_class32
                                                                              • API String ID: 2429346358-3619404913
                                                                              • Opcode ID: b46b927c241e87e3aaaf713dd691b68ac97e4dc2be4f682013245af1059e79eb
                                                                              • Instruction ID: 5e3041387054daab58a7dac027d8632652795fbeaa6f5b0f33420d60243df79b
                                                                              • Opcode Fuzzy Hash: b46b927c241e87e3aaaf713dd691b68ac97e4dc2be4f682013245af1059e79eb
                                                                              • Instruction Fuzzy Hash: 23717874504385AFDB21CF18DCA4FAABBE9FF99305F44091EF98987260C770A90ADB15
                                                                              Function 0053C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0053C4B0
                                                                              • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0053C4C3
                                                                              • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0053C4D7
                                                                              • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0053C4F0
                                                                              • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0053C533
                                                                              • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0053C549
                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0053C554
                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0053C584
                                                                              • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0053C5DC
                                                                              • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0053C5F0
                                                                              • InternetCloseHandle.WININET(00000000), ref: 0053C5FB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                              • String ID:
                                                                              • API String ID: 3800310941-3916222277
                                                                              • Opcode ID: ff00df9cb4d660ca29ab2ea4cea9f726ecdc209b23b2b00595d258b4c760c764
                                                                              • Instruction ID: 6cda99ba0b8d5f72ce2199fbf8972c21ef95064ee3f19b5e82cb89914edaab15
                                                                              • Opcode Fuzzy Hash: ff00df9cb4d660ca29ab2ea4cea9f726ecdc209b23b2b00595d258b4c760c764
                                                                              • Instruction Fuzzy Hash: 095138B1500309BFDB219F64C988AAB7FBCFB18755F00441AF946A6610EB34E948EB60
                                                                              Function 0055856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00558592
                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005585A2
                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005585AD
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005585BA
                                                                              • GlobalLock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005585C8
                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005585D7
                                                                              • GlobalUnlock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005585E0
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005585E7
                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 005585F8
                                                                              • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0055FC38,?), ref: 00558611
                                                                              • GlobalFree.KERNEL32(00000000), ref: 00558621
                                                                              • GetObjectW.GDI32(?,00000018,?), ref: 00558641
                                                                              • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00558671
                                                                              • DeleteObject.GDI32(?), ref: 00558699
                                                                              • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 005586AF
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                              • String ID:
                                                                              • API String ID: 3840717409-0
                                                                              • Opcode ID: 1ea85394ee2e231a0183b7467093b659a581d558f8c448d365a63ebc7bc5fa31
                                                                              • Instruction ID: f36726cbffc356889c4a0dc76d155c4fa00ae22266651845ef4f0499d64343e0
                                                                              • Opcode Fuzzy Hash: 1ea85394ee2e231a0183b7467093b659a581d558f8c448d365a63ebc7bc5fa31
                                                                              • Instruction Fuzzy Hash: DB410975600308BFDB119FA5CC58EAA7FB8FF99712F104059F906EB260DB309949DB60
                                                                              Function 005314BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VariantInit.OLEAUT32(00000000), ref: 00531502
                                                                              • VariantCopy.OLEAUT32(?,?), ref: 0053150B
                                                                              • VariantClear.OLEAUT32(?), ref: 00531517
                                                                              • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 005315FB
                                                                              • VarR8FromDec.OLEAUT32(?,?), ref: 00531657
                                                                              • VariantInit.OLEAUT32(?), ref: 00531708
                                                                              • SysFreeString.OLEAUT32(?), ref: 0053178C
                                                                              • VariantClear.OLEAUT32(?), ref: 005317D8
                                                                              • VariantClear.OLEAUT32(?), ref: 005317E7
                                                                              • VariantInit.OLEAUT32(00000000), ref: 00531823
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                              • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                              • API String ID: 1234038744-3931177956
                                                                              • Opcode ID: c44c51480f6d2bf53e7eacae62b18c9a698b51f93c454b4a93d8bd4396c6f8f6
                                                                              • Instruction ID: dc2393ef5b716bd635fbe5820bf3c20c61a8d43ff3cf08c55681bf7bd117638c
                                                                              • Opcode Fuzzy Hash: c44c51480f6d2bf53e7eacae62b18c9a698b51f93c454b4a93d8bd4396c6f8f6
                                                                              • Instruction Fuzzy Hash: 1DD10231A00A05EBDB109FB5E895B7DBBB5BF44704F14885AF406AB280DB34EC45DF69
                                                                              Function 0054B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                                • Part of subcall function 0054C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0054B6AE,?,?), ref: 0054C9B5
                                                                                • Part of subcall function 0054C998: _wcslen.LIBCMT ref: 0054C9F1
                                                                                • Part of subcall function 0054C998: _wcslen.LIBCMT ref: 0054CA68
                                                                                • Part of subcall function 0054C998: _wcslen.LIBCMT ref: 0054CA9E
                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0054B6F4
                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0054B772
                                                                              • RegDeleteValueW.ADVAPI32(?,?), ref: 0054B80A
                                                                              • RegCloseKey.ADVAPI32(?), ref: 0054B87E
                                                                              • RegCloseKey.ADVAPI32(?), ref: 0054B89C
                                                                              • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0054B8F2
                                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0054B904
                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 0054B922
                                                                              • FreeLibrary.KERNEL32(00000000), ref: 0054B983
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0054B994
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                                              • API String ID: 146587525-4033151799
                                                                              • Opcode ID: cb5bae84313ca08648e5bfbbbf14b028b856779297a476695df4f2d893420b2b
                                                                              • Instruction ID: ed26d3bf69737a8f873c8820fc8ad4209e6e277c79e679ad07553ff2a9b1cf5c
                                                                              • Opcode Fuzzy Hash: cb5bae84313ca08648e5bfbbbf14b028b856779297a476695df4f2d893420b2b
                                                                              • Instruction Fuzzy Hash: 44C18C34208201AFE714DF25C495F6ABBE5FF84318F14895DF49A8B2A2CB35ED46CB91
                                                                              Function 0054255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDC.USER32(00000000), ref: 005425D8
                                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 005425E8
                                                                              • CreateCompatibleDC.GDI32(?), ref: 005425F4
                                                                              • SelectObject.GDI32(00000000,?), ref: 00542601
                                                                              • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0054266D
                                                                              • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 005426AC
                                                                              • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 005426D0
                                                                              • SelectObject.GDI32(?,?), ref: 005426D8
                                                                              • DeleteObject.GDI32(?), ref: 005426E1
                                                                              • DeleteDC.GDI32(?), ref: 005426E8
                                                                              • ReleaseDC.USER32(00000000,?), ref: 005426F3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                              • String ID: (
                                                                              • API String ID: 2598888154-3887548279
                                                                              • Opcode ID: 3dc33b2444e5e25c8b081e4cb62b2704bae0560e6409fe37aabf31c696e6ec47
                                                                              • Instruction ID: 517b12b5ad753a4f220fcc5e1e5296d21c19797829d42b5d1f69c6e33551da68
                                                                              • Opcode Fuzzy Hash: 3dc33b2444e5e25c8b081e4cb62b2704bae0560e6409fe37aabf31c696e6ec47
                                                                              • Instruction Fuzzy Hash: 4F61E175D00219EFCF04CFA8D888AAEBBF5FF48314F20852AE956A7250D770A941DF54
                                                                              Function 004FDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___free_lconv_mon.LIBCMT ref: 004FDAA1
                                                                                • Part of subcall function 004FD63C: _free.LIBCMT ref: 004FD659
                                                                                • Part of subcall function 004FD63C: _free.LIBCMT ref: 004FD66B
                                                                                • Part of subcall function 004FD63C: _free.LIBCMT ref: 004FD67D
                                                                                • Part of subcall function 004FD63C: _free.LIBCMT ref: 004FD68F
                                                                                • Part of subcall function 004FD63C: _free.LIBCMT ref: 004FD6A1
                                                                                • Part of subcall function 004FD63C: _free.LIBCMT ref: 004FD6B3
                                                                                • Part of subcall function 004FD63C: _free.LIBCMT ref: 004FD6C5
                                                                                • Part of subcall function 004FD63C: _free.LIBCMT ref: 004FD6D7
                                                                                • Part of subcall function 004FD63C: _free.LIBCMT ref: 004FD6E9
                                                                                • Part of subcall function 004FD63C: _free.LIBCMT ref: 004FD6FB
                                                                                • Part of subcall function 004FD63C: _free.LIBCMT ref: 004FD70D
                                                                                • Part of subcall function 004FD63C: _free.LIBCMT ref: 004FD71F
                                                                                • Part of subcall function 004FD63C: _free.LIBCMT ref: 004FD731
                                                                              • _free.LIBCMT ref: 004FDA96
                                                                                • Part of subcall function 004F29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004FD7D1,00000000,00000000,00000000,00000000,?,004FD7F8,00000000,00000007,00000000,?,004FDBF5,00000000), ref: 004F29DE
                                                                                • Part of subcall function 004F29C8: GetLastError.KERNEL32(00000000,?,004FD7D1,00000000,00000000,00000000,00000000,?,004FD7F8,00000000,00000007,00000000,?,004FDBF5,00000000,00000000), ref: 004F29F0
                                                                              • _free.LIBCMT ref: 004FDAB8
                                                                              • _free.LIBCMT ref: 004FDACD
                                                                              • _free.LIBCMT ref: 004FDAD8
                                                                              • _free.LIBCMT ref: 004FDAFA
                                                                              • _free.LIBCMT ref: 004FDB0D
                                                                              • _free.LIBCMT ref: 004FDB1B
                                                                              • _free.LIBCMT ref: 004FDB26
                                                                              • _free.LIBCMT ref: 004FDB5E
                                                                              • _free.LIBCMT ref: 004FDB65
                                                                              • _free.LIBCMT ref: 004FDB82
                                                                              • _free.LIBCMT ref: 004FDB9A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                              • String ID:
                                                                              • API String ID: 161543041-0
                                                                              • Opcode ID: 558deacdd2c7cf1130289eb61f74e602d77c7a0a18ce8fd844d0a76db2045af3
                                                                              • Instruction ID: 07770ae29b9de540caaab803156946015578ed4017b8d024655cce18b5f1252f
                                                                              • Opcode Fuzzy Hash: 558deacdd2c7cf1130289eb61f74e602d77c7a0a18ce8fd844d0a76db2045af3
                                                                              • Instruction Fuzzy Hash: 83316EB1E442099FDB21AE35E945B7B77EAFF00314F10452FE649D7291DAB9AC40C728
                                                                              Function 0052365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 0052369C
                                                                              • _wcslen.LIBCMT ref: 005236A7
                                                                              • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00523797
                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 0052380C
                                                                              • GetDlgCtrlID.USER32(?), ref: 0052385D
                                                                              • GetWindowRect.USER32(?,?), ref: 00523882
                                                                              • GetParent.USER32(?), ref: 005238A0
                                                                              • ScreenToClient.USER32(00000000), ref: 005238A7
                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 00523921
                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 0052395D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                              • String ID: %s%u
                                                                              • API String ID: 4010501982-679674701
                                                                              • Opcode ID: c5d9f4043e0599b26e9327781465b737681005ac47ec4698705cb3e676eb272c
                                                                              • Instruction ID: 079c277f22af2955b03b21b861da219d499122fe805726b32cec1d6737e04b94
                                                                              • Opcode Fuzzy Hash: c5d9f4043e0599b26e9327781465b737681005ac47ec4698705cb3e676eb272c
                                                                              • Instruction Fuzzy Hash: C991D371200326AFD718DF24D894BAABBA8FF46344F004529F999C21D0DB38EA49CB91
                                                                              Function 00524954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 00524994
                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 005249DA
                                                                              • _wcslen.LIBCMT ref: 005249EB
                                                                              • CharUpperBuffW.USER32(?,00000000), ref: 005249F7
                                                                              • _wcsstr.LIBVCRUNTIME ref: 00524A2C
                                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 00524A64
                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 00524A9D
                                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 00524AE6
                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 00524B20
                                                                              • GetWindowRect.USER32(?,?), ref: 00524B8B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                              • String ID: ThumbnailClass
                                                                              • API String ID: 1311036022-1241985126
                                                                              • Opcode ID: 1880566dbdb0da3c872c0f251f1e23ad1f2f3c98827334d3c5c9c65d3c4be96e
                                                                              • Instruction ID: 4aadb897569dc19b07293d6110d8bc917ef69db32bf64dc0831aee7ed7144be9
                                                                              • Opcode Fuzzy Hash: 1880566dbdb0da3c872c0f251f1e23ad1f2f3c98827334d3c5c9c65d3c4be96e
                                                                              • Instruction Fuzzy Hash: B791BB310043169FDB04DF14E885BAA7BE8FF86314F04846AED859A1D6EB34ED45CFA1
                                                                              Function 00558D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004D9BB2
                                                                              • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00558D5A
                                                                              • GetFocus.USER32 ref: 00558D6A
                                                                              • GetDlgCtrlID.USER32(00000000), ref: 00558D75
                                                                              • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00558E1D
                                                                              • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00558ECF
                                                                              • GetMenuItemCount.USER32(?), ref: 00558EEC
                                                                              • GetMenuItemID.USER32(?,00000000), ref: 00558EFC
                                                                              • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00558F2E
                                                                              • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00558F70
                                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00558FA1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                              • String ID: 0
                                                                              • API String ID: 1026556194-4108050209
                                                                              • Opcode ID: 02f39f0272ee86521a0e1414be43e28ae211d991cd8ad8635421afd6e4af2036
                                                                              • Instruction ID: 5ef755433dab7df1a316761afa9d9dc2c96648e70a24199f1f23a126626b6f77
                                                                              • Opcode Fuzzy Hash: 02f39f0272ee86521a0e1414be43e28ae211d991cd8ad8635421afd6e4af2036
                                                                              • Instruction Fuzzy Hash: 3E818A71508301AFDB10CF24C8A5ABB7BE9FF98355F04095AFD85A7291DB70E908DBA1
                                                                              Function 0052BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenuItemInfoW.USER32(00591990,000000FF,00000000,00000030), ref: 0052BFAC
                                                                              • SetMenuItemInfoW.USER32(00591990,00000004,00000000,00000030), ref: 0052BFE1
                                                                              • Sleep.KERNEL32(000001F4), ref: 0052BFF3
                                                                              • GetMenuItemCount.USER32(?), ref: 0052C039
                                                                              • GetMenuItemID.USER32(?,00000000), ref: 0052C056
                                                                              • GetMenuItemID.USER32(?,-00000001), ref: 0052C082
                                                                              • GetMenuItemID.USER32(?,?), ref: 0052C0C9
                                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0052C10F
                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0052C124
                                                                              • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0052C145
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                              • String ID: 0
                                                                              • API String ID: 1460738036-4108050209
                                                                              • Opcode ID: 9890e79cac9109064d4afb83a604f83a80f40aee6591ef7f8a02f2fc1cffc214
                                                                              • Instruction ID: f974368a751c64bb16436a4cd73736c3de67f138c39fdaab7db3f3cdae4e5427
                                                                              • Opcode Fuzzy Hash: 9890e79cac9109064d4afb83a604f83a80f40aee6591ef7f8a02f2fc1cffc214
                                                                              • Instruction Fuzzy Hash: DC617CB090036AAFDB11CFA4ED89AAE7FB8FF46344F100555E811A72D2D735AD14DB60
                                                                              Function 0052DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0052DC20
                                                                              • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0052DC46
                                                                              • _wcslen.LIBCMT ref: 0052DC50
                                                                              • _wcsstr.LIBVCRUNTIME ref: 0052DCA0
                                                                              • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0052DCBC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                              • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                              • API String ID: 1939486746-1459072770
                                                                              • Opcode ID: 5f53f03f5a8bd10a1df3047c6fc5438529583c1751bb50e2abcfbdacb25641b0
                                                                              • Instruction ID: 2c51e612ae1e7e9017fec3ed47d9697dfc384b4e521290060c117e73c3ae213c
                                                                              • Opcode Fuzzy Hash: 5f53f03f5a8bd10a1df3047c6fc5438529583c1751bb50e2abcfbdacb25641b0
                                                                              • Instruction Fuzzy Hash: 784125729403107ADB10A7629C07EBF7BBCEF56725F10006FF901A61C2EA68990497B8
                                                                              Function 0054CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0054CC64
                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0054CC8D
                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0054CD48
                                                                                • Part of subcall function 0054CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0054CCAA
                                                                                • Part of subcall function 0054CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0054CCBD
                                                                                • Part of subcall function 0054CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0054CCCF
                                                                                • Part of subcall function 0054CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0054CD05
                                                                                • Part of subcall function 0054CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0054CD28
                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 0054CCF3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                                              • API String ID: 2734957052-4033151799
                                                                              • Opcode ID: 562ebeeb63cfa076918c57e6a536536625a1c0d3e0ac9ae08c0843a8ff18ef2f
                                                                              • Instruction ID: d4cbd5c6117db95af9df4462715a76e37a5be0804bacbac03da2e638cbac8a64
                                                                              • Opcode Fuzzy Hash: 562ebeeb63cfa076918c57e6a536536625a1c0d3e0ac9ae08c0843a8ff18ef2f
                                                                              • Instruction Fuzzy Hash: DD318E71902229BFDB209B50DC98EFFBF7CFF95755F000165A905E6250DA309E49EAA0
                                                                              Function 00533D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00533D40
                                                                              • _wcslen.LIBCMT ref: 00533D6D
                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 00533D9D
                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00533DBE
                                                                              • RemoveDirectoryW.KERNEL32(?), ref: 00533DCE
                                                                              • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00533E55
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00533E60
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00533E6B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                              • String ID: :$\$\??\%s
                                                                              • API String ID: 1149970189-3457252023
                                                                              • Opcode ID: faa73633dd43b656510b13c46e3b9e20d9d00446be6646e1fb9a020177fbda0e
                                                                              • Instruction ID: 6b6ae9dfc2a9df2c1dd3352e38a6237928748e3ed699d99cd2c204a51e1c89d6
                                                                              • Opcode Fuzzy Hash: faa73633dd43b656510b13c46e3b9e20d9d00446be6646e1fb9a020177fbda0e
                                                                              • Instruction Fuzzy Hash: D031B4B5900209ABDB219BA1DC49FEF3BBCFF88741F1044B6F505D6060E77497848B24
                                                                              Function 0052E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • timeGetTime.WINMM ref: 0052E6B4
                                                                                • Part of subcall function 004DE551: timeGetTime.WINMM(?,?,0052E6D4), ref: 004DE555
                                                                              • Sleep.KERNEL32(0000000A), ref: 0052E6E1
                                                                              • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0052E705
                                                                              • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0052E727
                                                                              • SetActiveWindow.USER32 ref: 0052E746
                                                                              • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0052E754
                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 0052E773
                                                                              • Sleep.KERNEL32(000000FA), ref: 0052E77E
                                                                              • IsWindow.USER32 ref: 0052E78A
                                                                              • EndDialog.USER32(00000000), ref: 0052E79B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                              • String ID: BUTTON
                                                                              • API String ID: 1194449130-3405671355
                                                                              • Opcode ID: 7c827bd197f7e1108c4e091aa2cf7e09994f8c973e9e2792ced4c8a83daa4bbd
                                                                              • Instruction ID: 18faf22e11b344dad9a5b485deff611fcf5a1bba880767d362779df1ca0e2540
                                                                              • Opcode Fuzzy Hash: 7c827bd197f7e1108c4e091aa2cf7e09994f8c973e9e2792ced4c8a83daa4bbd
                                                                              • Instruction Fuzzy Hash: 0A21A170204351BFEB005F61FD9AA253F69FB7634AF150426F402816E2DF71AC08AA24
                                                                              Function 0052E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                              • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0052EA5D
                                                                              • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0052EA73
                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0052EA84
                                                                              • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0052EA96
                                                                              • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0052EAA7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: SendString$_wcslen
                                                                              • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                              • API String ID: 2420728520-1007645807
                                                                              • Opcode ID: b76c93bff89fd49f4b08b55cf3603b182baca5c90a75863e61e4fc5de3157030
                                                                              • Instruction ID: b74d0e134a87f64fae0336f8df90092c3c259128971f1f0ec59b6b05dbac48b2
                                                                              • Opcode Fuzzy Hash: b76c93bff89fd49f4b08b55cf3603b182baca5c90a75863e61e4fc5de3157030
                                                                              • Instruction Fuzzy Hash: BE114F25A5026979D720B7A2EC4BEFF6E7CFFD2B04F40042EB811A20D1EB700905C6B0
                                                                              Function 00525CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,00000001), ref: 00525CE2
                                                                              • GetWindowRect.USER32(00000000,?), ref: 00525CFB
                                                                              • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00525D59
                                                                              • GetDlgItem.USER32(?,00000002), ref: 00525D69
                                                                              • GetWindowRect.USER32(00000000,?), ref: 00525D7B
                                                                              • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00525DCF
                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00525DDD
                                                                              • GetWindowRect.USER32(00000000,?), ref: 00525DEF
                                                                              • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00525E31
                                                                              • GetDlgItem.USER32(?,000003EA), ref: 00525E44
                                                                              • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00525E5A
                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00525E67
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ItemMoveRect$Invalidate
                                                                              • String ID:
                                                                              • API String ID: 3096461208-0
                                                                              • Opcode ID: 9b25cf8a9467c2975526c78c65c5bc976dc051b7c3b308800361434806ce58bc
                                                                              • Instruction ID: e18c36b74cf976ab9830cd8b4bdd332d91bb3ba7d85086c60b733472133fd727
                                                                              • Opcode Fuzzy Hash: 9b25cf8a9467c2975526c78c65c5bc976dc051b7c3b308800361434806ce58bc
                                                                              • Instruction Fuzzy Hash: 51510F71A00715AFDB18CF68DD99AAE7FB9FF58301F148129F516E6290E770AE04CB50
                                                                              Function 004D8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004D8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,004D8BE8,?,00000000,?,?,?,?,004D8BBA,00000000,?), ref: 004D8FC5
                                                                              • DestroyWindow.USER32(?), ref: 004D8C81
                                                                              • KillTimer.USER32(00000000,?,?,?,?,004D8BBA,00000000,?), ref: 004D8D1B
                                                                              • DestroyAcceleratorTable.USER32(00000000), ref: 00516973
                                                                              • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,004D8BBA,00000000,?), ref: 005169A1
                                                                              • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,004D8BBA,00000000,?), ref: 005169B8
                                                                              • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,004D8BBA,00000000), ref: 005169D4
                                                                              • DeleteObject.GDI32(00000000), ref: 005169E6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                              • String ID:
                                                                              • API String ID: 641708696-0
                                                                              • Opcode ID: 48277f82a6fb656f74e69032a8d0b290e0b7e482d6a8d9aba88b66da2b7d8e78
                                                                              • Instruction ID: 1566e80e82a7f2da3e14e212572847cc14630c34041c4dd43344bc27c4611f1e
                                                                              • Opcode Fuzzy Hash: 48277f82a6fb656f74e69032a8d0b290e0b7e482d6a8d9aba88b66da2b7d8e78
                                                                              • Instruction Fuzzy Hash: E561BD30112B11DFDB219F14CA68B7A7BF1FB60712F10441FE0429AAA0CB39A8C5EF59
                                                                              Function 004D9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004D9944: GetWindowLongW.USER32(?,000000EB), ref: 004D9952
                                                                              • GetSysColor.USER32(0000000F), ref: 004D9862
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ColorLongWindow
                                                                              • String ID:
                                                                              • API String ID: 259745315-0
                                                                              • Opcode ID: 840c719ef30906b69427b99d669a105a816635c73526442570c724fc7bd13ccd
                                                                              • Instruction ID: 53410dffacf37dfab9ab6cb0cd270584d468a0fd7dae5074153ec6f0611df553
                                                                              • Opcode Fuzzy Hash: 840c719ef30906b69427b99d669a105a816635c73526442570c724fc7bd13ccd
                                                                              • Instruction Fuzzy Hash: A841A031104704AFDB206F389CA4BBA3B66BB16722F144657F9A2C73E1D7349C46EB15
                                                                              Function 004F8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .N
                                                                              • API String ID: 0-952250969
                                                                              • Opcode ID: b291f6c588a98f680b19c432f269509b08ce0468fff152f82a6d2d338e3106f6
                                                                              • Instruction ID: dbc23ccd35cf692b9c3d269c75a2dd103701045b5b0c7d1b2ab1a93cbb358efd
                                                                              • Opcode Fuzzy Hash: b291f6c588a98f680b19c432f269509b08ce0468fff152f82a6d2d338e3106f6
                                                                              • Instruction Fuzzy Hash: AEC1047590424DAFCB11DFA9D841BBEBBB0AF19314F04409FE614AB392CB398D45CB69
                                                                              Function 005296E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0050F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00529717
                                                                              • LoadStringW.USER32(00000000,?,0050F7F8,00000001), ref: 00529720
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                              • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0050F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00529742
                                                                              • LoadStringW.USER32(00000000,?,0050F7F8,00000001), ref: 00529745
                                                                              • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00529866
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: HandleLoadModuleString$Message_wcslen
                                                                              • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                              • API String ID: 747408836-2268648507
                                                                              • Opcode ID: 4cb8f71cb40fc5704c36ea44699a476dcd0eb5b31b519b9afe8f6f78c4bbcb1f
                                                                              • Instruction ID: 84a4411c256a346e496277c32da89d5a94cbbcee5a2e85f134613e56a2d81255
                                                                              • Opcode Fuzzy Hash: 4cb8f71cb40fc5704c36ea44699a476dcd0eb5b31b519b9afe8f6f78c4bbcb1f
                                                                              • Instruction Fuzzy Hash: F5416072800219BACF04FBE1DD86EEE7778AF55345F10042EB50172192EB396F58CB65
                                                                              Function 005206DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C6B57: _wcslen.LIBCMT ref: 004C6B6A
                                                                              • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 005207A2
                                                                              • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 005207BE
                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 005207DA
                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00520804
                                                                              • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0052082C
                                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00520837
                                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0052083C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                              • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                              • API String ID: 323675364-22481851
                                                                              • Opcode ID: 4378cbad24df7f97f069bbef43bc6ef4170d114c501497dce1b304dab002e5d1
                                                                              • Instruction ID: f8ed0f1a742ab12c681c5befac69b4f870e7a11b1acf95f273a614b3acf39d3f
                                                                              • Opcode Fuzzy Hash: 4378cbad24df7f97f069bbef43bc6ef4170d114c501497dce1b304dab002e5d1
                                                                              • Instruction Fuzzy Hash: 2A411976C10229ABCF15EFA5DC95DEEBB78FF14754B04412AE801A31A1EB349E14CBA0
                                                                              Function 00543C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VariantInit.OLEAUT32(?), ref: 00543C5C
                                                                              • CoInitialize.OLE32(00000000), ref: 00543C8A
                                                                              • CoUninitialize.OLE32 ref: 00543C94
                                                                              • _wcslen.LIBCMT ref: 00543D2D
                                                                              • GetRunningObjectTable.OLE32(00000000,?), ref: 00543DB1
                                                                              • SetErrorMode.KERNEL32(00000001,00000029), ref: 00543ED5
                                                                              • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00543F0E
                                                                              • CoGetObject.OLE32(?,00000000,0055FB98,?), ref: 00543F2D
                                                                              • SetErrorMode.KERNEL32(00000000), ref: 00543F40
                                                                              • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00543FC4
                                                                              • VariantClear.OLEAUT32(?), ref: 00543FD8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                              • String ID:
                                                                              • API String ID: 429561992-0
                                                                              • Opcode ID: 8a019fc849e36018d5f6df00a493148c10b266503c1480965ca12002d0e7ded8
                                                                              • Instruction ID: 891fafeceff1447d1b6c200e2f477e576f7592e80f5031e284304b20110e61a1
                                                                              • Opcode Fuzzy Hash: 8a019fc849e36018d5f6df00a493148c10b266503c1480965ca12002d0e7ded8
                                                                              • Instruction Fuzzy Hash: 93C14771608305AFD700DF68C88496BBBE9FF89748F14491DF98A9B261D731EE09CB52
                                                                              Function 00537A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CoInitialize.OLE32(00000000), ref: 00537AF3
                                                                              • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00537B8F
                                                                              • SHGetDesktopFolder.SHELL32(?), ref: 00537BA3
                                                                              • CoCreateInstance.OLE32(0055FD08,00000000,00000001,00586E6C,?), ref: 00537BEF
                                                                              • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00537C74
                                                                              • CoTaskMemFree.OLE32(?,?), ref: 00537CCC
                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00537D57
                                                                              • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00537D7A
                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00537D81
                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00537DD6
                                                                              • CoUninitialize.OLE32 ref: 00537DDC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                              • String ID:
                                                                              • API String ID: 2762341140-0
                                                                              • Opcode ID: 5718efff8c70560ec5221f017c17be720f57462eb91c9301405bf2aa0b00bed0
                                                                              • Instruction ID: 8abc85ac8bca2078b0681c5497670d66a31e1f9faf5c031d0b1fc3703aae234e
                                                                              • Opcode Fuzzy Hash: 5718efff8c70560ec5221f017c17be720f57462eb91c9301405bf2aa0b00bed0
                                                                              • Instruction Fuzzy Hash: 94C12B75A04209AFCB14DF64C898DAEBBF9FF48309F148499E8159B361D731EE45CB90
                                                                              Function 0055541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00555504
                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00555515
                                                                              • CharNextW.USER32(00000158), ref: 00555544
                                                                              • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00555585
                                                                              • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0055559B
                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 005555AC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$CharNext
                                                                              • String ID:
                                                                              • API String ID: 1350042424-0
                                                                              • Opcode ID: d1bbbd65007c81454edc567f1503181671f78b68e2067e84df9cf4e251627191
                                                                              • Instruction ID: b8904076b84a9001a5c743fb113bd4ced479b997071b9c98deb2a7d77561dda2
                                                                              • Opcode Fuzzy Hash: d1bbbd65007c81454edc567f1503181671f78b68e2067e84df9cf4e251627191
                                                                              • Instruction Fuzzy Hash: CB618F30900609EFDF118F94CCB59FE7FB9FB09722F104546F925AA290E7749A88DB60
                                                                              Function 0051FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0051FAAF
                                                                              • SafeArrayAllocData.OLEAUT32(?), ref: 0051FB08
                                                                              • VariantInit.OLEAUT32(?), ref: 0051FB1A
                                                                              • SafeArrayAccessData.OLEAUT32(?,?), ref: 0051FB3A
                                                                              • VariantCopy.OLEAUT32(?,?), ref: 0051FB8D
                                                                              • SafeArrayUnaccessData.OLEAUT32(?), ref: 0051FBA1
                                                                              • VariantClear.OLEAUT32(?), ref: 0051FBB6
                                                                              • SafeArrayDestroyData.OLEAUT32(?), ref: 0051FBC3
                                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0051FBCC
                                                                              • VariantClear.OLEAUT32(?), ref: 0051FBDE
                                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0051FBE9
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                              • String ID:
                                                                              • API String ID: 2706829360-0
                                                                              • Opcode ID: da7fd1f619575009087597ce48b0b8caf46d7d31671491bc14d4c7fb74acb9c8
                                                                              • Instruction ID: 405252615a2e78d4f7082bca15a8bd2c840a53581a20a36c98ca0be78703ea51
                                                                              • Opcode Fuzzy Hash: da7fd1f619575009087597ce48b0b8caf46d7d31671491bc14d4c7fb74acb9c8
                                                                              • Instruction Fuzzy Hash: 70416E75A00219DFDF00DF64C868DEEBFB9FF58345F008469E805A7261CB34A986DBA0
                                                                              Function 00529C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetKeyboardState.USER32(?), ref: 00529CA1
                                                                              • GetAsyncKeyState.USER32(000000A0), ref: 00529D22
                                                                              • GetKeyState.USER32(000000A0), ref: 00529D3D
                                                                              • GetAsyncKeyState.USER32(000000A1), ref: 00529D57
                                                                              • GetKeyState.USER32(000000A1), ref: 00529D6C
                                                                              • GetAsyncKeyState.USER32(00000011), ref: 00529D84
                                                                              • GetKeyState.USER32(00000011), ref: 00529D96
                                                                              • GetAsyncKeyState.USER32(00000012), ref: 00529DAE
                                                                              • GetKeyState.USER32(00000012), ref: 00529DC0
                                                                              • GetAsyncKeyState.USER32(0000005B), ref: 00529DD8
                                                                              • GetKeyState.USER32(0000005B), ref: 00529DEA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: State$Async$Keyboard
                                                                              • String ID:
                                                                              • API String ID: 541375521-0
                                                                              • Opcode ID: fceadb132b0bc0d630420783a2c572ecd469483b2d562c81269134320f0fb3bb
                                                                              • Instruction ID: 1d231b4659ee4132b5c79425407c065ebfb8a6f60a6d676216467e478c6f759d
                                                                              • Opcode Fuzzy Hash: fceadb132b0bc0d630420783a2c572ecd469483b2d562c81269134320f0fb3bb
                                                                              • Instruction Fuzzy Hash: 9E41D6745047D96DFF308664A8143B5BEA07F23344F08805ADAC6667C2EBA4ADC8D7A2
                                                                              Function 0054055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WSAStartup.WSOCK32(00000101,?), ref: 005405BC
                                                                              • inet_addr.WSOCK32(?), ref: 0054061C
                                                                              • gethostbyname.WSOCK32(?), ref: 00540628
                                                                              • IcmpCreateFile.IPHLPAPI ref: 00540636
                                                                              • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 005406C6
                                                                              • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 005406E5
                                                                              • IcmpCloseHandle.IPHLPAPI(?), ref: 005407B9
                                                                              • WSACleanup.WSOCK32 ref: 005407BF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                              • String ID: Ping
                                                                              • API String ID: 1028309954-2246546115
                                                                              • Opcode ID: c7b316c945d85507b2e0832f327bec3f80ead4db53a9e93316760939b04c49a8
                                                                              • Instruction ID: ba6d992369da3656c2024a4c277e0609ea748f00aafaf38228fa5a7d98282861
                                                                              • Opcode Fuzzy Hash: c7b316c945d85507b2e0832f327bec3f80ead4db53a9e93316760939b04c49a8
                                                                              • Instruction Fuzzy Hash: 4C915935604201AFD720DF15C488F5ABFE0FB4831CF2599A9E56A8B6A2C734ED45CF92
                                                                              Function 00548CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$BuffCharLower
                                                                              • String ID: cdecl$none$stdcall$winapi
                                                                              • API String ID: 707087890-567219261
                                                                              • Opcode ID: cc97b543baa279e07a195b0bcfdfd451c6bf61503f0c5e9173b3ee47af8b0416
                                                                              • Instruction ID: b57657fb7ec3387071059cd75395807e273572af4f1b3f74c2eb89934a980d5e
                                                                              • Opcode Fuzzy Hash: cc97b543baa279e07a195b0bcfdfd451c6bf61503f0c5e9173b3ee47af8b0416
                                                                              • Instruction Fuzzy Hash: AD51A071A001169BCF14EF6DC9409FEBBE5BF64328B20462AE826E72C5EB34DD50C790
                                                                              Function 0054372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CoInitialize.OLE32 ref: 00543774
                                                                              • CoUninitialize.OLE32 ref: 0054377F
                                                                              • CoCreateInstance.OLE32(?,00000000,00000017,0055FB78,?), ref: 005437D9
                                                                              • IIDFromString.OLE32(?,?), ref: 0054384C
                                                                              • VariantInit.OLEAUT32(?), ref: 005438E4
                                                                              • VariantClear.OLEAUT32(?), ref: 00543936
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                              • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                              • API String ID: 636576611-1287834457
                                                                              • Opcode ID: 3bbc67ca57fffc8799720649725548b3ead1a84c3ef26a38d24847f0bef9b760
                                                                              • Instruction ID: 8b63a840e34aba1771aa9410fa3f806519b34f0246838abb21713be66b7c55ad
                                                                              • Opcode Fuzzy Hash: 3bbc67ca57fffc8799720649725548b3ead1a84c3ef26a38d24847f0bef9b760
                                                                              • Instruction Fuzzy Hash: 18616A74608301AFD310DF54C849BAABFE4FF49719F10081AF985972A1D770EE49CB96
                                                                              Function 00558B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004D9BB2
                                                                                • Part of subcall function 004D912D: GetCursorPos.USER32(?), ref: 004D9141
                                                                                • Part of subcall function 004D912D: ScreenToClient.USER32(00000000,?), ref: 004D915E
                                                                                • Part of subcall function 004D912D: GetAsyncKeyState.USER32(00000001), ref: 004D9183
                                                                                • Part of subcall function 004D912D: GetAsyncKeyState.USER32(00000002), ref: 004D919D
                                                                              • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00558B6B
                                                                              • ImageList_EndDrag.COMCTL32 ref: 00558B71
                                                                              • ReleaseCapture.USER32 ref: 00558B77
                                                                              • SetWindowTextW.USER32(?,00000000), ref: 00558C12
                                                                              • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00558C25
                                                                              • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00558CFF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                              • String ID: @GUI_DRAGFILE$@GUI_DROPID$p#Y
                                                                              • API String ID: 1924731296-1848690045
                                                                              • Opcode ID: adfcffc43cf9ba76fbe685be090e04ca98e4955ab4d1f87346cd36ac79841e34
                                                                              • Instruction ID: 6591984b0abff281b4d787f1c8c10a3a1c854de29d0f62805ed71a7b0312be6a
                                                                              • Opcode Fuzzy Hash: adfcffc43cf9ba76fbe685be090e04ca98e4955ab4d1f87346cd36ac79841e34
                                                                              • Instruction Fuzzy Hash: E9518C74104304AFD700DF15C86AFAA7BE4FB88755F000A2EF956672E1CB749D08CB66
                                                                              Function 00533388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 005333CF
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                              • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 005333F0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: LoadString$_wcslen
                                                                              • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                              • API String ID: 4099089115-3080491070
                                                                              • Opcode ID: 7c903a4df138abafe8ad05b86926a447fe22d5e4f2e643baffbe45b6d38186d7
                                                                              • Instruction ID: e19384efa35c5922188ec7a18cf256818bf17db48f54d4e5d69e3de6e866dce5
                                                                              • Opcode Fuzzy Hash: 7c903a4df138abafe8ad05b86926a447fe22d5e4f2e643baffbe45b6d38186d7
                                                                              • Instruction Fuzzy Hash: 2F51C03190021ABADF14EBE1DD46EEEBB78BF14345F10456AF405720A2EB392F58DB64
                                                                              Function 0052B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$BuffCharUpper
                                                                              • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                              • API String ID: 1256254125-769500911
                                                                              • Opcode ID: 7cb0cb1678126ab2fe342d9aaf10b8c608ca04b820c5faa02d68af414e235a15
                                                                              • Instruction ID: 87f0da3c25e50d89446931fbe339eab7c94213da4b236ee8b4f4d055f96a47e8
                                                                              • Opcode Fuzzy Hash: 7cb0cb1678126ab2fe342d9aaf10b8c608ca04b820c5faa02d68af414e235a15
                                                                              • Instruction Fuzzy Hash: C941E832A001379ADB106F7D98905BE7FB5FFA2798B24462AE422D72C4E735DD81C790
                                                                              Function 00535393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetErrorMode.KERNEL32(00000001), ref: 005353A0
                                                                              • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00535416
                                                                              • GetLastError.KERNEL32 ref: 00535420
                                                                              • SetErrorMode.KERNEL32(00000000,READY), ref: 005354A7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Error$Mode$DiskFreeLastSpace
                                                                              • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                              • API String ID: 4194297153-14809454
                                                                              • Opcode ID: cc828718a2bb2391e7060650af48caae393654bf79e5782192a53e968c1d011b
                                                                              • Instruction ID: 80bfddb20e5f955e2e157a553722f90e22f9726db3a18e21b8b342669d81eeb8
                                                                              • Opcode Fuzzy Hash: cc828718a2bb2391e7060650af48caae393654bf79e5782192a53e968c1d011b
                                                                              • Instruction Fuzzy Hash: F531B235A006049FCB14DF68C488FAA7FB4FF45309F148069E805DB292E771DD86CB90
                                                                              Function 00553C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateMenu.USER32 ref: 00553C79
                                                                              • SetMenu.USER32(?,00000000), ref: 00553C88
                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00553D10
                                                                              • IsMenu.USER32(?), ref: 00553D24
                                                                              • CreatePopupMenu.USER32 ref: 00553D2E
                                                                              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00553D5B
                                                                              • DrawMenuBar.USER32 ref: 00553D63
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                              • String ID: 0$F
                                                                              • API String ID: 161812096-3044882817
                                                                              • Opcode ID: 6a040470213f52c627be6adc88bb37d6f9695e97ffa9826579edab764a95f134
                                                                              • Instruction ID: 292339a8a13371764763ef667954f8dd800620bab274a804b16011c767a7b3a3
                                                                              • Opcode Fuzzy Hash: 6a040470213f52c627be6adc88bb37d6f9695e97ffa9826579edab764a95f134
                                                                              • Instruction Fuzzy Hash: 73417975A01309AFDB14CFA4D864BAA7BB5FF49381F14002AED0A97360D730AA18DF94
                                                                              Function 00521EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                                • Part of subcall function 00523CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00523CCA
                                                                              • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00521F64
                                                                              • GetDlgCtrlID.USER32 ref: 00521F6F
                                                                              • GetParent.USER32 ref: 00521F8B
                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 00521F8E
                                                                              • GetDlgCtrlID.USER32(?), ref: 00521F97
                                                                              • GetParent.USER32(?), ref: 00521FAB
                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 00521FAE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                              • String ID: ComboBox$ListBox
                                                                              • API String ID: 711023334-1403004172
                                                                              • Opcode ID: ea0e9ec78c2a89825333b8d7e2cdfbab40da4e9707a4aee6be5bc8de98760e88
                                                                              • Instruction ID: 6d9f24aa2ca84eb103ee55dbc57306ebabfa986f0855eaec633101ff390df200
                                                                              • Opcode Fuzzy Hash: ea0e9ec78c2a89825333b8d7e2cdfbab40da4e9707a4aee6be5bc8de98760e88
                                                                              • Instruction Fuzzy Hash: 0E21A174900214BFCF04AFA4DD95EEEBFA4FF26350B00011AB9616B2D1DB385A18DB74
                                                                              Function 00553A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00553A9D
                                                                              • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00553AA0
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00553AC7
                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00553AEA
                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00553B62
                                                                              • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00553BAC
                                                                              • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00553BC7
                                                                              • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00553BE2
                                                                              • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00553BF6
                                                                              • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00553C13
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$LongWindow
                                                                              • String ID:
                                                                              • API String ID: 312131281-0
                                                                              • Opcode ID: eddc1d96af44fd50bf9fadaef671d32eb2ec254ed1d8a278a79cfcaebf6af435
                                                                              • Instruction ID: d6db25d4187b9635cc98ff5e9904eff003123e5e8807eab5a48b19079d6fcafe
                                                                              • Opcode Fuzzy Hash: eddc1d96af44fd50bf9fadaef671d32eb2ec254ed1d8a278a79cfcaebf6af435
                                                                              • Instruction Fuzzy Hash: 6D617C75900218AFDB11DFA8CC91EEE7BB8FF49710F10009AFA15AB291C774AE49DB50
                                                                              Function 0052B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentThreadId.KERNEL32 ref: 0052B151
                                                                              • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0052A1E1,?,00000001), ref: 0052B165
                                                                              • GetWindowThreadProcessId.USER32(00000000), ref: 0052B16C
                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0052A1E1,?,00000001), ref: 0052B17B
                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 0052B18D
                                                                              • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0052A1E1,?,00000001), ref: 0052B1A6
                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0052A1E1,?,00000001), ref: 0052B1B8
                                                                              • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0052A1E1,?,00000001), ref: 0052B1FD
                                                                              • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0052A1E1,?,00000001), ref: 0052B212
                                                                              • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0052A1E1,?,00000001), ref: 0052B21D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                              • String ID:
                                                                              • API String ID: 2156557900-0
                                                                              • Opcode ID: 39d3df749d1fa788ca46963e13719129995448a0eced59e509dfbbadd63a046f
                                                                              • Instruction ID: 0679402498745eed25dbeabc64e256893c2969dad2341d809e601cfaa4db43d0
                                                                              • Opcode Fuzzy Hash: 39d3df749d1fa788ca46963e13719129995448a0eced59e509dfbbadd63a046f
                                                                              • Instruction Fuzzy Hash: 15318979510314EFEB109F28EC58B6E7FA9BF62312F11404AFA01D6191E7B49A48DF60
                                                                              Function 004F2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _free.LIBCMT ref: 004F2C94
                                                                                • Part of subcall function 004F29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004FD7D1,00000000,00000000,00000000,00000000,?,004FD7F8,00000000,00000007,00000000,?,004FDBF5,00000000), ref: 004F29DE
                                                                                • Part of subcall function 004F29C8: GetLastError.KERNEL32(00000000,?,004FD7D1,00000000,00000000,00000000,00000000,?,004FD7F8,00000000,00000007,00000000,?,004FDBF5,00000000,00000000), ref: 004F29F0
                                                                              • _free.LIBCMT ref: 004F2CA0
                                                                              • _free.LIBCMT ref: 004F2CAB
                                                                              • _free.LIBCMT ref: 004F2CB6
                                                                              • _free.LIBCMT ref: 004F2CC1
                                                                              • _free.LIBCMT ref: 004F2CCC
                                                                              • _free.LIBCMT ref: 004F2CD7
                                                                              • _free.LIBCMT ref: 004F2CE2
                                                                              • _free.LIBCMT ref: 004F2CED
                                                                              • _free.LIBCMT ref: 004F2CFB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                              • String ID:
                                                                              • API String ID: 776569668-0
                                                                              • Opcode ID: 192c0c6eccb32964217a963722bcae06929c3d9eaf068f20ae81f0386d25cd55
                                                                              • Instruction ID: d74adcdacd7115a0927dd4c53cc0244e6fc5fd366dfbf18b9be36242c5038a3d
                                                                              • Opcode Fuzzy Hash: 192c0c6eccb32964217a963722bcae06929c3d9eaf068f20ae81f0386d25cd55
                                                                              • Instruction Fuzzy Hash: A81119B624000DBFCB02EF55DA42CED3BA5FF05344F4040AAFA485F222D6B5EE509B94
                                                                              Function 00537DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00537FAD
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00537FC1
                                                                              • GetFileAttributesW.KERNEL32(?), ref: 00537FEB
                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00538005
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00538017
                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00538060
                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 005380B0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentDirectory$AttributesFile
                                                                              • String ID: *.*
                                                                              • API String ID: 769691225-438819550
                                                                              • Opcode ID: de32826c5c177c37d06dbd995139ddcd3808029448c46a96da424a344e00ba4f
                                                                              • Instruction ID: 1fef8838bf622024fee33981f339361793936a0ebef32db8b04ac93d03cc6f3e
                                                                              • Opcode Fuzzy Hash: de32826c5c177c37d06dbd995139ddcd3808029448c46a96da424a344e00ba4f
                                                                              • Instruction Fuzzy Hash: D48191B59083499BCB34DF25C484AAEBBE8BF88314F144C6EF885D7250DB34DD499B52
                                                                              Function 004C5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetWindowLongW.USER32(?,000000EB), ref: 004C5C7A
                                                                                • Part of subcall function 004C5D0A: GetClientRect.USER32(?,?), ref: 004C5D30
                                                                                • Part of subcall function 004C5D0A: GetWindowRect.USER32(?,?), ref: 004C5D71
                                                                                • Part of subcall function 004C5D0A: ScreenToClient.USER32(?,?), ref: 004C5D99
                                                                              • GetDC.USER32 ref: 005046F5
                                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00504708
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00504716
                                                                              • SelectObject.GDI32(00000000,00000000), ref: 0050472B
                                                                              • ReleaseDC.USER32(?,00000000), ref: 00504733
                                                                              • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 005047C4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                              • String ID: U
                                                                              • API String ID: 4009187628-3372436214
                                                                              • Opcode ID: b30be355a18849df3ee9c519b9f23f080174cd9c84714174dd176e3a14193c93
                                                                              • Instruction ID: ab9a267ce00cf371e308c8880fd32796eee58cd623aec469fab68f886d878708
                                                                              • Opcode Fuzzy Hash: b30be355a18849df3ee9c519b9f23f080174cd9c84714174dd176e3a14193c93
                                                                              • Instruction Fuzzy Hash: 9D71DE74400205DFCF218F64C984EBE3FB5FF4A365F14426AEE565A2A6D335A882DF60
                                                                              Function 0053359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 005335E4
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                              • LoadStringW.USER32(00592390,?,00000FFF,?), ref: 0053360A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: LoadString$_wcslen
                                                                              • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                              • API String ID: 4099089115-2391861430
                                                                              • Opcode ID: a9af846eeadfa61b2ac0be79346397e114b3973d9cbac46f74897899a7027a92
                                                                              • Instruction ID: 706047847d26742cd3ff34b0122a6a7323996579bce6a8a5bd5a0181725c4116
                                                                              • Opcode Fuzzy Hash: a9af846eeadfa61b2ac0be79346397e114b3973d9cbac46f74897899a7027a92
                                                                              • Instruction Fuzzy Hash: 26516D7190021ABADF15EBA1DC46EEDBB38FF14345F14412AF505721A1EB342B98DBA8
                                                                              Function 0053C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0053C272
                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0053C29A
                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0053C2CA
                                                                              • GetLastError.KERNEL32 ref: 0053C322
                                                                              • SetEvent.KERNEL32(?), ref: 0053C336
                                                                              • InternetCloseHandle.WININET(00000000), ref: 0053C341
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                              • String ID:
                                                                              • API String ID: 3113390036-3916222277
                                                                              • Opcode ID: c5a871026ce5442afb8ac9e0f13dfe909a7c79f88f1da68e08ba60eb827d890e
                                                                              • Instruction ID: bed207507e82642e9e58ddf38dc739897d289a17abbea23a9a80c833824ca6eb
                                                                              • Opcode Fuzzy Hash: c5a871026ce5442afb8ac9e0f13dfe909a7c79f88f1da68e08ba60eb827d890e
                                                                              • Instruction Fuzzy Hash: DB316BB1600308AFD7219FA58C98AAB7FFCFB59745F14891EF486A6200DB34DD099B61
                                                                              Function 0052989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00503AAF,?,?,Bad directive syntax error,0055CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 005298BC
                                                                              • LoadStringW.USER32(00000000,?,00503AAF,?), ref: 005298C3
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                              • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00529987
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: HandleLoadMessageModuleString_wcslen
                                                                              • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                              • API String ID: 858772685-4153970271
                                                                              • Opcode ID: c3f8392397031313669744400a635fdfa599c7c20582e66d10ef03fbebc1ec39
                                                                              • Instruction ID: 734c6b538c4d79cad0bb015f9c2783a3496294c006ca6f5fd50ed9af57c86fb2
                                                                              • Opcode Fuzzy Hash: c3f8392397031313669744400a635fdfa599c7c20582e66d10ef03fbebc1ec39
                                                                              • Instruction Fuzzy Hash: 45219E3190021ABBCF11AF90DC5AEEE7B35FF18705F04441EF915720A2EB35AA68DB24
                                                                              Function 0052209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetParent.USER32 ref: 005220AB
                                                                              • GetClassNameW.USER32(00000000,?,00000100), ref: 005220C0
                                                                              • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0052214D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ClassMessageNameParentSend
                                                                              • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                              • API String ID: 1290815626-3381328864
                                                                              • Opcode ID: baf47e282a4f29f104176658ec35257dbb214b7e961663c2bab9c36822f8d1cb
                                                                              • Instruction ID: 56d52915bd9231ecec89ad181c55865bfa68f770999718376681b3219b81d40f
                                                                              • Opcode Fuzzy Hash: baf47e282a4f29f104176658ec35257dbb214b7e961663c2bab9c36822f8d1cb
                                                                              • Instruction Fuzzy Hash: E5113A7E688316B9F6017221EC06DE63F9CFF1632AF20002AFB05B40D1FE6558259618
                                                                              Function 004FCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                              • String ID:
                                                                              • API String ID: 1282221369-0
                                                                              • Opcode ID: da5d9aadaf06c910dcbc8230090c35822a9847b1e6217bb614cc09fcb299ed20
                                                                              • Instruction ID: d85f282099caa2e1b53783928cb1086c541b9407df744dc76c100f9aeae915da
                                                                              • Opcode Fuzzy Hash: da5d9aadaf06c910dcbc8230090c35822a9847b1e6217bb614cc09fcb299ed20
                                                                              • Instruction Fuzzy Hash: 0B6147B1A0430DAFDB21AFB59981A7ABB95EF01314F05016FEB01972C1DA7D990197A8
                                                                              Function 004D8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00516890
                                                                              • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 005168A9
                                                                              • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 005168B9
                                                                              • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 005168D1
                                                                              • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 005168F2
                                                                              • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,004D8874,00000000,00000000,00000000,000000FF,00000000), ref: 00516901
                                                                              • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0051691E
                                                                              • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,004D8874,00000000,00000000,00000000,000000FF,00000000), ref: 0051692D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                              • String ID:
                                                                              • API String ID: 1268354404-0
                                                                              • Opcode ID: de707ce24b6b94f270617ff190e17664f1efe6b479658f80ae5871e8792ef05f
                                                                              • Instruction ID: 630aa3a2c1d504141c14dc874c041da0abd26a2d3fb2e7aaa34b087ed51cdca0
                                                                              • Opcode Fuzzy Hash: de707ce24b6b94f270617ff190e17664f1efe6b479658f80ae5871e8792ef05f
                                                                              • Instruction Fuzzy Hash: 3F519670600309EFEB20CF28CCA5FAA7BB5FB58311F10451EF912962A0DB74A991EB44
                                                                              Function 0053C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0053C182
                                                                              • GetLastError.KERNEL32 ref: 0053C195
                                                                              • SetEvent.KERNEL32(?), ref: 0053C1A9
                                                                                • Part of subcall function 0053C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0053C272
                                                                                • Part of subcall function 0053C253: GetLastError.KERNEL32 ref: 0053C322
                                                                                • Part of subcall function 0053C253: SetEvent.KERNEL32(?), ref: 0053C336
                                                                                • Part of subcall function 0053C253: InternetCloseHandle.WININET(00000000), ref: 0053C341
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                              • String ID:
                                                                              • API String ID: 337547030-0
                                                                              • Opcode ID: 5b0459b11eee32dc16aa3bf0dba27d72dfc4aabd54f48ac8ef9a41c08d150368
                                                                              • Instruction ID: 4da8965fd03ef186f819cf0f2f2637e1efcccf35e19e77a58586d0a7d45ef9d1
                                                                              • Opcode Fuzzy Hash: 5b0459b11eee32dc16aa3bf0dba27d72dfc4aabd54f48ac8ef9a41c08d150368
                                                                              • Instruction Fuzzy Hash: B9318D75200705AFDB219FA5DC48A67BFF9FF68301F00481DF996A6610D730E814EBA0
                                                                              Function 005225A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00523A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00523A57
                                                                                • Part of subcall function 00523A3D: GetCurrentThreadId.KERNEL32 ref: 00523A5E
                                                                                • Part of subcall function 00523A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,005225B3), ref: 00523A65
                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 005225BD
                                                                              • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 005225DB
                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 005225DF
                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 005225E9
                                                                              • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00522601
                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00522605
                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 0052260F
                                                                              • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00522623
                                                                              • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00522627
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                              • String ID:
                                                                              • API String ID: 2014098862-0
                                                                              • Opcode ID: 06d7a2f8c10a80bdd92f1e991f73ceace683e6a46fa79d33b96312f21ff55c7d
                                                                              • Instruction ID: 19e37102c08b5f79c36c2805065fbe3226b4ca0a85fa39aa81193ba77082a082
                                                                              • Opcode Fuzzy Hash: 06d7a2f8c10a80bdd92f1e991f73ceace683e6a46fa79d33b96312f21ff55c7d
                                                                              • Instruction Fuzzy Hash: F401D431390720BBFB1067699C9EF593F99EF9EB12F100012F318AE1D1C9E22448DA69
                                                                              Function 00521803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00521449,?,?,00000000), ref: 0052180C
                                                                              • HeapAlloc.KERNEL32(00000000,?,00521449,?,?,00000000), ref: 00521813
                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00521449,?,?,00000000), ref: 00521828
                                                                              • GetCurrentProcess.KERNEL32(?,00000000,?,00521449,?,?,00000000), ref: 00521830
                                                                              • DuplicateHandle.KERNEL32(00000000,?,00521449,?,?,00000000), ref: 00521833
                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00521449,?,?,00000000), ref: 00521843
                                                                              • GetCurrentProcess.KERNEL32(00521449,00000000,?,00521449,?,?,00000000), ref: 0052184B
                                                                              • DuplicateHandle.KERNEL32(00000000,?,00521449,?,?,00000000), ref: 0052184E
                                                                              • CreateThread.KERNEL32(00000000,00000000,00521874,00000000,00000000,00000000), ref: 00521868
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                              • String ID:
                                                                              • API String ID: 1957940570-0
                                                                              • Opcode ID: 37ce14b21a7b30d91c5569e15b5f4cd867b1c6480189e4be7fdedc7d1463c080
                                                                              • Instruction ID: 9e03c0e1212e0e7d77bb101044cb4df4ea4eafad6d6a517bd57bda2e631a9d08
                                                                              • Opcode Fuzzy Hash: 37ce14b21a7b30d91c5569e15b5f4cd867b1c6480189e4be7fdedc7d1463c080
                                                                              • Instruction Fuzzy Hash: C601BBB5640708BFE710ABB5DC4DF6B3FACEB99B11F014411FA05DB1A1CA709844DB20
                                                                              Function 004F3E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: __alldvrm$_strrchr
                                                                              • String ID: }}N$}}N$}}N
                                                                              • API String ID: 1036877536-2477192595
                                                                              • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                              • Instruction ID: cc099c424f02ff9d28e3f53205b8bf35e67747c97539c27b9cdd6fa4cae784dc
                                                                              • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                              • Instruction Fuzzy Hash: 39A12772E0068A9FD725CE18C8917BFBBE4EFA1354F18416FE6859B381CA3C8941C759
                                                                              Function 0054A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0052D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0052D501
                                                                                • Part of subcall function 0052D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0052D50F
                                                                                • Part of subcall function 0052D4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 0052D5DC
                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0054A16D
                                                                              • GetLastError.KERNEL32 ref: 0054A180
                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0054A1B3
                                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 0054A268
                                                                              • GetLastError.KERNEL32(00000000), ref: 0054A273
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0054A2C4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                              • String ID: SeDebugPrivilege
                                                                              • API String ID: 1701285019-2896544425
                                                                              • Opcode ID: 55a8d3638c5d490485d7464837c4185ac90d3aee91c927d65d2ba0b4ea562b6f
                                                                              • Instruction ID: f71497b4d7dddf942cb4562f20590a6bc8f01192327f175b6ef3f91efa43aeff
                                                                              • Opcode Fuzzy Hash: 55a8d3638c5d490485d7464837c4185ac90d3aee91c927d65d2ba0b4ea562b6f
                                                                              • Instruction Fuzzy Hash: 28619B34208242AFD760DF19C494F5ABFA1BF5431CF14849CE4668B6A3C7B6EC49DB92
                                                                              Function 00553886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00553925
                                                                              • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0055393A
                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00553954
                                                                              • _wcslen.LIBCMT ref: 00553999
                                                                              • SendMessageW.USER32(?,00001057,00000000,?), ref: 005539C6
                                                                              • SendMessageW.USER32(?,00001061,?,0000000F), ref: 005539F4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Window_wcslen
                                                                              • String ID: SysListView32
                                                                              • API String ID: 2147712094-78025650
                                                                              • Opcode ID: b5a89c7fde7da0b2a17f4a5b60eab134a26ee4f79738bb77faa693faca07d012
                                                                              • Instruction ID: f5835bae9504582b307ee883f9a39f8952d379f03176edf34d656c653c389e10
                                                                              • Opcode Fuzzy Hash: b5a89c7fde7da0b2a17f4a5b60eab134a26ee4f79738bb77faa693faca07d012
                                                                              • Instruction Fuzzy Hash: E641C671900319ABDF219F64CC55BEA7FA9FF08355F100526F958E7181D7719E88CB90
                                                                              Function 0052BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0052BCFD
                                                                              • IsMenu.USER32(00000000), ref: 0052BD1D
                                                                              • CreatePopupMenu.USER32 ref: 0052BD53
                                                                              • GetMenuItemCount.USER32(01114978), ref: 0052BDA4
                                                                              • InsertMenuItemW.USER32(01114978,?,00000001,00000030), ref: 0052BDCC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                              • String ID: 0$2
                                                                              • API String ID: 93392585-3793063076
                                                                              • Opcode ID: ec83c98d92b613beaa79c8a6107dcdd297d1cb8c230fac38f7251aa1529d0437
                                                                              • Instruction ID: de2ba59fe4ab5458e2c10cdcd6ad5f6c40ecab6915cb067f8cf18db7c39adbf2
                                                                              • Opcode Fuzzy Hash: ec83c98d92b613beaa79c8a6107dcdd297d1cb8c230fac38f7251aa1529d0437
                                                                              • Instruction Fuzzy Hash: 1051AF70A003259BEF10CFA8E888BEEBFF4BF56314F144559E451A72D1E7709945CB51
                                                                              Function 004E2D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _ValidateLocalCookies.LIBCMT ref: 004E2D4B
                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 004E2D53
                                                                              • _ValidateLocalCookies.LIBCMT ref: 004E2DE1
                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 004E2E0C
                                                                              • _ValidateLocalCookies.LIBCMT ref: 004E2E61
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                              • String ID: &HN$csm
                                                                              • API String ID: 1170836740-1309365568
                                                                              • Opcode ID: ce5a2a98a1490fd9094e61bd688e95be54718ecee6fa34a59eeed0c36d2d5a9d
                                                                              • Instruction ID: f8aed50a3c4223220762cdf10cab44ac1ca3f53967a4f892d355491eb968f08f
                                                                              • Opcode Fuzzy Hash: ce5a2a98a1490fd9094e61bd688e95be54718ecee6fa34a59eeed0c36d2d5a9d
                                                                              • Instruction Fuzzy Hash: 04410634E00248DBCF10DF6ACD44A9FBBB8BF4431AF148157E9146B392D7B99A05CB94
                                                                              Function 0052C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadIconW.USER32(00000000,00007F03), ref: 0052C913
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: IconLoad
                                                                              • String ID: blank$info$question$stop$warning
                                                                              • API String ID: 2457776203-404129466
                                                                              • Opcode ID: c5e16e0570f3a9063aeb69cb9df4bf9cebd1ac0ded211bc0d79c782d60254c9a
                                                                              • Instruction ID: bd7040e98e2fb3d7895a91495d8e79d0ce65cc947e5fd5289b1d127b8ee61725
                                                                              • Opcode Fuzzy Hash: c5e16e0570f3a9063aeb69cb9df4bf9cebd1ac0ded211bc0d79c782d60254c9a
                                                                              • Instruction Fuzzy Hash: 96112B32789316BAA7046B55AC83CAE2F9CFF16729B10003FF900E61C3D7A46E4053AC
                                                                              Function 0052DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                              • String ID: 0.0.0.0
                                                                              • API String ID: 642191829-3771769585
                                                                              • Opcode ID: 3cc285f1fabc318fe8b158e864bb96f04542a126f4d8549c24233b8f16f30def
                                                                              • Instruction ID: 60f347e66294b369aeaf8bd63714e713dd6c5511ab2285b04a94bd551af7ef27
                                                                              • Opcode Fuzzy Hash: 3cc285f1fabc318fe8b158e864bb96f04542a126f4d8549c24233b8f16f30def
                                                                              • Instruction Fuzzy Hash: 4E113A71800314AFCB20AB71AC0ADEE7FBCEF55326F01016EF445A60D1EF748A859A60
                                                                              Function 0052ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$LocalTime
                                                                              • String ID:
                                                                              • API String ID: 952045576-0
                                                                              • Opcode ID: 8c7247c526313bea3524e0efe0629c9c4e22643079a1690deaeeabd7802ede54
                                                                              • Instruction ID: dabdae14fe376ffb8c0baba88fc24595702746d6a3621ad7aaf05cb63c467710
                                                                              • Opcode Fuzzy Hash: 8c7247c526313bea3524e0efe0629c9c4e22643079a1690deaeeabd7802ede54
                                                                              • Instruction Fuzzy Hash: 4841A565C1025875CB11EBF6888A9CF77ACAF45310F5148ABE614F3162FB38D245C3E9
                                                                              Function 004DF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0051682C,00000004,00000000,00000000), ref: 004DF953
                                                                              • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0051682C,00000004,00000000,00000000), ref: 0051F3D1
                                                                              • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0051682C,00000004,00000000,00000000), ref: 0051F454
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ShowWindow
                                                                              • String ID:
                                                                              • API String ID: 1268545403-0
                                                                              • Opcode ID: 09f39ccf1a14a872efcb52a13fa0d2e44d9bfe6403a4bd2fa0967fd594b35692
                                                                              • Instruction ID: 264d63fa656124fb184aa1caa7ac1f506e8eface68c3fbb8f9b7ecc4dc65af80
                                                                              • Opcode Fuzzy Hash: 09f39ccf1a14a872efcb52a13fa0d2e44d9bfe6403a4bd2fa0967fd594b35692
                                                                              • Instruction Fuzzy Hash: B1416AB0A08780BED7388B2988B876B7F91BB56314F14447FE04B56760C779A8C8DB19
                                                                              Function 00552D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DeleteObject.GDI32(00000000), ref: 00552D1B
                                                                              • GetDC.USER32(00000000), ref: 00552D23
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00552D2E
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00552D3A
                                                                              • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00552D76
                                                                              • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00552D87
                                                                              • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00555A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00552DC2
                                                                              • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00552DE1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                              • String ID:
                                                                              • API String ID: 3864802216-0
                                                                              • Opcode ID: dab2f0cb6be617f4aa4e7c9cd8dd764fa83019fdf93d6c31801f8330af3e2090
                                                                              • Instruction ID: 0df4fe57a163e7b5ef1e662eae81a9a774aefff106f165bf2e9b3cd0c158fc31
                                                                              • Opcode Fuzzy Hash: dab2f0cb6be617f4aa4e7c9cd8dd764fa83019fdf93d6c31801f8330af3e2090
                                                                              • Instruction Fuzzy Hash: 87316B72201314BFEB118F548C9AFEB3FA9FB1A716F044056FE089A291C6759C55CBA4
                                                                              Function 00525622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _memcmp
                                                                              • String ID:
                                                                              • API String ID: 2931989736-0
                                                                              • Opcode ID: 1bf0ab36ca67d4c15f504a9bea8d11765f894cc2f62800de334e22a5086b55a3
                                                                              • Instruction ID: cccb9cd3cb171f9e9c0a7884f63d28621ea4bb3277b5d972ce0797001a23cf3d
                                                                              • Opcode Fuzzy Hash: 1bf0ab36ca67d4c15f504a9bea8d11765f894cc2f62800de334e22a5086b55a3
                                                                              • Instruction Fuzzy Hash: 6E213E7178596577E21495126D92FFB3B4CBF12386F440036FD055A9C1F734FD1482A9
                                                                              Function 00544FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: NULL Pointer assignment$Not an Object type
                                                                              • API String ID: 0-572801152
                                                                              • Opcode ID: 44b5c7e5b0e8dbdb47c97ea12303423dcf0996080bdecb7742dfc8f92af38f02
                                                                              • Instruction ID: 443f3174da378994a80f9de81824d1ebd842a4e3bf4ae7087c9d840feaa4778f
                                                                              • Opcode Fuzzy Hash: 44b5c7e5b0e8dbdb47c97ea12303423dcf0996080bdecb7742dfc8f92af38f02
                                                                              • Instruction Fuzzy Hash: 6FD19375A0070A9FDF10CFA8C895BEEBBB5BF48348F148469E915AB282E770DD45CB50
                                                                              Function 00501522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,005017FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 005015CE
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,005017FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00501651
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,005017FB,?,005017FB,00000000,00000000,?,00000000,?,?,?,?), ref: 005016E4
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,005017FB,00000000,00000000,?,00000000,?,?,?,?), ref: 005016FB
                                                                                • Part of subcall function 004F3820: RtlAllocateHeap.NTDLL(00000000,?,00591444,?,004DFDF5,?,?,004CA976,00000010,00591440,004C13FC,?,004C13C6,?,004C1129), ref: 004F3852
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,005017FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00501777
                                                                              • __freea.LIBCMT ref: 005017A2
                                                                              • __freea.LIBCMT ref: 005017AE
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                              • String ID:
                                                                              • API String ID: 2829977744-0
                                                                              • Opcode ID: 8f08030f10a8daed42ce5bc7974c1ed14f6795fc97203aa8a387a24aae1e81da
                                                                              • Instruction ID: 1fb89d6d40ce452a910f458a6313f10b5268ae8a9ad59573f6079846ce351335
                                                                              • Opcode Fuzzy Hash: 8f08030f10a8daed42ce5bc7974c1ed14f6795fc97203aa8a387a24aae1e81da
                                                                              • Instruction Fuzzy Hash: 0B91B171E00A169EDB208EA4CD85AEE7FB5FF49310F180659E902EB1C1DB25DC44CB6A
                                                                              Function 00544523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$ClearInit
                                                                              • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                              • API String ID: 2610073882-625585964
                                                                              • Opcode ID: 09d03ce4524fc58506c6c228684bf44c6dc48d1dcc41126794299c9e826850b1
                                                                              • Instruction ID: fcec5bc18ba8010e6ce9f3ae6cad2486ee6fcd787300d72a1fd9d165f8734546
                                                                              • Opcode Fuzzy Hash: 09d03ce4524fc58506c6c228684bf44c6dc48d1dcc41126794299c9e826850b1
                                                                              • Instruction Fuzzy Hash: 93917071A40219ABDF20CFA5C848FEEBFB8FF46719F108559E515AB280D7709946CFA0
                                                                              Function 00531187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0053125C
                                                                              • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00531284
                                                                              • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 005312A8
                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 005312D8
                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0053135F
                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 005313C4
                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00531430
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                              • String ID:
                                                                              • API String ID: 2550207440-0
                                                                              • Opcode ID: 181bcb805959351cc09b8a187a844d9082efae3ce43b90285a8d90fa6d07549a
                                                                              • Instruction ID: e3ff9953f253a3a766cf941b1aa5ce8fe4d1cd4bf3d9aba3cd7bd71937b921cb
                                                                              • Opcode Fuzzy Hash: 181bcb805959351cc09b8a187a844d9082efae3ce43b90285a8d90fa6d07549a
                                                                              • Instruction Fuzzy Hash: 60912575A007099FDB00DFA9C894BBEBBB5FF44315F10442AE901EB291D778AD41CB98
                                                                              Function 004D948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ObjectSelect$BeginCreatePath
                                                                              • String ID:
                                                                              • API String ID: 3225163088-0
                                                                              • Opcode ID: bd4dbddb2581d4e8f7b797610610954a97b9e85ce32232c836ee1155fb0f7500
                                                                              • Instruction ID: 9ef9f751d8e7b510eb19ea791f55d523e13329c667d5bf9c439d596f79fbd7e7
                                                                              • Opcode Fuzzy Hash: bd4dbddb2581d4e8f7b797610610954a97b9e85ce32232c836ee1155fb0f7500
                                                                              • Instruction Fuzzy Hash: 3B911571900219AFCB10CFA9C898AEEBBB8FF49320F14455AE515B7251D378AE42CB64
                                                                              Function 00543947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VariantInit.OLEAUT32(?), ref: 0054396B
                                                                              • CharUpperBuffW.USER32(?,?), ref: 00543A7A
                                                                              • _wcslen.LIBCMT ref: 00543A8A
                                                                              • VariantClear.OLEAUT32(?), ref: 00543C1F
                                                                                • Part of subcall function 00530CDF: VariantInit.OLEAUT32(00000000), ref: 00530D1F
                                                                                • Part of subcall function 00530CDF: VariantCopy.OLEAUT32(?,?), ref: 00530D28
                                                                                • Part of subcall function 00530CDF: VariantClear.OLEAUT32(?), ref: 00530D34
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                              • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                              • API String ID: 4137639002-1221869570
                                                                              • Opcode ID: 44a28419c67ba79fc58652cc26819eec442872d4dc20ac3c4dfb8c872f8b07b9
                                                                              • Instruction ID: aa986aafa5ce0714ef57e368daac34284f0df89aab9600303e77326069b71733
                                                                              • Opcode Fuzzy Hash: 44a28419c67ba79fc58652cc26819eec442872d4dc20ac3c4dfb8c872f8b07b9
                                                                              • Instruction Fuzzy Hash: 0C9158746083059FC700EF25C49596ABBE5FF88318F14886EF88A97361DB34EE05CB92
                                                                              Function 00544BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0052000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0051FF41,80070057,?,?,?,0052035E), ref: 0052002B
                                                                                • Part of subcall function 0052000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0051FF41,80070057,?,?), ref: 00520046
                                                                                • Part of subcall function 0052000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0051FF41,80070057,?,?), ref: 00520054
                                                                                • Part of subcall function 0052000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0051FF41,80070057,?), ref: 00520064
                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00544C51
                                                                              • _wcslen.LIBCMT ref: 00544D59
                                                                              • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00544DCF
                                                                              • CoTaskMemFree.OLE32(?), ref: 00544DDA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                              • String ID: NULL Pointer assignment
                                                                              • API String ID: 614568839-2785691316
                                                                              • Opcode ID: f4d1f1d56951fb6b45c237f329577129d7f0113ed7ed6bbd3fc3d305475a3b91
                                                                              • Instruction ID: 27dcc69a7498a7557b9429e2225ca3c8c4f1f75daaabcb5ecd97a80948fb5592
                                                                              • Opcode Fuzzy Hash: f4d1f1d56951fb6b45c237f329577129d7f0113ed7ed6bbd3fc3d305475a3b91
                                                                              • Instruction Fuzzy Hash: 19912671D0021DAFDF10DFA5C891EEEBBB8BF08308F10856AE915A7281DB349E548F60
                                                                              Function 005520FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenu.USER32(?), ref: 00552183
                                                                              • GetMenuItemCount.USER32(00000000), ref: 005521B5
                                                                              • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 005521DD
                                                                              • _wcslen.LIBCMT ref: 00552213
                                                                              • GetMenuItemID.USER32(?,?), ref: 0055224D
                                                                              • GetSubMenu.USER32(?,?), ref: 0055225B
                                                                                • Part of subcall function 00523A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00523A57
                                                                                • Part of subcall function 00523A3D: GetCurrentThreadId.KERNEL32 ref: 00523A5E
                                                                                • Part of subcall function 00523A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,005225B3), ref: 00523A65
                                                                              • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 005522E3
                                                                                • Part of subcall function 0052E97B: Sleep.KERNEL32 ref: 0052E9F3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                              • String ID:
                                                                              • API String ID: 4196846111-0
                                                                              • Opcode ID: 029071d0e13a08691bbc5eb87994a6193011c33e9a53766bb88e72aa4413e3d1
                                                                              • Instruction ID: 1fddd64c188f5a7d9d28f4bb395ea21b5975e99da8847ff113f2238dc5387824
                                                                              • Opcode Fuzzy Hash: 029071d0e13a08691bbc5eb87994a6193011c33e9a53766bb88e72aa4413e3d1
                                                                              • Instruction Fuzzy Hash: A4718E79A00205AFCB10DF65C895AAEBBF1FF89315F14846EE816EB341D734AE45CB90
                                                                              Function 00557E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindow.USER32(011146A8), ref: 00557F37
                                                                              • IsWindowEnabled.USER32(011146A8), ref: 00557F43
                                                                              • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0055801E
                                                                              • SendMessageW.USER32(011146A8,000000B0,?,?), ref: 00558051
                                                                              • IsDlgButtonChecked.USER32(?,?), ref: 00558089
                                                                              • GetWindowLongW.USER32(011146A8,000000EC), ref: 005580AB
                                                                              • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 005580C3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                              • String ID:
                                                                              • API String ID: 4072528602-0
                                                                              • Opcode ID: 6a9b5b009288553aa8bf1bba4c717f2e565799b0184f330f07827472ddc72468
                                                                              • Instruction ID: 6d2d64fd274458a6adc79960c2b19e34122babfe51a98114d74b7f2af794dc2e
                                                                              • Opcode Fuzzy Hash: 6a9b5b009288553aa8bf1bba4c717f2e565799b0184f330f07827472ddc72468
                                                                              • Instruction Fuzzy Hash: C471AE34608248AFEB21DF64D8A4FBA7FB5FF19302F14045AED55972A1CB31A948DB10
                                                                              Function 0052AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetParent.USER32(?), ref: 0052AEF9
                                                                              • GetKeyboardState.USER32(?), ref: 0052AF0E
                                                                              • SetKeyboardState.USER32(?), ref: 0052AF6F
                                                                              • PostMessageW.USER32(?,00000101,00000010,?), ref: 0052AF9D
                                                                              • PostMessageW.USER32(?,00000101,00000011,?), ref: 0052AFBC
                                                                              • PostMessageW.USER32(?,00000101,00000012,?), ref: 0052AFFD
                                                                              • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0052B020
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                              • String ID:
                                                                              • API String ID: 87235514-0
                                                                              • Opcode ID: 8aa690105c0328ae4b105b0e2aea474cf1c1e3997d1625610468ddfc048f117e
                                                                              • Instruction ID: a306264f6e335f00007f46941b3a99c601b5a10e099a477c2872f22908e4da69
                                                                              • Opcode Fuzzy Hash: 8aa690105c0328ae4b105b0e2aea474cf1c1e3997d1625610468ddfc048f117e
                                                                              • Instruction Fuzzy Hash: 1E51C1A06047E53EFB3782349949BBABFE96F07304F088589E1E9558C3D398ADC8D751
                                                                              Function 0052ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetParent.USER32(00000000), ref: 0052AD19
                                                                              • GetKeyboardState.USER32(?), ref: 0052AD2E
                                                                              • SetKeyboardState.USER32(?), ref: 0052AD8F
                                                                              • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0052ADBB
                                                                              • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0052ADD8
                                                                              • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0052AE17
                                                                              • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0052AE38
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                              • String ID:
                                                                              • API String ID: 87235514-0
                                                                              • Opcode ID: 83eaf832281caa28e00e03d088a33eefe3df311587fa8c4da68b4cf653685e7b
                                                                              • Instruction ID: 9a5a788593c596cb779e3754e075862506253e5c2143430f114be0a8ca622bc9
                                                                              • Opcode Fuzzy Hash: 83eaf832281caa28e00e03d088a33eefe3df311587fa8c4da68b4cf653685e7b
                                                                              • Instruction Fuzzy Hash: 8A51D3A15047E53EFB3783349C95B7ABEA87F47300F088488E1D55A8C2D294EC89E762
                                                                              Function 004F542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetConsoleCP.KERNEL32(00503CD6,?,?,?,?,?,?,?,?,004F5BA3,?,?,00503CD6,?,?), ref: 004F5470
                                                                              • __fassign.LIBCMT ref: 004F54EB
                                                                              • __fassign.LIBCMT ref: 004F5506
                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00503CD6,00000005,00000000,00000000), ref: 004F552C
                                                                              • WriteFile.KERNEL32(?,00503CD6,00000000,004F5BA3,00000000,?,?,?,?,?,?,?,?,?,004F5BA3,?), ref: 004F554B
                                                                              • WriteFile.KERNEL32(?,?,00000001,004F5BA3,00000000,?,?,?,?,?,?,?,?,?,004F5BA3,?), ref: 004F5584
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                              • String ID:
                                                                              • API String ID: 1324828854-0
                                                                              • Opcode ID: fe6cddb8c6dcade0e78ac45d3b0acc349d34c763fb0ee79a4a670bc4a8762ef9
                                                                              • Instruction ID: 90dc871166ecd3d17214f31baf33ac129feef042c6cf1aaef7af1062cb452b0b
                                                                              • Opcode Fuzzy Hash: fe6cddb8c6dcade0e78ac45d3b0acc349d34c763fb0ee79a4a670bc4a8762ef9
                                                                              • Instruction Fuzzy Hash: AF51E1B1A00709AFDB10CFA8D845AEEBBF9EF09300F14551BFA55E7291D7349A41CB64
                                                                              Function 005410B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0054304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0054307A
                                                                                • Part of subcall function 0054304E: _wcslen.LIBCMT ref: 0054309B
                                                                              • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00541112
                                                                              • WSAGetLastError.WSOCK32 ref: 00541121
                                                                              • WSAGetLastError.WSOCK32 ref: 005411C9
                                                                              • closesocket.WSOCK32(00000000), ref: 005411F9
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                              • String ID:
                                                                              • API String ID: 2675159561-0
                                                                              • Opcode ID: 86b0148c9497f482c98e6d940e93786bedd629bf27309e6cfc0f9dd2aefba026
                                                                              • Instruction ID: 5d47b676ea7e3a1e5b4a88ac6c621dd46e2c0429808affb9cb58eb46d08e9d01
                                                                              • Opcode Fuzzy Hash: 86b0148c9497f482c98e6d940e93786bedd629bf27309e6cfc0f9dd2aefba026
                                                                              • Instruction Fuzzy Hash: 7141F035600604AFDB109F64C884BEABFE9FF85368F14805DF90A9B291C774AD85CBE4
                                                                              Function 0052CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0052DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0052CF22,?), ref: 0052DDFD
                                                                                • Part of subcall function 0052DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0052CF22,?), ref: 0052DE16
                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 0052CF45
                                                                              • MoveFileW.KERNEL32(?,?), ref: 0052CF7F
                                                                              • _wcslen.LIBCMT ref: 0052D005
                                                                              • _wcslen.LIBCMT ref: 0052D01B
                                                                              • SHFileOperationW.SHELL32(?), ref: 0052D061
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                              • String ID: \*.*
                                                                              • API String ID: 3164238972-1173974218
                                                                              • Opcode ID: 78635e7c061b2a8a678c3a1c6c4ee965c2758d8aca11c97a72bb7e8109691901
                                                                              • Instruction ID: ac6041b5939856a04b648eb3dd1b36857c612766f64e01bc7ce0c7a9de817957
                                                                              • Opcode Fuzzy Hash: 78635e7c061b2a8a678c3a1c6c4ee965c2758d8aca11c97a72bb7e8109691901
                                                                              • Instruction Fuzzy Hash: 784189718052295FDF12EFA4DA85EDD7FB8BF49340F1000E6E545EB182EB34A648CB50
                                                                              Function 00552DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00552E1C
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00552E4F
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00552E84
                                                                              • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00552EB6
                                                                              • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00552EE0
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00552EF1
                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00552F0B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: LongWindow$MessageSend
                                                                              • String ID:
                                                                              • API String ID: 2178440468-0
                                                                              • Opcode ID: f36224298f65a1e56b4346770ffa92760a4986ca9e61a95f93fd16dbed075576
                                                                              • Instruction ID: 8c7f5fc5f4ed723b86d46bb7613485a9b60632b17e98c0b18fbe9b3223ab69c9
                                                                              • Opcode Fuzzy Hash: f36224298f65a1e56b4346770ffa92760a4986ca9e61a95f93fd16dbed075576
                                                                              • Instruction Fuzzy Hash: 153117306042519FDB21CF58DCA6F653BE9FBAA712F150166F9048F2B1CB71AC48EB41
                                                                              Function 00527726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00527769
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0052778F
                                                                              • SysAllocString.OLEAUT32(00000000), ref: 00527792
                                                                              • SysAllocString.OLEAUT32(?), ref: 005277B0
                                                                              • SysFreeString.OLEAUT32(?), ref: 005277B9
                                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 005277DE
                                                                              • SysAllocString.OLEAUT32(?), ref: 005277EC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                              • String ID:
                                                                              • API String ID: 3761583154-0
                                                                              • Opcode ID: ac29a1e0c583ee70930841a154056ff2b462d405adff02c1fd0ad0de828e8eb7
                                                                              • Instruction ID: a70e2bafe89e0b76f97081009e55a7a54ee99a1ebbd8924d18e75258a0734814
                                                                              • Opcode Fuzzy Hash: ac29a1e0c583ee70930841a154056ff2b462d405adff02c1fd0ad0de828e8eb7
                                                                              • Instruction Fuzzy Hash: 5D219C76604229AFDF10DFA8DC98CBA7BACFF0A3647088426BA15DB290D6709C458764
                                                                              Function 005277FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00527842
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00527868
                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0052786B
                                                                              • SysAllocString.OLEAUT32 ref: 0052788C
                                                                              • SysFreeString.OLEAUT32 ref: 00527895
                                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 005278AF
                                                                              • SysAllocString.OLEAUT32(?), ref: 005278BD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                              • String ID:
                                                                              • API String ID: 3761583154-0
                                                                              • Opcode ID: 73e731d88c6d48e70c9c30dd8bf25f108d26c2d21faa8bcb0913e50df84040b1
                                                                              • Instruction ID: 0d64c1b2ce129bd6e003c8079a0faf52e9d1b44c4447a67e1f4a25fdfaac08ba
                                                                              • Opcode Fuzzy Hash: 73e731d88c6d48e70c9c30dd8bf25f108d26c2d21faa8bcb0913e50df84040b1
                                                                              • Instruction Fuzzy Hash: 58218132604228AF9F10DBA9DC98DAA7BECFF0D3617108125B915CB2A1E674DC45CB64
                                                                              Function 005304D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetStdHandle.KERNEL32(0000000C), ref: 005304F2
                                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0053052E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CreateHandlePipe
                                                                              • String ID: nul
                                                                              • API String ID: 1424370930-2873401336
                                                                              • Opcode ID: 813899234fd3dc9292e83d11b714b7e132ea308cdd1f0493f66a0167a7a5441e
                                                                              • Instruction ID: 7e8ae4ba26727ef245f76d5b233c2826d23295035bb399f37fc5656e670eea1e
                                                                              • Opcode Fuzzy Hash: 813899234fd3dc9292e83d11b714b7e132ea308cdd1f0493f66a0167a7a5441e
                                                                              • Instruction Fuzzy Hash: E2213B75500305AFDF209F69DC54AAA7FE4BF54725F204A19F8A1E62E0E7709944DF20
                                                                              Function 005305A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetStdHandle.KERNEL32(000000F6), ref: 005305C6
                                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00530601
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CreateHandlePipe
                                                                              • String ID: nul
                                                                              • API String ID: 1424370930-2873401336
                                                                              • Opcode ID: 54cb64cec2c2b8e6cea6679d4942e549b64652dc8d44905702151bb6e2bd2932
                                                                              • Instruction ID: d6bbc9bc2fc610d5fed9faa9b7077a875624264e92cb12bedb73775bf7366e0c
                                                                              • Opcode Fuzzy Hash: 54cb64cec2c2b8e6cea6679d4942e549b64652dc8d44905702151bb6e2bd2932
                                                                              • Instruction Fuzzy Hash: CD2192755003059FDB209F69CC25AAA7FE8BF95B20F201A19F8A1E72E4D7709860CB10
                                                                              Function 005540AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 004C604C
                                                                                • Part of subcall function 004C600E: GetStockObject.GDI32(00000011), ref: 004C6060
                                                                                • Part of subcall function 004C600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 004C606A
                                                                              • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00554112
                                                                              • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0055411F
                                                                              • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0055412A
                                                                              • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00554139
                                                                              • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00554145
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$CreateObjectStockWindow
                                                                              • String ID: Msctls_Progress32
                                                                              • API String ID: 1025951953-3636473452
                                                                              • Opcode ID: 54d7580e9c951dae7e5b5ce5207a2ea35dd483a71754b26be2d4b567a9064818
                                                                              • Instruction ID: 822bb8e68e7efb5cee0b7ab9ead0e43e255848a4c96383db150d83209edd5d90
                                                                              • Opcode Fuzzy Hash: 54d7580e9c951dae7e5b5ce5207a2ea35dd483a71754b26be2d4b567a9064818
                                                                              • Instruction Fuzzy Hash: 4911E2B214021EBEEF108F64CC85EE77F9DFF18398F014111BA18A6090C672DC61DBA4
                                                                              Function 004FD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004FD7A3: _free.LIBCMT ref: 004FD7CC
                                                                              • _free.LIBCMT ref: 004FD82D
                                                                                • Part of subcall function 004F29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004FD7D1,00000000,00000000,00000000,00000000,?,004FD7F8,00000000,00000007,00000000,?,004FDBF5,00000000), ref: 004F29DE
                                                                                • Part of subcall function 004F29C8: GetLastError.KERNEL32(00000000,?,004FD7D1,00000000,00000000,00000000,00000000,?,004FD7F8,00000000,00000007,00000000,?,004FDBF5,00000000,00000000), ref: 004F29F0
                                                                              • _free.LIBCMT ref: 004FD838
                                                                              • _free.LIBCMT ref: 004FD843
                                                                              • _free.LIBCMT ref: 004FD897
                                                                              • _free.LIBCMT ref: 004FD8A2
                                                                              • _free.LIBCMT ref: 004FD8AD
                                                                              • _free.LIBCMT ref: 004FD8B8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                              • String ID:
                                                                              • API String ID: 776569668-0
                                                                              • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                              • Instruction ID: 90ff8f4d5328423502cfa03f7148a1bcf2c73184afb0a8811d409cc77d7fa951
                                                                              • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                              • Instruction Fuzzy Hash: 051154B198070CAAD521BFB2CC47FEB7BDD6F00704F40081EB399AA0A2D6ADB5054655
                                                                              Function 0052DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0052DA74
                                                                              • LoadStringW.USER32(00000000), ref: 0052DA7B
                                                                              • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0052DA91
                                                                              • LoadStringW.USER32(00000000), ref: 0052DA98
                                                                              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0052DADC
                                                                              Strings
                                                                              • %s (%d) : ==> %s: %s %s, xrefs: 0052DAB9
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: HandleLoadModuleString$Message
                                                                              • String ID: %s (%d) : ==> %s: %s %s
                                                                              • API String ID: 4072794657-3128320259
                                                                              • Opcode ID: 111f608e9c54af4b9e99302235232569ad50268b4271514ef2dae2efae467c11
                                                                              • Instruction ID: c9764d02a4d701461a29073b3c5f13773a0a1d75a3aa8587a9174f06b1c6197a
                                                                              • Opcode Fuzzy Hash: 111f608e9c54af4b9e99302235232569ad50268b4271514ef2dae2efae467c11
                                                                              • Instruction Fuzzy Hash: C6018BF25003187FEB10D7A49D89EEB3B6CEB08306F404455B705E2041EA749E888F74
                                                                              Function 0053096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InterlockedExchange.KERNEL32(0110D350,0110D350), ref: 0053097B
                                                                              • EnterCriticalSection.KERNEL32(0110D330,00000000), ref: 0053098D
                                                                              • TerminateThread.KERNEL32(?,000001F6), ref: 0053099B
                                                                              • WaitForSingleObject.KERNEL32(?,000003E8), ref: 005309A9
                                                                              • CloseHandle.KERNEL32(?), ref: 005309B8
                                                                              • InterlockedExchange.KERNEL32(0110D350,000001F6), ref: 005309C8
                                                                              • LeaveCriticalSection.KERNEL32(0110D330), ref: 005309CF
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                              • String ID:
                                                                              • API String ID: 3495660284-0
                                                                              • Opcode ID: 92fdf8ce2acaa4b0419ef0f424e17b0537b9fe5a993132e72d99b0ac5fda0c4e
                                                                              • Instruction ID: fd9ae35263ca23614f9be476628b1a0638ecd28cf8a38ad50d2202df6c2f3464
                                                                              • Opcode Fuzzy Hash: 92fdf8ce2acaa4b0419ef0f424e17b0537b9fe5a993132e72d99b0ac5fda0c4e
                                                                              • Instruction Fuzzy Hash: FDF01932442B02AFD7415BA4EE98BEABF29FF11702F402025F202918A0CB7494A9DF90
                                                                              Function 00541C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00541DC0
                                                                              • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00541DE1
                                                                              • WSAGetLastError.WSOCK32 ref: 00541DF2
                                                                              • htons.WSOCK32(?,?,?,?,?), ref: 00541EDB
                                                                              • inet_ntoa.WSOCK32(?), ref: 00541E8C
                                                                                • Part of subcall function 005239E8: _strlen.LIBCMT ref: 005239F2
                                                                                • Part of subcall function 00543224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0053EC0C), ref: 00543240
                                                                              • _strlen.LIBCMT ref: 00541F35
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                              • String ID:
                                                                              • API String ID: 3203458085-0
                                                                              • Opcode ID: 6090dabbedc57c5d73db2e5e41b8318198589d00b8a5f6abc339f006d6fadaea
                                                                              • Instruction ID: 55066051acd9b03faa012fb1bd49b98c38d7069e66b6633215b111990da5dd83
                                                                              • Opcode Fuzzy Hash: 6090dabbedc57c5d73db2e5e41b8318198589d00b8a5f6abc339f006d6fadaea
                                                                              • Instruction Fuzzy Hash: D6B1DB34204740AFC324EF25C895F6A7BA5BF8431CF54894DF45A4B2A2DB31ED86CBA5
                                                                              Function 004C5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetClientRect.USER32(?,?), ref: 004C5D30
                                                                              • GetWindowRect.USER32(?,?), ref: 004C5D71
                                                                              • ScreenToClient.USER32(?,?), ref: 004C5D99
                                                                              • GetClientRect.USER32(?,?), ref: 004C5ED7
                                                                              • GetWindowRect.USER32(?,?), ref: 004C5EF8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$Client$Window$Screen
                                                                              • String ID:
                                                                              • API String ID: 1296646539-0
                                                                              • Opcode ID: 4775eb8ba924f74ca176692eaa4280e12b37a46c754d005aa30d07ab9dfa461c
                                                                              • Instruction ID: 4ba37070c317154e4f83c5b6c1fa930a897214f4225bd6c6e021376f67d4cac2
                                                                              • Opcode Fuzzy Hash: 4775eb8ba924f74ca176692eaa4280e12b37a46c754d005aa30d07ab9dfa461c
                                                                              • Instruction Fuzzy Hash: B9B15A78A0074ADBDB14CFA8C480BEEBBF1FF54310F14881AE9A9D7250D734AA91DB54
                                                                              Function 004F01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __allrem.LIBCMT ref: 004F00BA
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004F00D6
                                                                              • __allrem.LIBCMT ref: 004F00ED
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004F010B
                                                                              • __allrem.LIBCMT ref: 004F0122
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004F0140
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                              • String ID:
                                                                              • API String ID: 1992179935-0
                                                                              • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                              • Instruction ID: fe5d601490a0fee992e9c04dfa9dca5fcff4de06495df31176f3a70b1dd14291
                                                                              • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                              • Instruction Fuzzy Hash: 1A81F671600B0A9BE7209F6ACC41B7B73E9AF81324F24452FF651D7382EB79D9048799
                                                                              Function 004F61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,004E82D9,004E82D9,?,?,?,004F644F,00000001,00000001,8BE85006), ref: 004F6258
                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,004F644F,00000001,00000001,8BE85006,?,?,?), ref: 004F62DE
                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 004F63D8
                                                                              • __freea.LIBCMT ref: 004F63E5
                                                                                • Part of subcall function 004F3820: RtlAllocateHeap.NTDLL(00000000,?,00591444,?,004DFDF5,?,?,004CA976,00000010,00591440,004C13FC,?,004C13C6,?,004C1129), ref: 004F3852
                                                                              • __freea.LIBCMT ref: 004F63EE
                                                                              • __freea.LIBCMT ref: 004F6413
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1414292761-0
                                                                              • Opcode ID: 791f0e17474dd2374e997ce69bede64e4e0842a899c7fc105d6f3c2de67ab809
                                                                              • Instruction ID: d3bbe640cd830a4afe5ff9656d182624def0c184f84408adafcaa405b790b00a
                                                                              • Opcode Fuzzy Hash: 791f0e17474dd2374e997ce69bede64e4e0842a899c7fc105d6f3c2de67ab809
                                                                              • Instruction Fuzzy Hash: 6751357260021AAFEB259F64CC81EBF7BA9EF54710F16422AFE05D7240DB38DC44C669
                                                                              Function 0054BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                                • Part of subcall function 0054C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0054B6AE,?,?), ref: 0054C9B5
                                                                                • Part of subcall function 0054C998: _wcslen.LIBCMT ref: 0054C9F1
                                                                                • Part of subcall function 0054C998: _wcslen.LIBCMT ref: 0054CA68
                                                                                • Part of subcall function 0054C998: _wcslen.LIBCMT ref: 0054CA9E
                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0054BCCA
                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0054BD25
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0054BD6A
                                                                              • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0054BD99
                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0054BDF3
                                                                              • RegCloseKey.ADVAPI32(?), ref: 0054BDFF
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                              • String ID:
                                                                              • API String ID: 1120388591-0
                                                                              • Opcode ID: f3f5bae37f2e73fe6b0730f13a8dd433c9292dfaacb2d601a6db7c94a0954fc2
                                                                              • Instruction ID: 7aca9523591d154788f8b5d238b1c9d2f3130e7a3a527fa99e9aae7de8c55866
                                                                              • Opcode Fuzzy Hash: f3f5bae37f2e73fe6b0730f13a8dd433c9292dfaacb2d601a6db7c94a0954fc2
                                                                              • Instruction Fuzzy Hash: 24817C74208241AFD714DF24C895E6ABBE5FF8430CF14899DF45A4B2A2DB32ED45CB92
                                                                              Function 0051F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VariantInit.OLEAUT32(00000035), ref: 0051F7B9
                                                                              • SysAllocString.OLEAUT32(00000001), ref: 0051F860
                                                                              • VariantCopy.OLEAUT32(0051FA64,00000000), ref: 0051F889
                                                                              • VariantClear.OLEAUT32(0051FA64), ref: 0051F8AD
                                                                              • VariantCopy.OLEAUT32(0051FA64,00000000), ref: 0051F8B1
                                                                              • VariantClear.OLEAUT32(?), ref: 0051F8BB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$ClearCopy$AllocInitString
                                                                              • String ID:
                                                                              • API String ID: 3859894641-0
                                                                              • Opcode ID: 497ef32e0f2458f83d977dca927123840c747fc7390505e907695ee906a2bbf4
                                                                              • Instruction ID: 50ed48a3b3d3e6bc859ab787603c107c41ee48198bef967922ebd753eafa70ec
                                                                              • Opcode Fuzzy Hash: 497ef32e0f2458f83d977dca927123840c747fc7390505e907695ee906a2bbf4
                                                                              • Instruction Fuzzy Hash: EF510B35500310FBEF20BB65D895BA9BBA4FF45314F14446BE806DF291D7748C80D7A6
                                                                              Function 0053910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C7620: _wcslen.LIBCMT ref: 004C7625
                                                                                • Part of subcall function 004C6B57: _wcslen.LIBCMT ref: 004C6B6A
                                                                              • GetOpenFileNameW.COMDLG32(00000058), ref: 005394E5
                                                                              • _wcslen.LIBCMT ref: 00539506
                                                                              • _wcslen.LIBCMT ref: 0053952D
                                                                              • GetSaveFileNameW.COMDLG32(00000058), ref: 00539585
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$FileName$OpenSave
                                                                              • String ID: X
                                                                              • API String ID: 83654149-3081909835
                                                                              • Opcode ID: abd742fbc62440a217abe28202898c0d1ecd10e713f08ce14a0e5ab623b97025
                                                                              • Instruction ID: 7ae4b0a492591c50cb1abfafc3b32b2ddd4e9cd184449d8eeb07fdef9ae702f3
                                                                              • Opcode Fuzzy Hash: abd742fbc62440a217abe28202898c0d1ecd10e713f08ce14a0e5ab623b97025
                                                                              • Instruction Fuzzy Hash: 57E1B2756083409FC764DF25C481F6ABBE0BF84318F04896EF8899B2A2DB74DD04CB96
                                                                              Function 004D920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004D9BB2
                                                                              • BeginPaint.USER32(?,?,?), ref: 004D9241
                                                                              • GetWindowRect.USER32(?,?), ref: 004D92A5
                                                                              • ScreenToClient.USER32(?,?), ref: 004D92C2
                                                                              • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 004D92D3
                                                                              • EndPaint.USER32(?,?,?,?,?), ref: 004D9321
                                                                              • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 005171EA
                                                                                • Part of subcall function 004D9339: BeginPath.GDI32(00000000), ref: 004D9357
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                              • String ID:
                                                                              • API String ID: 3050599898-0
                                                                              • Opcode ID: 71ca5e3d1074361ccb316028e5526617c96dfcb57e38125197d46c30f3d147a9
                                                                              • Instruction ID: cf42167df28358e7dd6796997b9d2aacfeffde1c7705538507a7d278b1cfd5f6
                                                                              • Opcode Fuzzy Hash: 71ca5e3d1074361ccb316028e5526617c96dfcb57e38125197d46c30f3d147a9
                                                                              • Instruction Fuzzy Hash: 8D41CD30104711AFD710DF28CCA4FAA7BB8EB59325F04066BF954C72A1C7349C49EB66
                                                                              Function 005307EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InterlockedExchange.KERNEL32(?,000001F5), ref: 0053080C
                                                                              • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00530847
                                                                              • EnterCriticalSection.KERNEL32(?), ref: 00530863
                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 005308DC
                                                                              • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 005308F3
                                                                              • InterlockedExchange.KERNEL32(?,000001F6), ref: 00530921
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                              • String ID:
                                                                              • API String ID: 3368777196-0
                                                                              • Opcode ID: 5fcc581942a88a021e88e7067ef981e590c2305b7f12286eae20efc33c9d1b9d
                                                                              • Instruction ID: 7b6e9fbc2cee7d49cf440719f337883e96f222702b2ff34e9de270d7339b2bbb
                                                                              • Opcode Fuzzy Hash: 5fcc581942a88a021e88e7067ef981e590c2305b7f12286eae20efc33c9d1b9d
                                                                              • Instruction Fuzzy Hash: F5418B31A00305EFDF149F55DC95A6ABBB8FF04304F1040AAED04AA297DB34DE64DBA4
                                                                              Function 005581DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0051F3AB,00000000,?,?,00000000,?,0051682C,00000004,00000000,00000000), ref: 0055824C
                                                                              • EnableWindow.USER32(?,00000000), ref: 00558272
                                                                              • ShowWindow.USER32(FFFFFFFF,00000000), ref: 005582D1
                                                                              • ShowWindow.USER32(?,00000004), ref: 005582E5
                                                                              • EnableWindow.USER32(?,00000001), ref: 0055830B
                                                                              • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0055832F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Show$Enable$MessageSend
                                                                              • String ID:
                                                                              • API String ID: 642888154-0
                                                                              • Opcode ID: 7c6a1734ec9896be2d6c3c0b32f58a469d05bd249621c91ac40998e1704d0ed0
                                                                              • Instruction ID: 013e08c5b0c4d23cf6934a073cec346a29de4d2016d31d29110d309dcfb3d8bf
                                                                              • Opcode Fuzzy Hash: 7c6a1734ec9896be2d6c3c0b32f58a469d05bd249621c91ac40998e1704d0ed0
                                                                              • Instruction Fuzzy Hash: D741C434601B41AFDB12CF14CCA9BB47FE0FB19716F19416AE9089F262CB31A849DB40
                                                                              Function 00524C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindowVisible.USER32(?), ref: 00524C95
                                                                              • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00524CB2
                                                                              • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00524CEA
                                                                              • _wcslen.LIBCMT ref: 00524D08
                                                                              • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00524D10
                                                                              • _wcsstr.LIBVCRUNTIME ref: 00524D1A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                              • String ID:
                                                                              • API String ID: 72514467-0
                                                                              • Opcode ID: 33013412235610e1a97444c9adf1efb8b6744ea194e923b7e809926955ba98a5
                                                                              • Instruction ID: 7493b970c4e85eca403efc267e3f89013d6517874638e94dc6e0f216393c5bce
                                                                              • Opcode Fuzzy Hash: 33013412235610e1a97444c9adf1efb8b6744ea194e923b7e809926955ba98a5
                                                                              • Instruction Fuzzy Hash: 1F21D7722042207BEB259B3AAC59E7B7F9CEF46750F10402EF805DE1D2DA65DD009AA0
                                                                              Function 0053581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,004C3A97,?,?,004C2E7F,?,?,?,00000000), ref: 004C3AC2
                                                                              • _wcslen.LIBCMT ref: 0053587B
                                                                              • CoInitialize.OLE32(00000000), ref: 00535995
                                                                              • CoCreateInstance.OLE32(0055FCF8,00000000,00000001,0055FB68,?), ref: 005359AE
                                                                              • CoUninitialize.OLE32 ref: 005359CC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                              • String ID: .lnk
                                                                              • API String ID: 3172280962-24824748
                                                                              • Opcode ID: 8277dfc634374c8b6e00fa80b80a130d0f3c6f62254d0fb85f20c5e51226b17e
                                                                              • Instruction ID: 27f3da51f29fb706685700a52441bc7dcb230fcbb2486c1d5c6569f584db96a6
                                                                              • Opcode Fuzzy Hash: 8277dfc634374c8b6e00fa80b80a130d0f3c6f62254d0fb85f20c5e51226b17e
                                                                              • Instruction Fuzzy Hash: 02D172756087019FC714DF25C494A2ABBE5FF89718F10885EF88A9B361EB31ED05CB92
                                                                              Function 0052175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00520FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00520FCA
                                                                                • Part of subcall function 00520FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00520FD6
                                                                                • Part of subcall function 00520FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00520FE5
                                                                                • Part of subcall function 00520FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00520FEC
                                                                                • Part of subcall function 00520FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00521002
                                                                              • GetLengthSid.ADVAPI32(?,00000000,00521335), ref: 005217AE
                                                                              • GetProcessHeap.KERNEL32(00000008,00000000), ref: 005217BA
                                                                              • HeapAlloc.KERNEL32(00000000), ref: 005217C1
                                                                              • CopySid.ADVAPI32(00000000,00000000,?), ref: 005217DA
                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00521335), ref: 005217EE
                                                                              • HeapFree.KERNEL32(00000000), ref: 005217F5
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                              • String ID:
                                                                              • API String ID: 3008561057-0
                                                                              • Opcode ID: 3dd3fa3c3aca1589ddd8c2599dd127cec12b66e8a343226511b397ba747279e5
                                                                              • Instruction ID: f38cc62648a1bf2993c509e73eb31c8274ab8b5bdd55e51a3016f637112d0e56
                                                                              • Opcode Fuzzy Hash: 3dd3fa3c3aca1589ddd8c2599dd127cec12b66e8a343226511b397ba747279e5
                                                                              • Instruction Fuzzy Hash: A711DC31500B15EFDB149FA4EC58BAF7FA8FFA2316F184018F44197291C731A904DB64
                                                                              Function 005214CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 005214FF
                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00521506
                                                                              • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00521515
                                                                              • CloseHandle.KERNEL32(00000004), ref: 00521520
                                                                              • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0052154F
                                                                              • DestroyEnvironmentBlock.USERENV(00000000), ref: 00521563
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                              • String ID:
                                                                              • API String ID: 1413079979-0
                                                                              • Opcode ID: 8e2917b6020f90a0319e3382b9ad07802addc723b67e17266bced329f74978f8
                                                                              • Instruction ID: a8e7ced6cee5cdb1b4c87b315d23735248eb8cd46508c6a9b7bc6a661e6d0c9d
                                                                              • Opcode Fuzzy Hash: 8e2917b6020f90a0319e3382b9ad07802addc723b67e17266bced329f74978f8
                                                                              • Instruction Fuzzy Hash: DA113372600209AFDF118FA8ED49FDE7FA9FF59705F044068FA05A20A0C3718E64EB64
                                                                              Function 004E3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,004E3379,004E2FE5), ref: 004E3390
                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 004E339E
                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004E33B7
                                                                              • SetLastError.KERNEL32(00000000,?,004E3379,004E2FE5), ref: 004E3409
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastValue___vcrt_
                                                                              • String ID:
                                                                              • API String ID: 3852720340-0
                                                                              • Opcode ID: a2a6b653e4d057e928b0d0964b05d3b5aa895571dce6632d26fd439c5f674ab6
                                                                              • Instruction ID: bbcfcc4c82e334e68c81e81a88a0631869a13325fb1547e2164cc90c5202be13
                                                                              • Opcode Fuzzy Hash: a2a6b653e4d057e928b0d0964b05d3b5aa895571dce6632d26fd439c5f674ab6
                                                                              • Instruction Fuzzy Hash: DA01D632208351AE96272B777C8D96B1E54DB1577B730022FF810922F1EF695D05665C
                                                                              Function 004F2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,004F5686,00503CD6,?,00000000,?,004F5B6A,?,?,?,?,?,004EE6D1,?,00588A48), ref: 004F2D78
                                                                              • _free.LIBCMT ref: 004F2DAB
                                                                              • _free.LIBCMT ref: 004F2DD3
                                                                              • SetLastError.KERNEL32(00000000,?,?,?,?,004EE6D1,?,00588A48,00000010,004C4F4A,?,?,00000000,00503CD6), ref: 004F2DE0
                                                                              • SetLastError.KERNEL32(00000000,?,?,?,?,004EE6D1,?,00588A48,00000010,004C4F4A,?,?,00000000,00503CD6), ref: 004F2DEC
                                                                              • _abort.LIBCMT ref: 004F2DF2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$_free$_abort
                                                                              • String ID:
                                                                              • API String ID: 3160817290-0
                                                                              • Opcode ID: e25422b4b2b19324d52bf32c06cfb385e9799eef80e24f8da132ab9ed72bb196
                                                                              • Instruction ID: 2d7c036c36010c3f52ae307e66c59a68d751b37fe22695435bcb06e1774a70a7
                                                                              • Opcode Fuzzy Hash: e25422b4b2b19324d52bf32c06cfb385e9799eef80e24f8da132ab9ed72bb196
                                                                              • Instruction Fuzzy Hash: DBF0F931545B0C2BC21237357E1AE7B2955AFD17A5B21051FFB24922D2DEAC88055129
                                                                              Function 00558A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004D9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 004D9693
                                                                                • Part of subcall function 004D9639: SelectObject.GDI32(?,00000000), ref: 004D96A2
                                                                                • Part of subcall function 004D9639: BeginPath.GDI32(?), ref: 004D96B9
                                                                                • Part of subcall function 004D9639: SelectObject.GDI32(?,00000000), ref: 004D96E2
                                                                              • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00558A4E
                                                                              • LineTo.GDI32(?,00000003,00000000), ref: 00558A62
                                                                              • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00558A70
                                                                              • LineTo.GDI32(?,00000000,00000003), ref: 00558A80
                                                                              • EndPath.GDI32(?), ref: 00558A90
                                                                              • StrokePath.GDI32(?), ref: 00558AA0
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                              • String ID:
                                                                              • API String ID: 43455801-0
                                                                              • Opcode ID: 9c2d8f4a1d4bf03146b68819c7053b07514c99b57d40ee31fbb39564dd70fffb
                                                                              • Instruction ID: 69e60f6194ba81597e164dcd41c76d40463fdcc6efcea91a5f54aa099a9d1df1
                                                                              • Opcode Fuzzy Hash: 9c2d8f4a1d4bf03146b68819c7053b07514c99b57d40ee31fbb39564dd70fffb
                                                                              • Instruction Fuzzy Hash: 9F111E7600021DFFDF119F90DC98EAA7F6CEB14365F048052BA15951B1C7719D59EF60
                                                                              Function 005251FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDC.USER32(00000000), ref: 00525218
                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00525229
                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00525230
                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00525238
                                                                              • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0052524F
                                                                              • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00525261
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CapsDevice$Release
                                                                              • String ID:
                                                                              • API String ID: 1035833867-0
                                                                              • Opcode ID: b6406983c358740449986fa1d2e60a17616c61276f9064c1eed25e6ba9367d7f
                                                                              • Instruction ID: 57122934fd2d9efd7e633d6ab0f430c2d4d0805d2f456d7c2440f6631fd1bc4c
                                                                              • Opcode Fuzzy Hash: b6406983c358740449986fa1d2e60a17616c61276f9064c1eed25e6ba9367d7f
                                                                              • Instruction Fuzzy Hash: D9018F75A00718BFEB109BA99C49A4EBFB8FF58752F044065FA04A72C1D6709904DBA0
                                                                              Function 004C1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MapVirtualKeyW.USER32(0000005B,00000000), ref: 004C1BF4
                                                                              • MapVirtualKeyW.USER32(00000010,00000000), ref: 004C1BFC
                                                                              • MapVirtualKeyW.USER32(000000A0,00000000), ref: 004C1C07
                                                                              • MapVirtualKeyW.USER32(000000A1,00000000), ref: 004C1C12
                                                                              • MapVirtualKeyW.USER32(00000011,00000000), ref: 004C1C1A
                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 004C1C22
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Virtual
                                                                              • String ID:
                                                                              • API String ID: 4278518827-0
                                                                              • Opcode ID: a04082e21d53eec198144d137e1227b13ca07e706663fb90a0dd3efdeb162dfc
                                                                              • Instruction ID: d05556583cf702def409edf9fbd36f6bbfa64a5dfc9ad1d5382657b9e585748f
                                                                              • Opcode Fuzzy Hash: a04082e21d53eec198144d137e1227b13ca07e706663fb90a0dd3efdeb162dfc
                                                                              • Instruction Fuzzy Hash: 6B016CB09027597DE3008F5A8C85B52FFA8FF19354F00411B915C4B941C7F5A864CBE5
                                                                              Function 0052EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0052EB30
                                                                              • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0052EB46
                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 0052EB55
                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0052EB64
                                                                              • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0052EB6E
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0052EB75
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                              • String ID:
                                                                              • API String ID: 839392675-0
                                                                              • Opcode ID: 9f4575c07c709cb039424ea3927c01e806da5a97613746ae610da5f219d8aebb
                                                                              • Instruction ID: d1c5181c6e89fdeefc544c55b456544838130a5cfd0dac7c0d6f7a50632f66ad
                                                                              • Opcode Fuzzy Hash: 9f4575c07c709cb039424ea3927c01e806da5a97613746ae610da5f219d8aebb
                                                                              • Instruction Fuzzy Hash: 47F01772240758BFE6215B669C2EEAB3E7CEFDAB12F000158F601D509197A05A05E6B5
                                                                              Function 00517439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetClientRect.USER32(?), ref: 00517452
                                                                              • SendMessageW.USER32(?,00001328,00000000,?), ref: 00517469
                                                                              • GetWindowDC.USER32(?), ref: 00517475
                                                                              • GetPixel.GDI32(00000000,?,?), ref: 00517484
                                                                              • ReleaseDC.USER32(?,00000000), ref: 00517496
                                                                              • GetSysColor.USER32(00000005), ref: 005174B0
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                              • String ID:
                                                                              • API String ID: 272304278-0
                                                                              • Opcode ID: 1f809bdcfaab595211ef8b16936d6221456e2067cc3ad7633e97b61c4bdfb9bb
                                                                              • Instruction ID: 117380af02dd3e2078babbd8eff512301767a2f8cd1805235f4f957efbade286
                                                                              • Opcode Fuzzy Hash: 1f809bdcfaab595211ef8b16936d6221456e2067cc3ad7633e97b61c4bdfb9bb
                                                                              • Instruction Fuzzy Hash: 7D017431400719EFEB105FA8DC48BEA7FB5FB18322F2100A0F916A21A0CB311E85EB10
                                                                              Function 00521874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0052187F
                                                                              • UnloadUserProfile.USERENV(?,?), ref: 0052188B
                                                                              • CloseHandle.KERNEL32(?), ref: 00521894
                                                                              • CloseHandle.KERNEL32(?), ref: 0052189C
                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 005218A5
                                                                              • HeapFree.KERNEL32(00000000), ref: 005218AC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                              • String ID:
                                                                              • API String ID: 146765662-0
                                                                              • Opcode ID: 770fc55776ba03869b92191f599dd8756754546a0c87dd3eabc48bf693050448
                                                                              • Instruction ID: 61771ff4864d06e02ced1673497c9d89221e4c53caa8b2950795fdd00c0239f8
                                                                              • Opcode Fuzzy Hash: 770fc55776ba03869b92191f599dd8756754546a0c87dd3eabc48bf693050448
                                                                              • Instruction Fuzzy Hash: 9BE0E536004705BFDB015FA1ED1C90ABF79FF69B23B108624F22681470CB32A4A4EF50
                                                                              Function 004CBBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __Init_thread_footer.LIBCMT ref: 004CBEB3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Init_thread_footer
                                                                              • String ID: D%Y$D%Y$D%Y$D%YD%Y
                                                                              • API String ID: 1385522511-4075623943
                                                                              • Opcode ID: 889d64a21c6da1c7b47b8a927162ad2631bc09d2ca4909b617e501db5be9f7fc
                                                                              • Instruction ID: 2d0d6de526365118e964e5b4aada4c7d82539ac888710d3c6a8a229476548a53
                                                                              • Opcode Fuzzy Hash: 889d64a21c6da1c7b47b8a927162ad2631bc09d2ca4909b617e501db5be9f7fc
                                                                              • Instruction Fuzzy Hash: D9915D79A00206DFCB94CF59C092AAAB7F1FF58310F25816ED942AB350D735AD81DBD4
                                                                              Function 00547B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004E0242: EnterCriticalSection.KERNEL32(0059070C,00591884,?,?,004D198B,00592518,?,?,?,004C12F9,00000000), ref: 004E024D
                                                                                • Part of subcall function 004E0242: LeaveCriticalSection.KERNEL32(0059070C,?,004D198B,00592518,?,?,?,004C12F9,00000000), ref: 004E028A
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                                • Part of subcall function 004E00A3: __onexit.LIBCMT ref: 004E00A9
                                                                              • __Init_thread_footer.LIBCMT ref: 00547BFB
                                                                                • Part of subcall function 004E01F8: EnterCriticalSection.KERNEL32(0059070C,?,?,004D8747,00592514), ref: 004E0202
                                                                                • Part of subcall function 004E01F8: LeaveCriticalSection.KERNEL32(0059070C,?,004D8747,00592514), ref: 004E0235
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                              • String ID: +TQ$5$G$Variable must be of type 'Object'.
                                                                              • API String ID: 535116098-4056154778
                                                                              • Opcode ID: 805d3ed34939a852a69a1fcde6363be1b273bc8dbf7a7a1c4d9d66520956e05f
                                                                              • Instruction ID: 79694bb87af91407727c6b971f5ae1fabcdbaa8945d67b6375b8c76c54262ff1
                                                                              • Opcode Fuzzy Hash: 805d3ed34939a852a69a1fcde6363be1b273bc8dbf7a7a1c4d9d66520956e05f
                                                                              • Instruction Fuzzy Hash: E9917774A04209EFCB14EF94D895DEDBBB1BF48308F10845EF816AB292DB71AE45CB51
                                                                              Function 0052C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C7620: _wcslen.LIBCMT ref: 004C7625
                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0052C6EE
                                                                              • _wcslen.LIBCMT ref: 0052C735
                                                                              • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0052C79C
                                                                              • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0052C7CA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ItemMenu$Info_wcslen$Default
                                                                              • String ID: 0
                                                                              • API String ID: 1227352736-4108050209
                                                                              • Opcode ID: e8f9b5d7dc0ce7131bcb773e931a19f02f9d0905c4f56435cc51f273447af9a8
                                                                              • Instruction ID: d4e986a5e656940c880bee0e26a27451aa9bc0e4faf0a4d286b8560770bbbf85
                                                                              • Opcode Fuzzy Hash: e8f9b5d7dc0ce7131bcb773e931a19f02f9d0905c4f56435cc51f273447af9a8
                                                                              • Instruction Fuzzy Hash: 6D51F0716043219BC7149F28E884B6E7FE8FF4A314F080A2EF995D31D2DB64D908DB56
                                                                              Function 0052719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00527206
                                                                              • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0052723C
                                                                              • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0052724D
                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 005272CF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorMode$AddressCreateInstanceProc
                                                                              • String ID: DllGetClassObject
                                                                              • API String ID: 753597075-1075368562
                                                                              • Opcode ID: eab09edbaf8189c72d756944f474157e0f99ce9d76dfb4f0b96db6fd59cbf815
                                                                              • Instruction ID: b34b508212a26910f54fab632749a60011cc48915ba655dc7ae523738c95edb3
                                                                              • Opcode Fuzzy Hash: eab09edbaf8189c72d756944f474157e0f99ce9d76dfb4f0b96db6fd59cbf815
                                                                              • Instruction Fuzzy Hash: 30417B75A04218EFDB15CF54D884A9A7FA9FF4A310F1480A9FD059F28AD7B0DA44DBA0
                                                                              Function 00553D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00553E35
                                                                              • IsMenu.USER32(?), ref: 00553E4A
                                                                              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00553E92
                                                                              • DrawMenuBar.USER32 ref: 00553EA5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$Item$DrawInfoInsert
                                                                              • String ID: 0
                                                                              • API String ID: 3076010158-4108050209
                                                                              • Opcode ID: c43044e637530127b5a7f4ca1ad8270382dd88e719a55d935895cfbafc2a1fb9
                                                                              • Instruction ID: 17d495bb4cb52d30f9d126aa08d01a4783048aa0488a782e98c89ff6f9e6fdd8
                                                                              • Opcode Fuzzy Hash: c43044e637530127b5a7f4ca1ad8270382dd88e719a55d935895cfbafc2a1fb9
                                                                              • Instruction Fuzzy Hash: 5D416A75A00209AFDB10DF90D895EAABBF9FF49395F04402AED0997250D730AE48DF60
                                                                              Function 00521DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                                • Part of subcall function 00523CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00523CCA
                                                                              • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00521E66
                                                                              • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00521E79
                                                                              • SendMessageW.USER32(?,00000189,?,00000000), ref: 00521EA9
                                                                                • Part of subcall function 004C6B57: _wcslen.LIBCMT ref: 004C6B6A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$_wcslen$ClassName
                                                                              • String ID: ComboBox$ListBox
                                                                              • API String ID: 2081771294-1403004172
                                                                              • Opcode ID: dbd85ee1e5c06d0ecd9aa89ffe99a7bef7fe1634fc4117e08f7ebb3ac354e273
                                                                              • Instruction ID: b2f277d507cec9f968f0946d06d258b393179a2f76cc18275702b34ff2d6bf47
                                                                              • Opcode Fuzzy Hash: dbd85ee1e5c06d0ecd9aa89ffe99a7bef7fe1634fc4117e08f7ebb3ac354e273
                                                                              • Instruction Fuzzy Hash: DE213A75A00104BEDB14AB65EC59DFF7FBCEF52394B10411EF825A72D0DB384D099624
                                                                              Function 00552F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00552F8D
                                                                              • LoadLibraryW.KERNEL32(?), ref: 00552F94
                                                                              • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00552FA9
                                                                              • DestroyWindow.USER32(?), ref: 00552FB1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                              • String ID: SysAnimate32
                                                                              • API String ID: 3529120543-1011021900
                                                                              • Opcode ID: 6c84f01859b3bde254b42d910c0194c575c4647c81c6aca1817823f7dad8614c
                                                                              • Instruction ID: 532038ae135accb9e97be06d7f3bd597a1db2327ebb035a1b42d20348f8d9482
                                                                              • Opcode Fuzzy Hash: 6c84f01859b3bde254b42d910c0194c575c4647c81c6aca1817823f7dad8614c
                                                                              • Instruction Fuzzy Hash: 0021BB71204205ABEB104FA4ACA2EBB3BB9FF5A326F10021AFD50E6090C231DC45AB60
                                                                              Function 004E4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,004E4D1E,004F28E9,?,004E4CBE,004F28E9,005888B8,0000000C,004E4E15,004F28E9,00000002), ref: 004E4D8D
                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004E4DA0
                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,004E4D1E,004F28E9,?,004E4CBE,004F28E9,005888B8,0000000C,004E4E15,004F28E9,00000002,00000000), ref: 004E4DC3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                              • API String ID: 4061214504-1276376045
                                                                              • Opcode ID: 8c5b30f4bda244a4f27d6d2b0bec4cf72b351612f1e4044c17c701ee5b8d5e6e
                                                                              • Instruction ID: e5b46ceca860d258b5d6b4b2c13e0510f0981b629ea3dd32a1b55e5c5b3a405c
                                                                              • Opcode Fuzzy Hash: 8c5b30f4bda244a4f27d6d2b0bec4cf72b351612f1e4044c17c701ee5b8d5e6e
                                                                              • Instruction Fuzzy Hash: FCF04F34A40308BFDB119F91DC59BAEBFB5EF54753F0000A9F805A62A0CB745D44DB94
                                                                              Function 004C4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,004C4EDD,?,00591418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004C4E9C
                                                                              • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 004C4EAE
                                                                              • FreeLibrary.KERNEL32(00000000,?,?,004C4EDD,?,00591418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004C4EC0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Library$AddressFreeLoadProc
                                                                              • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                              • API String ID: 145871493-3689287502
                                                                              • Opcode ID: bb061bcd02bba54db184a39679455a79d6e90e6e113b705ba550448ef0d5cdcc
                                                                              • Instruction ID: 4a55c9140992d3946ae329b205f0924efdc6674afd9a936f42101ec990677920
                                                                              • Opcode Fuzzy Hash: bb061bcd02bba54db184a39679455a79d6e90e6e113b705ba550448ef0d5cdcc
                                                                              • Instruction Fuzzy Hash: 95E08639A01B225FD26117256C38F5B6E54AFD2F63706011AFC00E2300DB64CD05D1A4
                                                                              Function 004C4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00503CDE,?,00591418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004C4E62
                                                                              • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 004C4E74
                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00503CDE,?,00591418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 004C4E87
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Library$AddressFreeLoadProc
                                                                              • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                              • API String ID: 145871493-1355242751
                                                                              • Opcode ID: df1e54aa5d6426276c8484fa486bf1756113490f2ce274fb0303f147b75de729
                                                                              • Instruction ID: d07eff46a7ba4cd7189483b80146a83eca34c84d126383ca1c3b667393c7bd20
                                                                              • Opcode Fuzzy Hash: df1e54aa5d6426276c8484fa486bf1756113490f2ce274fb0303f147b75de729
                                                                              • Instruction Fuzzy Hash: C6D01239502B215B96621B297C38E8B6E18BFC5F72306051ABD05A6215DF64CD05D5D4
                                                                              Function 00532947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00532C05
                                                                              • DeleteFileW.KERNEL32(?), ref: 00532C87
                                                                              • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00532C9D
                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00532CAE
                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00532CC0
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: File$Delete$Copy
                                                                              • String ID:
                                                                              • API String ID: 3226157194-0
                                                                              • Opcode ID: 25f81578a1fcbae5ae6f99abf1fe5446edc0cc77db3298646d77acc7e3c41209
                                                                              • Instruction ID: 7834a83e6f78d06af5875bbc5a1ecabdc10506a44f63e87640ae4722f9e90e59
                                                                              • Opcode Fuzzy Hash: 25f81578a1fcbae5ae6f99abf1fe5446edc0cc77db3298646d77acc7e3c41209
                                                                              • Instruction Fuzzy Hash: BFB15D71D00519ABDF21DBA5CC85EDEBBBDFF48314F1040AAF609E6141EA34AE448F65
                                                                              Function 0054A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcessId.KERNEL32 ref: 0054A427
                                                                              • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0054A435
                                                                              • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0054A468
                                                                              • CloseHandle.KERNEL32(?), ref: 0054A63D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Process$CloseCountersCurrentHandleOpen
                                                                              • String ID:
                                                                              • API String ID: 3488606520-0
                                                                              • Opcode ID: 405c8104d866b845b7d9735408aa48552dc0838189a234603a08fae2cbc70c15
                                                                              • Instruction ID: b500e43caf9a783af0d92b512fe3e83d128214358bf2f2ee0b6159a8e5e6989d
                                                                              • Opcode Fuzzy Hash: 405c8104d866b845b7d9735408aa48552dc0838189a234603a08fae2cbc70c15
                                                                              • Instruction Fuzzy Hash: 5BA1C075604300AFD760DF25C886F2ABBE1AF84718F14881EF55A9B3D2D7B4EC418B86
                                                                              Function 004FBB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00563700), ref: 004FBB91
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,0059121C,000000FF,00000000,0000003F,00000000,?,?), ref: 004FBC09
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00591270,000000FF,?,0000003F,00000000,?), ref: 004FBC36
                                                                              • _free.LIBCMT ref: 004FBB7F
                                                                                • Part of subcall function 004F29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004FD7D1,00000000,00000000,00000000,00000000,?,004FD7F8,00000000,00000007,00000000,?,004FDBF5,00000000), ref: 004F29DE
                                                                                • Part of subcall function 004F29C8: GetLastError.KERNEL32(00000000,?,004FD7D1,00000000,00000000,00000000,00000000,?,004FD7F8,00000000,00000007,00000000,?,004FDBF5,00000000,00000000), ref: 004F29F0
                                                                              • _free.LIBCMT ref: 004FBD4B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                              • String ID:
                                                                              • API String ID: 1286116820-0
                                                                              • Opcode ID: c309cbd9a15c4b888df5deea674aa59087436db938ef372eef06b937670d4215
                                                                              • Instruction ID: a0982b2818c17c1463db08616169433be0fd1448f87fcceeffdbfd6ad75dfa20
                                                                              • Opcode Fuzzy Hash: c309cbd9a15c4b888df5deea674aa59087436db938ef372eef06b937670d4215
                                                                              • Instruction Fuzzy Hash: 3151D37190021DABCB10EF66DC819BFBBB8EB52310B10426FE610D7291EB749E459B98
                                                                              Function 0052E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0052DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0052CF22,?), ref: 0052DDFD
                                                                                • Part of subcall function 0052DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0052CF22,?), ref: 0052DE16
                                                                                • Part of subcall function 0052E199: GetFileAttributesW.KERNEL32(?,0052CF95), ref: 0052E19A
                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 0052E473
                                                                              • MoveFileW.KERNEL32(?,?), ref: 0052E4AC
                                                                              • _wcslen.LIBCMT ref: 0052E5EB
                                                                              • _wcslen.LIBCMT ref: 0052E603
                                                                              • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0052E650
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                              • String ID:
                                                                              • API String ID: 3183298772-0
                                                                              • Opcode ID: ef5ac70018ab91f8b9ba5de10107e1a8098dc9042c5b5204f14937948a2dd258
                                                                              • Instruction ID: 2e99928e274a35ab91dce91abe998c255259b5880470caa40997612de96b08ae
                                                                              • Opcode Fuzzy Hash: ef5ac70018ab91f8b9ba5de10107e1a8098dc9042c5b5204f14937948a2dd258
                                                                              • Instruction Fuzzy Hash: 895193B24083955BCB24EB90DC859DF77ECAF85344F00092FF689D3191EF35A688876A
                                                                              Function 0054B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                                • Part of subcall function 0054C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0054B6AE,?,?), ref: 0054C9B5
                                                                                • Part of subcall function 0054C998: _wcslen.LIBCMT ref: 0054C9F1
                                                                                • Part of subcall function 0054C998: _wcslen.LIBCMT ref: 0054CA68
                                                                                • Part of subcall function 0054C998: _wcslen.LIBCMT ref: 0054CA9E
                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0054BAA5
                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0054BB00
                                                                              • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0054BB63
                                                                              • RegCloseKey.ADVAPI32(?,?), ref: 0054BBA6
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0054BBB3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                              • String ID:
                                                                              • API String ID: 826366716-0
                                                                              • Opcode ID: fa69016c2433d1dd95e05ca53fc63bd1e40249e3c26967c9dc7b45c29ec378cd
                                                                              • Instruction ID: e332cdffe9617dadd569cf4eaeddfaed002d85d1dde5614548c82d37c27284e5
                                                                              • Opcode Fuzzy Hash: fa69016c2433d1dd95e05ca53fc63bd1e40249e3c26967c9dc7b45c29ec378cd
                                                                              • Instruction Fuzzy Hash: 9F619D31208241AFD714DF24C895E6ABBE5FF8434CF14895DF4998B2A2DB31ED45CB92
                                                                              Function 00528BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VariantInit.OLEAUT32(?), ref: 00528BCD
                                                                              • VariantClear.OLEAUT32 ref: 00528C3E
                                                                              • VariantClear.OLEAUT32 ref: 00528C9D
                                                                              • VariantClear.OLEAUT32(?), ref: 00528D10
                                                                              • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00528D3B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$Clear$ChangeInitType
                                                                              • String ID:
                                                                              • API String ID: 4136290138-0
                                                                              • Opcode ID: 7285004f13bd8eb1298f767e089b8ceef67367577006c44839c0d98348341ad1
                                                                              • Instruction ID: 5e678391acb4bae6fed7bb724a4de0fe41364291edb7fc8ee59600bfa7a309e8
                                                                              • Opcode Fuzzy Hash: 7285004f13bd8eb1298f767e089b8ceef67367577006c44839c0d98348341ad1
                                                                              • Instruction Fuzzy Hash: FF5169B5A01219EFDB10CF68D894EAABBF8FF89310B158559E905EB350E730E915CF90
                                                                              Function 00538AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00538BAE
                                                                              • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00538BDA
                                                                              • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00538C32
                                                                              • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00538C57
                                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00538C5F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: PrivateProfile$SectionWrite$String
                                                                              • String ID:
                                                                              • API String ID: 2832842796-0
                                                                              • Opcode ID: 5c9a6e48a7a4ca17590d10eb56fbed2003ee3ca5cedafd5034a3ee7f605433b8
                                                                              • Instruction ID: b0beb466bdf68e2ac71129c587c054b74b5b70fa3ff479dcd18d022b829ed863
                                                                              • Opcode Fuzzy Hash: 5c9a6e48a7a4ca17590d10eb56fbed2003ee3ca5cedafd5034a3ee7f605433b8
                                                                              • Instruction Fuzzy Hash: D3515939A00219AFCB04DF65C880E69BBF1FF48318F08805DE849AB362CB35ED51DB94
                                                                              Function 00548EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00548F40
                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00548FD0
                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00548FEC
                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00549032
                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00549052
                                                                                • Part of subcall function 004DF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00531043,?,7529E610), ref: 004DF6E6
                                                                                • Part of subcall function 004DF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0051FA64,00000000,00000000,?,?,00531043,?,7529E610,?,0051FA64), ref: 004DF70D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                              • String ID:
                                                                              • API String ID: 666041331-0
                                                                              • Opcode ID: de91786a718153b875b6e8bd342b21b9f4858d484a58ab98cd0b46b5467cfea9
                                                                              • Instruction ID: 0a5dbe486cf3f704593ab04a3a5e1de935c9a6ff0232d45dcfaaccf502e5768f
                                                                              • Opcode Fuzzy Hash: de91786a718153b875b6e8bd342b21b9f4858d484a58ab98cd0b46b5467cfea9
                                                                              • Instruction Fuzzy Hash: CD513939600205EFC711DF69C499DEDBBB1FF59318B048099E80A9B762DB35ED89CB90
                                                                              Function 00556B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00556C33
                                                                              • SetWindowLongW.USER32(?,000000EC,?), ref: 00556C4A
                                                                              • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00556C73
                                                                              • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0053AB79,00000000,00000000), ref: 00556C98
                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00556CC7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Long$MessageSendShow
                                                                              • String ID:
                                                                              • API String ID: 3688381893-0
                                                                              • Opcode ID: c682d6fd82aadb1942a6a1ed45e922a0a471787fbcad1a9568620b735dfb0035
                                                                              • Instruction ID: 17dfa428a81572b9aafd8bc7ecab55f1cc9f20e4b6f2bfbd32d6162ebd54ac98
                                                                              • Opcode Fuzzy Hash: c682d6fd82aadb1942a6a1ed45e922a0a471787fbcad1a9568620b735dfb0035
                                                                              • Instruction Fuzzy Hash: 2D41E735604244AFD724CF68CC64FA97FA4FB09361F95022AFC95AB2E0C371ED48DA40
                                                                              Function 004F2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _free
                                                                              • String ID:
                                                                              • API String ID: 269201875-0
                                                                              • Opcode ID: cc0f194f152fd265fd1b50694eff7bb983870ae9cbd847306bfde7cdeaf6d445
                                                                              • Instruction ID: a38731df60a321bfceb54ba13f91a0b97256d411808e742129f13cf76459c56a
                                                                              • Opcode Fuzzy Hash: cc0f194f152fd265fd1b50694eff7bb983870ae9cbd847306bfde7cdeaf6d445
                                                                              • Instruction Fuzzy Hash: 55410272A002089FCB20DF79CA80A6EB7E1EF89314F15416AE705EB391DA75AD01CB84
                                                                              Function 004D912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCursorPos.USER32(?), ref: 004D9141
                                                                              • ScreenToClient.USER32(00000000,?), ref: 004D915E
                                                                              • GetAsyncKeyState.USER32(00000001), ref: 004D9183
                                                                              • GetAsyncKeyState.USER32(00000002), ref: 004D919D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: AsyncState$ClientCursorScreen
                                                                              • String ID:
                                                                              • API String ID: 4210589936-0
                                                                              • Opcode ID: f31b1fc97165ef946bbd2906188b0921b93b8b208c6a330ac7926c91ac7723cf
                                                                              • Instruction ID: ff5f18e69fd31916743009a175a47c11258116ebdd149a315473087dadc7b436
                                                                              • Opcode Fuzzy Hash: f31b1fc97165ef946bbd2906188b0921b93b8b208c6a330ac7926c91ac7723cf
                                                                              • Instruction Fuzzy Hash: 7741627190860BFBEF159F68C858BEEBB74FB09324F20421AE425A3290C7346D94DB55
                                                                              Function 00533874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetInputState.USER32 ref: 005338CB
                                                                              • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00533922
                                                                              • TranslateMessage.USER32(?), ref: 0053394B
                                                                              • DispatchMessageW.USER32(?), ref: 00533955
                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00533966
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                              • String ID:
                                                                              • API String ID: 2256411358-0
                                                                              • Opcode ID: 9ea6674ca8c5207efa2bb7ee55a835b44431cd823cc6346608c1ebf892b1d290
                                                                              • Instruction ID: be0a1edb1c37641d01fa8947bae7f0d535e221e193c69e9ebe2707164bf140ab
                                                                              • Opcode Fuzzy Hash: 9ea6674ca8c5207efa2bb7ee55a835b44431cd823cc6346608c1ebf892b1d290
                                                                              • Instruction Fuzzy Hash: 4B31F571904752DEEB35CF759849BB67FA8FB25340F04086EE462C60A0E3B49A89EB11
                                                                              Function 0053CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0053CF38
                                                                              • InternetReadFile.WININET(?,00000000,?,?), ref: 0053CF6F
                                                                              • GetLastError.KERNEL32(?,00000000,?,?,?,0053C21E,00000000), ref: 0053CFB4
                                                                              • SetEvent.KERNEL32(?,?,00000000,?,?,?,0053C21E,00000000), ref: 0053CFC8
                                                                              • SetEvent.KERNEL32(?,?,00000000,?,?,?,0053C21E,00000000), ref: 0053CFF2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                              • String ID:
                                                                              • API String ID: 3191363074-0
                                                                              • Opcode ID: 1c390e915db5e4b0022faeea4e346be4b80f1592bb658707f540cdc3ff1c96d4
                                                                              • Instruction ID: 2d4c570a4da2f0f47978be745c99b17ad87f3c9332a3f8fb86d7ddea6cddc769
                                                                              • Opcode Fuzzy Hash: 1c390e915db5e4b0022faeea4e346be4b80f1592bb658707f540cdc3ff1c96d4
                                                                              • Instruction Fuzzy Hash: 1F314771600705AFDB20DFA6C884AABBFFAFB14355F10442EF506E2241EB30AE45DB60
                                                                              Function 00521901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowRect.USER32(?,?), ref: 00521915
                                                                              • PostMessageW.USER32(00000001,00000201,00000001), ref: 005219C1
                                                                              • Sleep.KERNEL32(00000000,?,?,?), ref: 005219C9
                                                                              • PostMessageW.USER32(00000001,00000202,00000000), ref: 005219DA
                                                                              • Sleep.KERNEL32(00000000,?,?,?,?), ref: 005219E2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessagePostSleep$RectWindow
                                                                              • String ID:
                                                                              • API String ID: 3382505437-0
                                                                              • Opcode ID: a1a9b343c6af8c2158bd76fddc8f08531a8778de0832cc061b7b21830b3dd613
                                                                              • Instruction ID: 62993103e45b64cd91a9cff595e1f472a39f152c8efd393be6441c51165de757
                                                                              • Opcode Fuzzy Hash: a1a9b343c6af8c2158bd76fddc8f08531a8778de0832cc061b7b21830b3dd613
                                                                              • Instruction Fuzzy Hash: 1631BE71900629EFCB00CFA8D998A9E3FB5FF15315F104225F921AB2D0C7709A84DB90
                                                                              Function 00555706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00555745
                                                                              • SendMessageW.USER32(?,00001074,?,00000001), ref: 0055579D
                                                                              • _wcslen.LIBCMT ref: 005557AF
                                                                              • _wcslen.LIBCMT ref: 005557BA
                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00555816
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$_wcslen
                                                                              • String ID:
                                                                              • API String ID: 763830540-0
                                                                              • Opcode ID: d03b4b8569c3e5f9d508e892f4937253c372f26c9c7d11cc88a561cad5c33f2c
                                                                              • Instruction ID: 0966b290f7773398768942c3f2fa31a9410ec1e126493f08a1aff7de66a9d92f
                                                                              • Opcode Fuzzy Hash: d03b4b8569c3e5f9d508e892f4937253c372f26c9c7d11cc88a561cad5c33f2c
                                                                              • Instruction Fuzzy Hash: F421A571904618DADF208FA5CCA4AED7FB8FF54326F108617ED19EA180E7748A89CF50
                                                                              Function 00540930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsWindow.USER32(00000000), ref: 00540951
                                                                              • GetForegroundWindow.USER32 ref: 00540968
                                                                              • GetDC.USER32(00000000), ref: 005409A4
                                                                              • GetPixel.GDI32(00000000,?,00000003), ref: 005409B0
                                                                              • ReleaseDC.USER32(00000000,00000003), ref: 005409E8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ForegroundPixelRelease
                                                                              • String ID:
                                                                              • API String ID: 4156661090-0
                                                                              • Opcode ID: dbb7bc3f0a6e2430b591b1d720bf7a45a14b7d9757a53b353633977da19e2de7
                                                                              • Instruction ID: 55eb4ea93d1fc74110aa8b922c7b7df9d94a4c255b3c9c081330c1a315521f28
                                                                              • Opcode Fuzzy Hash: dbb7bc3f0a6e2430b591b1d720bf7a45a14b7d9757a53b353633977da19e2de7
                                                                              • Instruction Fuzzy Hash: 2C219F35600214AFD704EF69C899AAEBFE9FF58705F10846DE84A97392CB30AD04DB90
                                                                              Function 004FCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 004FCDC6
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004FCDE9
                                                                                • Part of subcall function 004F3820: RtlAllocateHeap.NTDLL(00000000,?,00591444,?,004DFDF5,?,?,004CA976,00000010,00591440,004C13FC,?,004C13C6,?,004C1129), ref: 004F3852
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 004FCE0F
                                                                              • _free.LIBCMT ref: 004FCE22
                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004FCE31
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                              • String ID:
                                                                              • API String ID: 336800556-0
                                                                              • Opcode ID: fe62c3b1c753ae28ec1a94793521611f7839cda07a39e0c43c72a6c874959386
                                                                              • Instruction ID: 9db0c5f712fb31ab0cc8bd28b737348fdd62b38815f9490d5fbaf2f045e0d6d7
                                                                              • Opcode Fuzzy Hash: fe62c3b1c753ae28ec1a94793521611f7839cda07a39e0c43c72a6c874959386
                                                                              • Instruction Fuzzy Hash: 1A018472A0171D7F23211AB66DC8DBB6D6DDEC6BA2315012FFA05C7301EA698D0291F8
                                                                              Function 004D9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 004D9693
                                                                              • SelectObject.GDI32(?,00000000), ref: 004D96A2
                                                                              • BeginPath.GDI32(?), ref: 004D96B9
                                                                              • SelectObject.GDI32(?,00000000), ref: 004D96E2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ObjectSelect$BeginCreatePath
                                                                              • String ID:
                                                                              • API String ID: 3225163088-0
                                                                              • Opcode ID: 48fca98c9bef5125a61683242bf45d09d7e740b120bed5595d87f72d2cf463c3
                                                                              • Instruction ID: 47d3d0a7f18eac1ce7b519bcd8dd6b38b01b637a861b4033677fcbecbf64d2e8
                                                                              • Opcode Fuzzy Hash: 48fca98c9bef5125a61683242bf45d09d7e740b120bed5595d87f72d2cf463c3
                                                                              • Instruction Fuzzy Hash: 59216D3080271AEFDB119F65DC287AE3FA8BB20356F154217F411A62B0D3749C99EB98
                                                                              Function 00525711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _memcmp
                                                                              • String ID:
                                                                              • API String ID: 2931989736-0
                                                                              • Opcode ID: 349755cb6b5fc443db862548fcc28d386ab92784ed055056ddb84cbb1d013227
                                                                              • Instruction ID: 39a031174718b78ebad9666bafc9340cbdbf5e66437a5ccb714c11937f42b524
                                                                              • Opcode Fuzzy Hash: 349755cb6b5fc443db862548fcc28d386ab92784ed055056ddb84cbb1d013227
                                                                              • Instruction Fuzzy Hash: 1F01DB716C1655BBE2085112AD81EBB774CFF223EAB040036FD045A581F630ED1482A4
                                                                              Function 004F2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,?,004EF2DE,004F3863,00591444,?,004DFDF5,?,?,004CA976,00000010,00591440,004C13FC,?,004C13C6), ref: 004F2DFD
                                                                              • _free.LIBCMT ref: 004F2E32
                                                                              • _free.LIBCMT ref: 004F2E59
                                                                              • SetLastError.KERNEL32(00000000,004C1129), ref: 004F2E66
                                                                              • SetLastError.KERNEL32(00000000,004C1129), ref: 004F2E6F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$_free
                                                                              • String ID:
                                                                              • API String ID: 3170660625-0
                                                                              • Opcode ID: 09c6d4b6cac31a0a4826426868ffe09906fe27fb27643af51e9e6ff73492afae
                                                                              • Instruction ID: 16a4c5925b5b49042560e830f938d200d730b34fb845fbecedf46b53ff6c0bf6
                                                                              • Opcode Fuzzy Hash: 09c6d4b6cac31a0a4826426868ffe09906fe27fb27643af51e9e6ff73492afae
                                                                              • Instruction Fuzzy Hash: 5A01497224070C2BC61227756E45D3B1D59ABE177A732042FFB24A22D2EEFC8D055128
                                                                              Function 0052000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0051FF41,80070057,?,?,?,0052035E), ref: 0052002B
                                                                              • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0051FF41,80070057,?,?), ref: 00520046
                                                                              • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0051FF41,80070057,?,?), ref: 00520054
                                                                              • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0051FF41,80070057,?), ref: 00520064
                                                                              • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0051FF41,80070057,?,?), ref: 00520070
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                              • String ID:
                                                                              • API String ID: 3897988419-0
                                                                              • Opcode ID: 10077e5fc978640c322ee6289edb8fd70e27a43ffd5686ecda0651f664c6d012
                                                                              • Instruction ID: 96d14705cdf10aa083a54411e85aef329eafefd999bdabd7e8b415c1936fe405
                                                                              • Opcode Fuzzy Hash: 10077e5fc978640c322ee6289edb8fd70e27a43ffd5686ecda0651f664c6d012
                                                                              • Instruction Fuzzy Hash: EF018B72601324BFEB104F69EC48BBA7EADFF44792F145124F905D22A1E771DD44ABA0
                                                                              Function 0052E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0052E997
                                                                              • QueryPerformanceFrequency.KERNEL32(?), ref: 0052E9A5
                                                                              • Sleep.KERNEL32(00000000), ref: 0052E9AD
                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0052E9B7
                                                                              • Sleep.KERNEL32 ref: 0052E9F3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                              • String ID:
                                                                              • API String ID: 2833360925-0
                                                                              • Opcode ID: 9b6af60fe79ca6ad291c9fdc6f284504bcf6daa92cb2fe2254d0695513dc602c
                                                                              • Instruction ID: d48c9e4f6e20447099c53eedb149f784b3467c0486e391b1119d53e2cd03e8cf
                                                                              • Opcode Fuzzy Hash: 9b6af60fe79ca6ad291c9fdc6f284504bcf6daa92cb2fe2254d0695513dc602c
                                                                              • Instruction Fuzzy Hash: 76011B31C01A39DBCF00ABE5E86A6DDBF78BF1A701F000556E502B2281CB349598D7A1
                                                                              Function 005210F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00521114
                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,00520B9B,?,?,?), ref: 00521120
                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00520B9B,?,?,?), ref: 0052112F
                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00520B9B,?,?,?), ref: 00521136
                                                                              • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0052114D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                              • String ID:
                                                                              • API String ID: 842720411-0
                                                                              • Opcode ID: 4f18a42d2aec5f431b62e7b9a3fe5e4d4b07710b60afb0c3b1b7a3d8d1d85918
                                                                              • Instruction ID: b73f00063c051695bb2987505a44ce8a1e897ae297a49bfa804b900663a6e8c2
                                                                              • Opcode Fuzzy Hash: 4f18a42d2aec5f431b62e7b9a3fe5e4d4b07710b60afb0c3b1b7a3d8d1d85918
                                                                              • Instruction Fuzzy Hash: 74016975200715BFDB114FA4EC59A6B3FAEFF9A3A1B200418FA41D3360EA31DC10EA60
                                                                              Function 00520FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00520FCA
                                                                              • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00520FD6
                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00520FE5
                                                                              • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00520FEC
                                                                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00521002
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                              • String ID:
                                                                              • API String ID: 44706859-0
                                                                              • Opcode ID: da6e2b9add43cc0a52f24151d1b21908037eee59bf9544e378bb5ce3cf06909d
                                                                              • Instruction ID: 0f6e6edc7d2eb63275d369945f9a829fa4d8383373b211cb41818852273a33da
                                                                              • Opcode Fuzzy Hash: da6e2b9add43cc0a52f24151d1b21908037eee59bf9544e378bb5ce3cf06909d
                                                                              • Instruction Fuzzy Hash: D5F0A935200715AFDB210FA5AC5DF5B3FADFFAA762F100414FA06C62A0DA30DC84DA60
                                                                              Function 00521014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0052102A
                                                                              • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00521036
                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00521045
                                                                              • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0052104C
                                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00521062
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                              • String ID:
                                                                              • API String ID: 44706859-0
                                                                              • Opcode ID: e681d382de197852a09a432c2bb840b7d365afc8cd4714169bc9ff56f0d0eb66
                                                                              • Instruction ID: 491b3bda86235aa8416e343e788f4d508a44d2c0ad2c0fae6d0a3a60eadda997
                                                                              • Opcode Fuzzy Hash: e681d382de197852a09a432c2bb840b7d365afc8cd4714169bc9ff56f0d0eb66
                                                                              • Instruction Fuzzy Hash: E0F0A935200715AFDB211FA6EC5CF5B3FADFFAA762F100414FA06C62A0CA30D880DA60
                                                                              Function 0053030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CloseHandle.KERNEL32(?,?,?,?,0053017D,?,005332FC,?,00000001,00502592,?), ref: 00530324
                                                                              • CloseHandle.KERNEL32(?,?,?,?,0053017D,?,005332FC,?,00000001,00502592,?), ref: 00530331
                                                                              • CloseHandle.KERNEL32(?,?,?,?,0053017D,?,005332FC,?,00000001,00502592,?), ref: 0053033E
                                                                              • CloseHandle.KERNEL32(?,?,?,?,0053017D,?,005332FC,?,00000001,00502592,?), ref: 0053034B
                                                                              • CloseHandle.KERNEL32(?,?,?,?,0053017D,?,005332FC,?,00000001,00502592,?), ref: 00530358
                                                                              • CloseHandle.KERNEL32(?,?,?,?,0053017D,?,005332FC,?,00000001,00502592,?), ref: 00530365
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandle
                                                                              • String ID:
                                                                              • API String ID: 2962429428-0
                                                                              • Opcode ID: b030a1691d7a3411410c96a57721d5a0175461cb15dc779172d9a9e190e50a20
                                                                              • Instruction ID: 173fec68bd57c4c69693f5ffdff4c53143d9fcf7b06ade59d6800674a89f97ff
                                                                              • Opcode Fuzzy Hash: b030a1691d7a3411410c96a57721d5a0175461cb15dc779172d9a9e190e50a20
                                                                              • Instruction Fuzzy Hash: 10019C72800B159FCB30AF66D8A0816FBF9BF603163159E3ED19652971C3B1A998DE80
                                                                              Function 004FD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _free.LIBCMT ref: 004FD752
                                                                                • Part of subcall function 004F29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004FD7D1,00000000,00000000,00000000,00000000,?,004FD7F8,00000000,00000007,00000000,?,004FDBF5,00000000), ref: 004F29DE
                                                                                • Part of subcall function 004F29C8: GetLastError.KERNEL32(00000000,?,004FD7D1,00000000,00000000,00000000,00000000,?,004FD7F8,00000000,00000007,00000000,?,004FDBF5,00000000,00000000), ref: 004F29F0
                                                                              • _free.LIBCMT ref: 004FD764
                                                                              • _free.LIBCMT ref: 004FD776
                                                                              • _free.LIBCMT ref: 004FD788
                                                                              • _free.LIBCMT ref: 004FD79A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                              • String ID:
                                                                              • API String ID: 776569668-0
                                                                              • Opcode ID: 596c3dde041fed9eab88b6d13ec9a56a011ed3f92e9d0192e8cc46a52d1b3aaa
                                                                              • Instruction ID: 581ce3e82f503a8426ec592773aecb04a4763225fc21d769b791699dee6b253c
                                                                              • Opcode Fuzzy Hash: 596c3dde041fed9eab88b6d13ec9a56a011ed3f92e9d0192e8cc46a52d1b3aaa
                                                                              • Instruction Fuzzy Hash: 04F044B2A8020D6B8611FB55F9C1C277BDEBB04310794180BF645EB612C778FC405B78
                                                                              Function 00525C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00525C58
                                                                              • GetWindowTextW.USER32(00000000,?,00000100), ref: 00525C6F
                                                                              • MessageBeep.USER32(00000000), ref: 00525C87
                                                                              • KillTimer.USER32(?,0000040A), ref: 00525CA3
                                                                              • EndDialog.USER32(?,00000001), ref: 00525CBD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                              • String ID:
                                                                              • API String ID: 3741023627-0
                                                                              • Opcode ID: 6324dfd66c067c524c17e6435f5f745971fd8abce3d439b234320a8d88d5f912
                                                                              • Instruction ID: b77438dcd70184367df991bd2a8e94ce94ae2b85ac1be4927acd2839b4cc1b03
                                                                              • Opcode Fuzzy Hash: 6324dfd66c067c524c17e6435f5f745971fd8abce3d439b234320a8d88d5f912
                                                                              • Instruction Fuzzy Hash: 96018130500B14AFEB215B14ED5EFA67FB8FF15B06F000559A583B14E1FBF4AE889A90
                                                                              Function 004F22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _free.LIBCMT ref: 004F22BE
                                                                                • Part of subcall function 004F29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,004FD7D1,00000000,00000000,00000000,00000000,?,004FD7F8,00000000,00000007,00000000,?,004FDBF5,00000000), ref: 004F29DE
                                                                                • Part of subcall function 004F29C8: GetLastError.KERNEL32(00000000,?,004FD7D1,00000000,00000000,00000000,00000000,?,004FD7F8,00000000,00000007,00000000,?,004FDBF5,00000000,00000000), ref: 004F29F0
                                                                              • _free.LIBCMT ref: 004F22D0
                                                                              • _free.LIBCMT ref: 004F22E3
                                                                              • _free.LIBCMT ref: 004F22F4
                                                                              • _free.LIBCMT ref: 004F2305
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                              • String ID:
                                                                              • API String ID: 776569668-0
                                                                              • Opcode ID: c8f41238f30e0d27e4da8bcaa6a966d6a24194cb99685c425efc5ecad2162049
                                                                              • Instruction ID: d318643fbe7bbc59b232fa1a74a3d376b191c985c84da083074e6b0b963ba66f
                                                                              • Opcode Fuzzy Hash: c8f41238f30e0d27e4da8bcaa6a966d6a24194cb99685c425efc5ecad2162049
                                                                              • Instruction Fuzzy Hash: 2FF030F95805268BCA12BF56BD01C293F64B739760702250BF514D73B1C7B80515BFAC
                                                                              Function 004D95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EndPath.GDI32(?), ref: 004D95D4
                                                                              • StrokeAndFillPath.GDI32(?,?,005171F7,00000000,?,?,?), ref: 004D95F0
                                                                              • SelectObject.GDI32(?,00000000), ref: 004D9603
                                                                              • DeleteObject.GDI32 ref: 004D9616
                                                                              • StrokePath.GDI32(?), ref: 004D9631
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                              • String ID:
                                                                              • API String ID: 2625713937-0
                                                                              • Opcode ID: 3206e97d235768c62de4a4bc325d5873d19ab52509939e16cfde371c46d9b151
                                                                              • Instruction ID: 5bcd39f2d0a2726ff54e85ac4c1c741239f0f6ff66bdeaa364e341944be28b7c
                                                                              • Opcode Fuzzy Hash: 3206e97d235768c62de4a4bc325d5873d19ab52509939e16cfde371c46d9b151
                                                                              • Instruction Fuzzy Hash: 90F03C31005B09EFDB165F65ED2C7693F61EB20362F048217F425952F0C7358999EF28
                                                                              Function 004F0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: __freea$_free
                                                                              • String ID: a/p$am/pm
                                                                              • API String ID: 3432400110-3206640213
                                                                              • Opcode ID: 7bb3e6daf1bbc379fbcdfa34943772da685c8ff9337845889b8db929a21cb4d6
                                                                              • Instruction ID: b4c9acce23eec1c81652a55326360b8594be13b7163bd8d3ece4be3fdccc94c5
                                                                              • Opcode Fuzzy Hash: 7bb3e6daf1bbc379fbcdfa34943772da685c8ff9337845889b8db929a21cb4d6
                                                                              • Instruction Fuzzy Hash: D0D1F33190020EDAEB289F68C855BBBB7B1EF05300F18415BEB01ABB61D77D9D81CB59
                                                                              Function 005461D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004E0242: EnterCriticalSection.KERNEL32(0059070C,00591884,?,?,004D198B,00592518,?,?,?,004C12F9,00000000), ref: 004E024D
                                                                                • Part of subcall function 004E0242: LeaveCriticalSection.KERNEL32(0059070C,?,004D198B,00592518,?,?,?,004C12F9,00000000), ref: 004E028A
                                                                                • Part of subcall function 004E00A3: __onexit.LIBCMT ref: 004E00A9
                                                                              • __Init_thread_footer.LIBCMT ref: 00546238
                                                                                • Part of subcall function 004E01F8: EnterCriticalSection.KERNEL32(0059070C,?,?,004D8747,00592514), ref: 004E0202
                                                                                • Part of subcall function 004E01F8: LeaveCriticalSection.KERNEL32(0059070C,?,004D8747,00592514), ref: 004E0235
                                                                                • Part of subcall function 0053359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 005335E4
                                                                                • Part of subcall function 0053359C: LoadStringW.USER32(00592390,?,00000FFF,?), ref: 0053360A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                              • String ID: x#Y$x#Y$x#Y
                                                                              • API String ID: 1072379062-2597452502
                                                                              • Opcode ID: db8bd6e97b22cc65bbccb96041c39d67e74e69382922595ebebd0536d1c3dc4d
                                                                              • Instruction ID: 7b9deb7e81c467795f439c5fdfbec774e60891c737e769f9a2fb1e6b1c51ec16
                                                                              • Opcode Fuzzy Hash: db8bd6e97b22cc65bbccb96041c39d67e74e69382922595ebebd0536d1c3dc4d
                                                                              • Instruction Fuzzy Hash: 37C18A75A00105AFCB14EF98C894EEEBBB9FF49308F14846EE9059B291DB74ED44CB91
                                                                              Function 004F5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: JOL
                                                                              • API String ID: 0-2328334197
                                                                              • Opcode ID: e2a0648246a751c325bd2b3b3af5ecd2291d353ae9bd11c6c016116e2a36574f
                                                                              • Instruction ID: 556217bba725121a6d3088d8f2dbddf63fad0fdfe36df85b3a60d8920d0c3350
                                                                              • Opcode Fuzzy Hash: e2a0648246a751c325bd2b3b3af5ecd2291d353ae9bd11c6c016116e2a36574f
                                                                              • Instruction Fuzzy Hash: D551CF71D00A4D9FCB209FA6C845ABFBBB4AF05314F14005BF705A7291D7399A029B6A
                                                                              Function 004F8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 004F8B6E
                                                                              • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 004F8B7A
                                                                              • __dosmaperr.LIBCMT ref: 004F8B81
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                              • String ID: .N
                                                                              • API String ID: 2434981716-952250969
                                                                              • Opcode ID: 8eb842846ff89706e4cd34768a01ac7eedaa0cfa4fdc2ed89cc7b2b15bc63dd2
                                                                              • Instruction ID: 859e02f78fe61e38e0e1c194d3ddd6b36a9cfc21dffb15c49c5a254090805267
                                                                              • Opcode Fuzzy Hash: 8eb842846ff89706e4cd34768a01ac7eedaa0cfa4fdc2ed89cc7b2b15bc63dd2
                                                                              • Instruction Fuzzy Hash: 6741AE71A0414DAFCB249F25DC81A7E7FA5DB86304B28459FFA858F242DE39DC039758
                                                                              Function 00522716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0052B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,005221D0,?,?,00000034,00000800,?,00000034), ref: 0052B42D
                                                                              • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00522760
                                                                                • Part of subcall function 0052B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,005221FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0052B3F8
                                                                                • Part of subcall function 0052B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0052B355
                                                                                • Part of subcall function 0052B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00522194,00000034,?,?,00001004,00000000,00000000), ref: 0052B365
                                                                                • Part of subcall function 0052B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00522194,00000034,?,?,00001004,00000000,00000000), ref: 0052B37B
                                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 005227CD
                                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0052281A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                              • String ID: @
                                                                              • API String ID: 4150878124-2766056989
                                                                              • Opcode ID: a70dd80543b7b4a4414c9347c7fe6e3d976c064ca50b39a2a68682b030434677
                                                                              • Instruction ID: 6995fdb0421acdb4936788879cce3a0f01ac8bd42703a09f4f7ef47b6933fa72
                                                                              • Opcode Fuzzy Hash: a70dd80543b7b4a4414c9347c7fe6e3d976c064ca50b39a2a68682b030434677
                                                                              • Instruction Fuzzy Hash: B1414D76900229BFDB10DBA4DC85ADEBBB8FF46300F104459FA55B7181DB706E45CBA0
                                                                              Function 004F172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 004F1769
                                                                              • _free.LIBCMT ref: 004F1834
                                                                              • _free.LIBCMT ref: 004F183E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _free$FileModuleName
                                                                              • String ID: C:\Users\user\Desktop\file.exe
                                                                              • API String ID: 2506810119-517116171
                                                                              • Opcode ID: 3d9ba1c4732056aea22f4a9b7b8a0c5bd26b640672842be9ca4ea8abf87114de
                                                                              • Instruction ID: 356f025c4c5f269736b8798b4f1c187f8766590d0b1af31a49ac296e966fb376
                                                                              • Opcode Fuzzy Hash: 3d9ba1c4732056aea22f4a9b7b8a0c5bd26b640672842be9ca4ea8abf87114de
                                                                              • Instruction Fuzzy Hash: 4431B175A0021CEFCB21EB9A9980DAFBBFCEB94350F10416BE60497321D6B44A44CB98
                                                                              Function 0052C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0052C306
                                                                              • DeleteMenu.USER32(?,00000007,00000000), ref: 0052C34C
                                                                              • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00591990,01114978), ref: 0052C395
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$Delete$InfoItem
                                                                              • String ID: 0
                                                                              • API String ID: 135850232-4108050209
                                                                              • Opcode ID: 2a29fb012cd521f3a3e7a7702b2483c76db90571fee6932e0c89dfb06ca6799c
                                                                              • Instruction ID: 50d2581a000b23f0cf9e9a61727b13aed0cc846f544fd5418eb0645e3f3ecc74
                                                                              • Opcode Fuzzy Hash: 2a29fb012cd521f3a3e7a7702b2483c76db90571fee6932e0c89dfb06ca6799c
                                                                              • Instruction Fuzzy Hash: 23418D312043529FD720DF25E884B5EBFA4BFA6310F108E1DE9A5972D2D770A904CB52
                                                                              Function 00554416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0055CC08,00000000,?,?,?,?), ref: 005544AA
                                                                              • GetWindowLongW.USER32 ref: 005544C7
                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 005544D7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Long
                                                                              • String ID: SysTreeView32
                                                                              • API String ID: 847901565-1698111956
                                                                              • Opcode ID: 16216a579b2cdbc8f36bfb67e5c15866dceaaba88b7052741a07fb1b54720686
                                                                              • Instruction ID: a8a46511ba8cb09a8bd2d793e267800fece40193034a87ac4318854ae73968bc
                                                                              • Opcode Fuzzy Hash: 16216a579b2cdbc8f36bfb67e5c15866dceaaba88b7052741a07fb1b54720686
                                                                              • Instruction Fuzzy Hash: 1731BE31240205AFDF218E38DC55BEA7BA9FB08329F20431AFD75A21D0D770EC949B50
                                                                              Function 00526E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SysReAllocString.OLEAUT32(?,?), ref: 00526EED
                                                                              • VariantCopyInd.OLEAUT32(?,?), ref: 00526F08
                                                                              • VariantClear.OLEAUT32(?), ref: 00526F12
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$AllocClearCopyString
                                                                              • String ID: *jR
                                                                              • API String ID: 2173805711-3505170897
                                                                              • Opcode ID: a206ebf9458bd3aa97a122a75645e4f65cfae949e5df26226c551b8c175c13f3
                                                                              • Instruction ID: dfdede91a3dc7169d0351914759928ec9d82af12daf27d8cfe823777bdc8d448
                                                                              • Opcode Fuzzy Hash: a206ebf9458bd3aa97a122a75645e4f65cfae949e5df26226c551b8c175c13f3
                                                                              • Instruction Fuzzy Hash: D0319E76604265DFCF05AFA5E951DBE3BB5FF86308B10089DF8024B2A1C7349952DBD4
                                                                              Function 0054304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0054335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00543077,?,?), ref: 00543378
                                                                              • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0054307A
                                                                              • _wcslen.LIBCMT ref: 0054309B
                                                                              • htons.WSOCK32(00000000,?,?,00000000), ref: 00543106
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                              • String ID: 255.255.255.255
                                                                              • API String ID: 946324512-2422070025
                                                                              • Opcode ID: 15d3b1d22e0d5e921037874d3de5db8b7f1c069b13a06c492f931dc94eb8aaf4
                                                                              • Instruction ID: cfd171d4e1c600b8ca69be0619215b39ee3f8474f3f54a8f670bb56b13b5ae71
                                                                              • Opcode Fuzzy Hash: 15d3b1d22e0d5e921037874d3de5db8b7f1c069b13a06c492f931dc94eb8aaf4
                                                                              • Instruction Fuzzy Hash: FB31B0396002019FDB14CF69C489EAA7BE0FF5431CF248599E9199B3A2DB72EE45C760
                                                                              Function 00553EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00553F40
                                                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00553F54
                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00553F78
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$Window
                                                                              • String ID: SysMonthCal32
                                                                              • API String ID: 2326795674-1439706946
                                                                              • Opcode ID: ca5217094d939db41734ca3f4853bb7d672b9c132be0e8a92e0be1629695c66b
                                                                              • Instruction ID: 577d313b982e983c8e05847071f1d3a25b25ee19439ed45faf8c5ab60c54b3dd
                                                                              • Opcode Fuzzy Hash: ca5217094d939db41734ca3f4853bb7d672b9c132be0e8a92e0be1629695c66b
                                                                              • Instruction Fuzzy Hash: A421CC32600219BBDF118E90CC56FEA3F79FF48754F110215FE096B180D6B5A958DBA0
                                                                              Function 00554653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00554705
                                                                              • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00554713
                                                                              • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0055471A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$DestroyWindow
                                                                              • String ID: msctls_updown32
                                                                              • API String ID: 4014797782-2298589950
                                                                              • Opcode ID: 9bb3659b73394456978e9e55255f3bd984cde80dff9e10cfd01a18ce4855435a
                                                                              • Instruction ID: 4e7c0b8b0a4fcf1bbe5b04712e5855bb7c528d77516fd0d656a72ec853dcfecc
                                                                              • Opcode Fuzzy Hash: 9bb3659b73394456978e9e55255f3bd984cde80dff9e10cfd01a18ce4855435a
                                                                              • Instruction Fuzzy Hash: A92190B5600209AFDB10DF69DCD5DB73BADFB5A399B00044AFA019B291CB30EC56DB60
                                                                              Function 005295AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen
                                                                              • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                              • API String ID: 176396367-2734436370
                                                                              • Opcode ID: 0bd2fffd82c5f3159d6cd47b189aa7a873779f5b59bd04d1d1cc73b5f2128780
                                                                              • Instruction ID: a6333f2d68f754dda4306f527cd0f490e2230b169f76b8c3c6cabe0bc9e0fae0
                                                                              • Opcode Fuzzy Hash: 0bd2fffd82c5f3159d6cd47b189aa7a873779f5b59bd04d1d1cc73b5f2128780
                                                                              • Instruction Fuzzy Hash: E121387230416066D731AA2AEC12FB77BD8BF92314F10442FF949972C1EB59AD45C3D9
                                                                              Function 005537B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00553840
                                                                              • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00553850
                                                                              • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00553876
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend$MoveWindow
                                                                              • String ID: Listbox
                                                                              • API String ID: 3315199576-2633736733
                                                                              • Opcode ID: 6864e2ebafb7af5583c071c83f660fb9ca54f05ac04e810b5bdcd4389cbe2ff2
                                                                              • Instruction ID: 4b547bf6bd82ec3bfcd1dc2c9d8fb80febb19fbdec29286bb190ce5c812ef628
                                                                              • Opcode Fuzzy Hash: 6864e2ebafb7af5583c071c83f660fb9ca54f05ac04e810b5bdcd4389cbe2ff2
                                                                              • Instruction Fuzzy Hash: 7121D072610218BBEB118FA4CC50FBB3B6EFF89791F108125F904AB190C671DD169BA0
                                                                              Function 005349F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetErrorMode.KERNEL32(00000001), ref: 00534A08
                                                                              • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00534A5C
                                                                              • SetErrorMode.KERNEL32(00000000,?,?,0055CC08), ref: 00534AD0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorMode$InformationVolume
                                                                              • String ID: %lu
                                                                              • API String ID: 2507767853-685833217
                                                                              • Opcode ID: 7373f6d525ef9a756b1a72f8f4019855cb2be1911752872f4ed5639aed3b3cbb
                                                                              • Instruction ID: 66a185cbddc2f7c3ffa0a6d3118b7c9b66d9376751b2f3502303596dd87c0423
                                                                              • Opcode Fuzzy Hash: 7373f6d525ef9a756b1a72f8f4019855cb2be1911752872f4ed5639aed3b3cbb
                                                                              • Instruction Fuzzy Hash: 11314C75A00209AFDB10DF54C885EAA7BF8EF08308F1480A9F909DB252D775ED45CB61
                                                                              Function 005541EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0055424F
                                                                              • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00554264
                                                                              • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00554271
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID: msctls_trackbar32
                                                                              • API String ID: 3850602802-1010561917
                                                                              • Opcode ID: d3056bf15130b98fa2e6c17815b8ae3da16c00d51fb354d230d362ec5d5ac73d
                                                                              • Instruction ID: 84cd09afdc7c00aa2efd8d1d3761f3a195e3f1d2480ddda0f6f275d6f233531b
                                                                              • Opcode Fuzzy Hash: d3056bf15130b98fa2e6c17815b8ae3da16c00d51fb354d230d362ec5d5ac73d
                                                                              • Instruction Fuzzy Hash: C811E331240208BEEF205E69CC06FAB3BACFF95B59F114515FE55E6090D271D8519B20
                                                                              Function 00522F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C6B57: _wcslen.LIBCMT ref: 004C6B6A
                                                                                • Part of subcall function 00522DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00522DC5
                                                                                • Part of subcall function 00522DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00522DD6
                                                                                • Part of subcall function 00522DA7: GetCurrentThreadId.KERNEL32 ref: 00522DDD
                                                                                • Part of subcall function 00522DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00522DE4
                                                                              • GetFocus.USER32 ref: 00522F78
                                                                                • Part of subcall function 00522DEE: GetParent.USER32(00000000), ref: 00522DF9
                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 00522FC3
                                                                              • EnumChildWindows.USER32(?,0052303B), ref: 00522FEB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                              • String ID: %s%d
                                                                              • API String ID: 1272988791-1110647743
                                                                              • Opcode ID: b738ace435a09e67e0d071c557d4c826cf849db2684fa82dde7f5d8f6d8fab3b
                                                                              • Instruction ID: ea124f86a469ada4855e8dad1e50608a194516c4d8c70c600a8dc47ed6f7b09d
                                                                              • Opcode Fuzzy Hash: b738ace435a09e67e0d071c557d4c826cf849db2684fa82dde7f5d8f6d8fab3b
                                                                              • Instruction Fuzzy Hash: 8211D5752002156BCF54BF749C99EED3B6ABF95304F04807AB9099B192DE346A498B70
                                                                              Function 00555882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 005558C1
                                                                              • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 005558EE
                                                                              • DrawMenuBar.USER32(?), ref: 005558FD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Menu$InfoItem$Draw
                                                                              • String ID: 0
                                                                              • API String ID: 3227129158-4108050209
                                                                              • Opcode ID: 0c611bd9921b712bdfe22a5d10d8c3ba1d4a0bf1b67e6256cf2fc6ad4fd0dfdd
                                                                              • Instruction ID: c239a2434ab914bd58a5cc7438cb2672ec2ffb4704742d5eec1c2d3223f8c409
                                                                              • Opcode Fuzzy Hash: 0c611bd9921b712bdfe22a5d10d8c3ba1d4a0bf1b67e6256cf2fc6ad4fd0dfdd
                                                                              • Instruction Fuzzy Hash: 6F016531500218DFDB219F51DC64BAE7FB4FB45362F10809AF849D6151EB349A88EF61
                                                                              Function 0051D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0051D3BF
                                                                              • FreeLibrary.KERNEL32 ref: 0051D3E5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: AddressFreeLibraryProc
                                                                              • String ID: GetSystemWow64DirectoryW$X64
                                                                              • API String ID: 3013587201-2590602151
                                                                              • Opcode ID: 3757692cbdeccdb91bb0175fab81f8238fd8ef55db4ddfde5c5f499ea44d34f1
                                                                              • Instruction ID: 61592469ffac926e9fb3dbbb6103b5ff156106e17b2c660a62b36ad6ad5c63e1
                                                                              • Opcode Fuzzy Hash: 3757692cbdeccdb91bb0175fab81f8238fd8ef55db4ddfde5c5f499ea44d34f1
                                                                              • Instruction Fuzzy Hash: BEF02039801B259AEB7512204CA89E93F38BF11702BA48C17E822F5204DB24CDC8D2B6
                                                                              Function 0052007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6773e7e5b1fe925fee3edbce2fe03ce5f6fe394b4f424cf56e937a2826f876da
                                                                              • Instruction ID: c5f04beaa54e040ad19bea17ff26676375571102abfbb7234b3c85fdae9d6ab7
                                                                              • Opcode Fuzzy Hash: 6773e7e5b1fe925fee3edbce2fe03ce5f6fe394b4f424cf56e937a2826f876da
                                                                              • Instruction Fuzzy Hash: 3FC17D75A01226EFDB04CF94D894EAEBBB5FF49314F209598E405EB292D730DD41DB90
                                                                              Function 0054342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Variant$ClearInitInitializeUninitialize
                                                                              • String ID:
                                                                              • API String ID: 1998397398-0
                                                                              • Opcode ID: 2ccc598d173a497f14d41c6df33cf2401068cd02f8c3ddde1ad7dec17d5b8700
                                                                              • Instruction ID: a4c5d8edcf11ad4f2a8d74ec6ca4ba88ec2219f5aa19eaa33d2e8735383c2e7c
                                                                              • Opcode Fuzzy Hash: 2ccc598d173a497f14d41c6df33cf2401068cd02f8c3ddde1ad7dec17d5b8700
                                                                              • Instruction Fuzzy Hash: D5A13979204301AFCB00DF25C495A6ABBE5FF88758F04885EF98A9B361DB34EE05CB55
                                                                              Function 00520436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0055FC08,?), ref: 005205F0
                                                                              • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0055FC08,?), ref: 00520608
                                                                              • CLSIDFromProgID.OLE32(?,?,00000000,0055CC40,000000FF,?,00000000,00000800,00000000,?,0055FC08,?), ref: 0052062D
                                                                              • _memcmp.LIBVCRUNTIME ref: 0052064E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: FromProg$FreeTask_memcmp
                                                                              • String ID:
                                                                              • API String ID: 314563124-0
                                                                              • Opcode ID: b29f85e5270ff42eabcd5f08cd88409bb6e77091eb195d25bdcc54cf71cfe0c3
                                                                              • Instruction ID: 42f951039e14e3770ff57380b79c9bccea2be0254108dbaa7b87c5cf5f70873b
                                                                              • Opcode Fuzzy Hash: b29f85e5270ff42eabcd5f08cd88409bb6e77091eb195d25bdcc54cf71cfe0c3
                                                                              • Instruction Fuzzy Hash: 2A813F75A00119EFCB04DF94C984EEEBBB9FF89315F104558E506AB291DB71AE06CF60
                                                                              Function 0054A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 0054A6AC
                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 0054A6BA
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 0054A79C
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0054A7AB
                                                                                • Part of subcall function 004DCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00503303,?), ref: 004DCE8A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                              • String ID:
                                                                              • API String ID: 1991900642-0
                                                                              • Opcode ID: fb22d58307ed3d19ed8fa55d61991f6decb081ffda79790c008a88b748b5fe6b
                                                                              • Instruction ID: 76968f4306b6ea2f5ab52714759d87d609a8c929999f5afd3e2069a5fa72d030
                                                                              • Opcode Fuzzy Hash: fb22d58307ed3d19ed8fa55d61991f6decb081ffda79790c008a88b748b5fe6b
                                                                              • Instruction Fuzzy Hash: 50516D75508300AFD750EF25C886E6BBBE8FF89758F00891EF58597251EB34E904CBA6
                                                                              Function 00501391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _free
                                                                              • String ID:
                                                                              • API String ID: 269201875-0
                                                                              • Opcode ID: ae8386e39388eeb17cb35c66d76125ac3ce75d0cf0e693e70f02241706739adb
                                                                              • Instruction ID: e55a53e9645335a822bd725b9357665bc30ed510fe3271a1801ba9aa641a287a
                                                                              • Opcode Fuzzy Hash: ae8386e39388eeb17cb35c66d76125ac3ce75d0cf0e693e70f02241706739adb
                                                                              • Instruction Fuzzy Hash: 5A417B31A00A04ABDF216BBA8C45ABE3EA4FF41374F14066AF918C71E2F7394841526B
                                                                              Function 00556278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowRect.USER32(?,?), ref: 005562E2
                                                                              • ScreenToClient.USER32(?,?), ref: 00556315
                                                                              • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00556382
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ClientMoveRectScreen
                                                                              • String ID:
                                                                              • API String ID: 3880355969-0
                                                                              • Opcode ID: e99ac349b64be9011b43fb642f5b63fbcd68b360955f616a11b12080bea9a92f
                                                                              • Instruction ID: c2acce3404b6c40d429410023c6c849cd9ae67195add1d67841257c489215d31
                                                                              • Opcode Fuzzy Hash: e99ac349b64be9011b43fb642f5b63fbcd68b360955f616a11b12080bea9a92f
                                                                              • Instruction Fuzzy Hash: 95515A74A00249EFCF10CF68D890AAE7FB5FB55361F51856AF8159B2A0D730ED85CB50
                                                                              Function 00541AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • socket.WSOCK32(00000002,00000002,00000011), ref: 00541AFD
                                                                              • WSAGetLastError.WSOCK32 ref: 00541B0B
                                                                              • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00541B8A
                                                                              • WSAGetLastError.WSOCK32 ref: 00541B94
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast$socket
                                                                              • String ID:
                                                                              • API String ID: 1881357543-0
                                                                              • Opcode ID: e30a2afa1a3d16a7324f528fca225c9c1ebd0dfb9e7d705d534a8eb099b1b6af
                                                                              • Instruction ID: 925894ec04ed81157aba231d60c69276d4932030aef79bc04202739e2f533d18
                                                                              • Opcode Fuzzy Hash: e30a2afa1a3d16a7324f528fca225c9c1ebd0dfb9e7d705d534a8eb099b1b6af
                                                                              • Instruction Fuzzy Hash: 6741D038600600AFE720AF21C886F697BE5EB4470CF54C44DF91A8F3D2D676ED818B94
                                                                              Function 004FB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 11de2daaae76b78d6226839c4c043e683c5261b4193801678eb61c69a2f90355
                                                                              • Instruction ID: f5d3293321528996e038641b30a42413dedb7400d586fc5c3295518b9c27c786
                                                                              • Opcode Fuzzy Hash: 11de2daaae76b78d6226839c4c043e683c5261b4193801678eb61c69a2f90355
                                                                              • Instruction Fuzzy Hash: 8941F375A00608BFD724AF39C941B7EBBE9EB89714F10452FF241DB682D779A9018BC4
                                                                              Function 005356D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00535783
                                                                              • GetLastError.KERNEL32(?,00000000), ref: 005357A9
                                                                              • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 005357CE
                                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 005357FA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CreateHardLink$DeleteErrorFileLast
                                                                              • String ID:
                                                                              • API String ID: 3321077145-0
                                                                              • Opcode ID: e44dd31eea60aad505154595650011f79af2576e03ccf39473971a2cae1f31fb
                                                                              • Instruction ID: f3a0c046cc11f562acc8e6d0ca2a0adf64f913e393717a1dc049d97ac6760dfb
                                                                              • Opcode Fuzzy Hash: e44dd31eea60aad505154595650011f79af2576e03ccf39473971a2cae1f31fb
                                                                              • Instruction Fuzzy Hash: 98412A39600610DFCB10DF15C445A1DBBE1EF89368F18848DE84A5B362DB34FD01DB95
                                                                              Function 004FD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,004E6D71,00000000,00000000,004E82D9,?,004E82D9,?,00000001,004E6D71,?,00000001,004E82D9,004E82D9), ref: 004FD910
                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004FD999
                                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 004FD9AB
                                                                              • __freea.LIBCMT ref: 004FD9B4
                                                                                • Part of subcall function 004F3820: RtlAllocateHeap.NTDLL(00000000,?,00591444,?,004DFDF5,?,?,004CA976,00000010,00591440,004C13FC,?,004C13C6,?,004C1129), ref: 004F3852
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                              • String ID:
                                                                              • API String ID: 2652629310-0
                                                                              • Opcode ID: 59db58f9a41ab2d76c02e968b80103bd83a85a560f16ffe0625a44feca5c77b7
                                                                              • Instruction ID: 599d0e1cbb45cfc2fa17cd8e382eb67d0f882bd1fa82e47bf6697f05d91033ba
                                                                              • Opcode Fuzzy Hash: 59db58f9a41ab2d76c02e968b80103bd83a85a560f16ffe0625a44feca5c77b7
                                                                              • Instruction Fuzzy Hash: ED31AEB2A0020AABDB25DFA5DC45EBF7BA6EF40310F05416AFD04D6250EB79CD54CBA4
                                                                              Function 005552C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 00555352
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00555375
                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00555382
                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 005553A8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: LongWindow$InvalidateMessageRectSend
                                                                              • String ID:
                                                                              • API String ID: 3340791633-0
                                                                              • Opcode ID: a2c1e4bb7c81931d6afdb27ea6ba432dcc100c80a3ba773d2ccc373a417997f7
                                                                              • Instruction ID: 6b33428a5b8e6e5d384567aa7c274abe5f068f3f4c2c23fd7dc2be412122d000
                                                                              • Opcode Fuzzy Hash: a2c1e4bb7c81931d6afdb27ea6ba432dcc100c80a3ba773d2ccc373a417997f7
                                                                              • Instruction Fuzzy Hash: 1431E634A55A08EFEB309F54CC35BE83F65BB04392F5A4813FE19961E0E7B09D48A741
                                                                              Function 0052AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 0052ABF1
                                                                              • SetKeyboardState.USER32(00000080,?,00008000), ref: 0052AC0D
                                                                              • PostMessageW.USER32(00000000,00000101,00000000), ref: 0052AC74
                                                                              • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 0052ACC6
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: KeyboardState$InputMessagePostSend
                                                                              • String ID:
                                                                              • API String ID: 432972143-0
                                                                              • Opcode ID: 29f4336e3bcd98da26ff708d0b5b61d0a75d6e1dc0683f477fa07d098dcc64e2
                                                                              • Instruction ID: 0cff43a6887065ebee3c48bdee09abf0054badced58438c50b6ce31ee06b8ab0
                                                                              • Opcode Fuzzy Hash: 29f4336e3bcd98da26ff708d0b5b61d0a75d6e1dc0683f477fa07d098dcc64e2
                                                                              • Instruction Fuzzy Hash: D0311630A00328AFFF258B64EC187FA7FA9BF86310F04461AF481662D1C3748D859752
                                                                              Function 00557674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ClientToScreen.USER32(?,?), ref: 0055769A
                                                                              • GetWindowRect.USER32(?,?), ref: 00557710
                                                                              • PtInRect.USER32(?,?,00558B89), ref: 00557720
                                                                              • MessageBeep.USER32(00000000), ref: 0055778C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Rect$BeepClientMessageScreenWindow
                                                                              • String ID:
                                                                              • API String ID: 1352109105-0
                                                                              • Opcode ID: 1e01042f6cfd0cbdd78c7992eef3dcee6a567a6524ff79ab2ccc75c74a0abf96
                                                                              • Instruction ID: e3d2c7a6db4936ff8264463d0496e261db9728bd27306974a9e61293c9aa70b7
                                                                              • Opcode Fuzzy Hash: 1e01042f6cfd0cbdd78c7992eef3dcee6a567a6524ff79ab2ccc75c74a0abf96
                                                                              • Instruction Fuzzy Hash: EF41AD34609619DFCB02CF58F8A4EA97FF4FB5D302F1540AAE8149B261C330A949DF90
                                                                              Function 005516DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetForegroundWindow.USER32 ref: 005516EB
                                                                                • Part of subcall function 00523A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00523A57
                                                                                • Part of subcall function 00523A3D: GetCurrentThreadId.KERNEL32 ref: 00523A5E
                                                                                • Part of subcall function 00523A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,005225B3), ref: 00523A65
                                                                              • GetCaretPos.USER32(?), ref: 005516FF
                                                                              • ClientToScreen.USER32(00000000,?), ref: 0055174C
                                                                              • GetForegroundWindow.USER32 ref: 00551752
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                              • String ID:
                                                                              • API String ID: 2759813231-0
                                                                              • Opcode ID: 6ae9823a8f7021e834f1f4ff5a20aaa715ad9fc9437eb34263dbf1042694e310
                                                                              • Instruction ID: 57672f708a763da848e68fb2d69a0d5bc2db6f4f3f51fef19d641085972d66d2
                                                                              • Opcode Fuzzy Hash: 6ae9823a8f7021e834f1f4ff5a20aaa715ad9fc9437eb34263dbf1042694e310
                                                                              • Instruction Fuzzy Hash: D7315275D00249AFCB00DFAAC891DAEBBF9FF48304B5080AEE415E7251D7359E45CBA4
                                                                              Function 00558FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004D9BB2
                                                                              • GetCursorPos.USER32(?), ref: 00559001
                                                                              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00517711,?,?,?,?,?), ref: 00559016
                                                                              • GetCursorPos.USER32(?), ref: 0055905E
                                                                              • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00517711,?,?,?), ref: 00559094
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                              • String ID:
                                                                              • API String ID: 2864067406-0
                                                                              • Opcode ID: d745780d2c1c2b125714c335406cb3305b5e7bb055c52cf445325b5cdf018ab5
                                                                              • Instruction ID: d202594bdc7f805f458a933a8a0fe75b98952f822d0d37a32ad4f74e177e7237
                                                                              • Opcode Fuzzy Hash: d745780d2c1c2b125714c335406cb3305b5e7bb055c52cf445325b5cdf018ab5
                                                                              • Instruction Fuzzy Hash: A2218D35600118EFCB258F94CC68EEB7FB9FB49352F04445AF9058B2B1D339A954EB60
                                                                              Function 0052D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFileAttributesW.KERNEL32(?,0055CB68), ref: 0052D2FB
                                                                              • GetLastError.KERNEL32 ref: 0052D30A
                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 0052D319
                                                                              • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0055CB68), ref: 0052D376
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CreateDirectory$AttributesErrorFileLast
                                                                              • String ID:
                                                                              • API String ID: 2267087916-0
                                                                              • Opcode ID: 867f53d5edde5ac634dccb6889793fcb0b3c04c177b53037453be812b087d7b1
                                                                              • Instruction ID: a6420054c578b0916bc5dff121dff8cf9b68a159d20aeb9635eac7b273dd8f0b
                                                                              • Opcode Fuzzy Hash: 867f53d5edde5ac634dccb6889793fcb0b3c04c177b53037453be812b087d7b1
                                                                              • Instruction Fuzzy Hash: EA217C745093119F8300DF28D8958AA7BE4FE6A369F504E1EF499C32E1D7309949CBA7
                                                                              Function 00521571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00521014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0052102A
                                                                                • Part of subcall function 00521014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00521036
                                                                                • Part of subcall function 00521014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00521045
                                                                                • Part of subcall function 00521014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0052104C
                                                                                • Part of subcall function 00521014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00521062
                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 005215BE
                                                                              • _memcmp.LIBVCRUNTIME ref: 005215E1
                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00521617
                                                                              • HeapFree.KERNEL32(00000000), ref: 0052161E
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                              • String ID:
                                                                              • API String ID: 1592001646-0
                                                                              • Opcode ID: 943032740579add2f1c622349894b19a3051d0727f4a50803e40ba49193134d0
                                                                              • Instruction ID: 6a81debba674d56642d1a32a7e5514557bf2d5682abeefc8a6f0d1f0be607f83
                                                                              • Opcode Fuzzy Hash: 943032740579add2f1c622349894b19a3051d0727f4a50803e40ba49193134d0
                                                                              • Instruction Fuzzy Hash: 8B219A31E00618AFDF00DFA4D948BEFBBB8FF61345F084459E401AB281E730AA04DBA4
                                                                              Function 00552782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 0055280A
                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00552824
                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00552832
                                                                              • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00552840
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Long$AttributesLayered
                                                                              • String ID:
                                                                              • API String ID: 2169480361-0
                                                                              • Opcode ID: 74494af2ab3c6b9f92f84a44efb003e8037e7651d07003090d08c24c38e3960d
                                                                              • Instruction ID: 58f80d8f299756d92261bac0ab1237a46fd8080a5eb7a54da5642c5fe87a8ec2
                                                                              • Opcode Fuzzy Hash: 74494af2ab3c6b9f92f84a44efb003e8037e7651d07003090d08c24c38e3960d
                                                                              • Instruction Fuzzy Hash: 0621FE31204211AFD714DB24C864FAA7B95FF86329F14811EE8268B2A2C771FC86CBD0
                                                                              Function 005278F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00528D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0052790A,?,000000FF,?,00528754,00000000,?,0000001C,?,?), ref: 00528D8C
                                                                                • Part of subcall function 00528D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00528DB2
                                                                                • Part of subcall function 00528D7D: lstrcmpiW.KERNEL32(00000000,?,0052790A,?,000000FF,?,00528754,00000000,?,0000001C,?,?), ref: 00528DE3
                                                                              • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00528754,00000000,?,0000001C,?,?,00000000), ref: 00527923
                                                                              • lstrcpyW.KERNEL32(00000000,?), ref: 00527949
                                                                              • lstrcmpiW.KERNEL32(00000002,cdecl,?,00528754,00000000,?,0000001C,?,?,00000000), ref: 00527984
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: lstrcmpilstrcpylstrlen
                                                                              • String ID: cdecl
                                                                              • API String ID: 4031866154-3896280584
                                                                              • Opcode ID: 1ecc95387dd4305333ab81eac911355fec451254a287b19ddf6bbd9a41bca332
                                                                              • Instruction ID: ebb2b92bf71c74b381c5d79c21237fdae70e2548e03afe714f1bc416ddcd3e96
                                                                              • Opcode Fuzzy Hash: 1ecc95387dd4305333ab81eac911355fec451254a287b19ddf6bbd9a41bca332
                                                                              • Instruction Fuzzy Hash: D311293A200716AFCB159F35E854D7A7BA5FF9A354B00402AF906C73E4EB319841D791
                                                                              Function 00557CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00557D0B
                                                                              • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00557D2A
                                                                              • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00557D42
                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0053B7AD,00000000), ref: 00557D6B
                                                                                • Part of subcall function 004D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004D9BB2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Long
                                                                              • String ID:
                                                                              • API String ID: 847901565-0
                                                                              • Opcode ID: 1bb381e675db017e4e024fdbba7cabfb806dc274e098282c84077a16a4e14b50
                                                                              • Instruction ID: 8d0b10bd36aa1543fd887f32411697dc7a5110347f3bfed4aa9a05aff84676d6
                                                                              • Opcode Fuzzy Hash: 1bb381e675db017e4e024fdbba7cabfb806dc274e098282c84077a16a4e14b50
                                                                              • Instruction Fuzzy Hash: 1111AE31104629AFCB108F28DC24A663FA5BF49362B114726FC35D72E0E7319D58DB80
                                                                              Function 00555660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,00001060,?,00000004), ref: 005556BB
                                                                              • _wcslen.LIBCMT ref: 005556CD
                                                                              • _wcslen.LIBCMT ref: 005556D8
                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00555816
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend_wcslen
                                                                              • String ID:
                                                                              • API String ID: 455545452-0
                                                                              • Opcode ID: 2928a8bed3ce02542e07bb7f0c1535067ddaed056808dea42eb65b434908f68a
                                                                              • Instruction ID: 6a86f78d1fc3521435ffe59d64d6520e5480e4660b60d7cefd36c029d1480226
                                                                              • Opcode Fuzzy Hash: 2928a8bed3ce02542e07bb7f0c1535067ddaed056808dea42eb65b434908f68a
                                                                              • Instruction Fuzzy Hash: FF11DF7160061896DF209BA68CA5AEE3FBCFF10366B10442BFD0596081F7748A88CB64
                                                                              Function 004F1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: faa878e48d0067af5d4e9a14b983a84999d430b6fe2690edef6538aea9016878
                                                                              • Instruction ID: 725888081fdf7b50c85b51eb553073027b1c13aea963bcaae8500753e737fcb2
                                                                              • Opcode Fuzzy Hash: faa878e48d0067af5d4e9a14b983a84999d430b6fe2690edef6538aea9016878
                                                                              • Instruction Fuzzy Hash: EE018FB2205B1EBEF61116796CC0F37662DDF513B8B35132BF721A12E2DB68AC005168
                                                                              Function 00521A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 00521A47
                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00521A59
                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00521A6F
                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00521A8A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: c015e9108843696bf7eca6e4fa737d05b26e9584842d97cef37f07102eee5b75
                                                                              • Instruction ID: 566b34fc382051e9d7350faa832a10b6f15e28c10d946ffe36382f06fb1dfb12
                                                                              • Opcode Fuzzy Hash: c015e9108843696bf7eca6e4fa737d05b26e9584842d97cef37f07102eee5b75
                                                                              • Instruction Fuzzy Hash: CD112A3A901229FFEB109BA4C985FAEBB78FF18750F200091E601B7290D7716E50DB94
                                                                              Function 0052E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentThreadId.KERNEL32 ref: 0052E1FD
                                                                              • MessageBoxW.USER32(?,?,?,?), ref: 0052E230
                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0052E246
                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0052E24D
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                              • String ID:
                                                                              • API String ID: 2880819207-0
                                                                              • Opcode ID: 496c149a9add19f7e7fa77781d12ddc0977412d99b1bd01ca58a312c34fd8115
                                                                              • Instruction ID: 41bbefc9ab79388e7272e74cbddc19cf63e387e1031f91d143cf2053b8af3fe9
                                                                              • Opcode Fuzzy Hash: 496c149a9add19f7e7fa77781d12ddc0977412d99b1bd01ca58a312c34fd8115
                                                                              • Instruction Fuzzy Hash: 0A110876D04365FFC7019BA8AC06A9E7FACEF56311F10465AF926E32D0D270990897A0
                                                                              Function 004ED1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateThread.KERNEL32(00000000,?,004ECFF9,00000000,00000004,00000000), ref: 004ED218
                                                                              • GetLastError.KERNEL32 ref: 004ED224
                                                                              • __dosmaperr.LIBCMT ref: 004ED22B
                                                                              • ResumeThread.KERNEL32(00000000), ref: 004ED249
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                              • String ID:
                                                                              • API String ID: 173952441-0
                                                                              • Opcode ID: f71e193e5d614271c4a740be9ede50d9abad6050434cedd5c6de66993be286b5
                                                                              • Instruction ID: 788c615ce9269770f3ef4165b32414c1a532a3ff95f2c51bb2fa3d1c3f1970c1
                                                                              • Opcode Fuzzy Hash: f71e193e5d614271c4a740be9ede50d9abad6050434cedd5c6de66993be286b5
                                                                              • Instruction Fuzzy Hash: 4E012636C05248BFC7105BA7DC05BAF7A69DF81337F10425AFA24921D0CF758805D6A5
                                                                              Function 00559EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004D9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 004D9BB2
                                                                              • GetClientRect.USER32(?,?), ref: 00559F31
                                                                              • GetCursorPos.USER32(?), ref: 00559F3B
                                                                              • ScreenToClient.USER32(?,?), ref: 00559F46
                                                                              • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00559F7A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Client$CursorLongProcRectScreenWindow
                                                                              • String ID:
                                                                              • API String ID: 4127811313-0
                                                                              • Opcode ID: 5ce7781fc6773f0641ee064ba9345a10cf823bd9dfc960295726648b86cef840
                                                                              • Instruction ID: fa78d9f5cf7fa623924b980b864c3b42b09cee08bbca802f92b976f7938fd991
                                                                              • Opcode Fuzzy Hash: 5ce7781fc6773f0641ee064ba9345a10cf823bd9dfc960295726648b86cef840
                                                                              • Instruction Fuzzy Hash: 8A11483290021AEFDB01DFA9D8A99EE7BB8FF45312F000456F901E3150D334BA89DBA1
                                                                              Function 004C600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 004C604C
                                                                              • GetStockObject.GDI32(00000011), ref: 004C6060
                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 004C606A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CreateMessageObjectSendStockWindow
                                                                              • String ID:
                                                                              • API String ID: 3970641297-0
                                                                              • Opcode ID: 662daab85d8aea5425ce1652835b1141460036bb5a976f90e80ec9385cf22e1b
                                                                              • Instruction ID: 8a8b56c0699d2d567c16cd18d45dfcddb3021e3fbb9b94fdb4aab8303ff5ac23
                                                                              • Opcode Fuzzy Hash: 662daab85d8aea5425ce1652835b1141460036bb5a976f90e80ec9385cf22e1b
                                                                              • Instruction Fuzzy Hash: 98118E72501609BFEF528FA58C54FEB7F69EF18355F02411AFA0562110C7369C60EB94
                                                                              Function 004E3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___BuildCatchObject.LIBVCRUNTIME ref: 004E3B56
                                                                                • Part of subcall function 004E3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 004E3AD2
                                                                                • Part of subcall function 004E3AA3: ___AdjustPointer.LIBCMT ref: 004E3AED
                                                                              • _UnwindNestedFrames.LIBCMT ref: 004E3B6B
                                                                              • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 004E3B7C
                                                                              • CallCatchBlock.LIBVCRUNTIME ref: 004E3BA4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                              • String ID:
                                                                              • API String ID: 737400349-0
                                                                              • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                              • Instruction ID: eb229d940cf58706302e65172f98f392561facc96488f318fdf5e6112256f29b
                                                                              • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                              • Instruction Fuzzy Hash: F2016D32100189BBCF126E97CC46DEB3B69EF8875AF04405AFE4856121C33AE961DBA4
                                                                              Function 004F3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,004C13C6,00000000,00000000,?,004F301A,004C13C6,00000000,00000000,00000000,?,004F328B,00000006,FlsSetValue), ref: 004F30A5
                                                                              • GetLastError.KERNEL32(?,004F301A,004C13C6,00000000,00000000,00000000,?,004F328B,00000006,FlsSetValue,00562290,FlsSetValue,00000000,00000364,?,004F2E46), ref: 004F30B1
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,004F301A,004C13C6,00000000,00000000,00000000,?,004F328B,00000006,FlsSetValue,00562290,FlsSetValue,00000000), ref: 004F30BF
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: LibraryLoad$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 3177248105-0
                                                                              • Opcode ID: 268240a980e936faf8807ff459770ec4d764a0e390455d5d6224229a61f1e7d5
                                                                              • Instruction ID: 7dfdfe5770ad7ac8e5fa1d59a58cee723301799400da2ee8215bdf0bc1d5b35f
                                                                              • Opcode Fuzzy Hash: 268240a980e936faf8807ff459770ec4d764a0e390455d5d6224229a61f1e7d5
                                                                              • Instruction Fuzzy Hash: 9C01D43630272AAFCB214E799C449777B98AF15BA3B110623FA05E7344CF25D945C6E4
                                                                              Function 00527464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0052747F
                                                                              • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00527497
                                                                              • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 005274AC
                                                                              • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 005274CA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Type$Register$FileLoadModuleNameUser
                                                                              • String ID:
                                                                              • API String ID: 1352324309-0
                                                                              • Opcode ID: 812a86a83ce72a6c21e0f3e6222d3da95b359d555884b92666951b48482b882d
                                                                              • Instruction ID: 3084f6112f25a6f090c9135d9db048a2164936ecada972c6ae35b233d58b1399
                                                                              • Opcode Fuzzy Hash: 812a86a83ce72a6c21e0f3e6222d3da95b359d555884b92666951b48482b882d
                                                                              • Instruction Fuzzy Hash: DC117CB12053289FEB20DF14EC08F927FB8FF09B00F108569A626D6191D770E908EB91
                                                                              Function 0052B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0052ACD3,?,00008000), ref: 0052B0C4
                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0052ACD3,?,00008000), ref: 0052B0E9
                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0052ACD3,?,00008000), ref: 0052B0F3
                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0052ACD3,?,00008000), ref: 0052B126
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CounterPerformanceQuerySleep
                                                                              • String ID:
                                                                              • API String ID: 2875609808-0
                                                                              • Opcode ID: 8bc0d8d51d405a3db42420a79dbff7f26ada85eb18a6d2b7ab1b23d23a5906f6
                                                                              • Instruction ID: 9ae1b8e9a89162c2a00ed2566286090372082de2a89f31a98cd41fa111372008
                                                                              • Opcode Fuzzy Hash: 8bc0d8d51d405a3db42420a79dbff7f26ada85eb18a6d2b7ab1b23d23a5906f6
                                                                              • Instruction Fuzzy Hash: E5113931C01A39EBDF00AFA5E9686EEBF78FF5A711F104486D941B2281CB305664DB51
                                                                              Function 00557E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowRect.USER32(?,?), ref: 00557E33
                                                                              • ScreenToClient.USER32(?,?), ref: 00557E4B
                                                                              • ScreenToClient.USER32(?,?), ref: 00557E6F
                                                                              • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00557E8A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ClientRectScreen$InvalidateWindow
                                                                              • String ID:
                                                                              • API String ID: 357397906-0
                                                                              • Opcode ID: 712629204d8b7468c9497826376106a4278d515332bf09ba27ad731adb627759
                                                                              • Instruction ID: 0e3d92c7ad15a7fd17566544506f88abcfea1a74ef4e24050073190df1bb329a
                                                                              • Opcode Fuzzy Hash: 712629204d8b7468c9497826376106a4278d515332bf09ba27ad731adb627759
                                                                              • Instruction Fuzzy Hash: AD1143B9D0020AAFDB41CFA8D8849EEBBF9FB18311F505056E915E2610D735AA54DF90
                                                                              Function 00522DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00522DC5
                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 00522DD6
                                                                              • GetCurrentThreadId.KERNEL32 ref: 00522DDD
                                                                              • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00522DE4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                              • String ID:
                                                                              • API String ID: 2710830443-0
                                                                              • Opcode ID: 127151ebf9a03b02b902e9ba8362e2bfc2bc9d0a5c6bfddb78559b4afbfe2701
                                                                              • Instruction ID: 594bdb18b9f50b321d6d264fe8d2c919d54f0ab6e5979ab42b86aa8093e10c5d
                                                                              • Opcode Fuzzy Hash: 127151ebf9a03b02b902e9ba8362e2bfc2bc9d0a5c6bfddb78559b4afbfe2701
                                                                              • Instruction Fuzzy Hash: CEE06DB21013347BD7201B76AC1DEEB3E6CFF63BA2F000015B105D10809AA48945D6B0
                                                                              Function 00558863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004D9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 004D9693
                                                                                • Part of subcall function 004D9639: SelectObject.GDI32(?,00000000), ref: 004D96A2
                                                                                • Part of subcall function 004D9639: BeginPath.GDI32(?), ref: 004D96B9
                                                                                • Part of subcall function 004D9639: SelectObject.GDI32(?,00000000), ref: 004D96E2
                                                                              • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00558887
                                                                              • LineTo.GDI32(?,?,?), ref: 00558894
                                                                              • EndPath.GDI32(?), ref: 005588A4
                                                                              • StrokePath.GDI32(?), ref: 005588B2
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                              • String ID:
                                                                              • API String ID: 1539411459-0
                                                                              • Opcode ID: 4d8589527f0d04464206b8bbf437fb0c63b8fae1fa97d036efae49188a92f20d
                                                                              • Instruction ID: 23627bbb5e5651769fba4ab1c49f4b87e51cc7caea076712f8c97ff6b4e8a8f0
                                                                              • Opcode Fuzzy Hash: 4d8589527f0d04464206b8bbf437fb0c63b8fae1fa97d036efae49188a92f20d
                                                                              • Instruction Fuzzy Hash: F6F0BE36001729FADB122F94AC1DFCE3F59AF26312F048002FA11610E1C7755519EFE9
                                                                              Function 004D98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSysColor.USER32(00000008), ref: 004D98CC
                                                                              • SetTextColor.GDI32(?,?), ref: 004D98D6
                                                                              • SetBkMode.GDI32(?,00000001), ref: 004D98E9
                                                                              • GetStockObject.GDI32(00000005), ref: 004D98F1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Color$ModeObjectStockText
                                                                              • String ID:
                                                                              • API String ID: 4037423528-0
                                                                              • Opcode ID: 8000dabcd23aa7efd2386803a0c1bf7d4d6ab540d639a5124ac886e79922d16d
                                                                              • Instruction ID: 40c29d6bdaf1cbfeebfe392dffbbd2f64268f4df018b5071e33063ef639e615f
                                                                              • Opcode Fuzzy Hash: 8000dabcd23aa7efd2386803a0c1bf7d4d6ab540d639a5124ac886e79922d16d
                                                                              • Instruction Fuzzy Hash: 1FE06531244744AEEB215B78AC29BD93F21AB26336F04821AF6FA541E1C7714644EB10
                                                                              Function 0052162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentThread.KERNEL32 ref: 00521634
                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,005211D9), ref: 0052163B
                                                                              • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,005211D9), ref: 00521648
                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,005211D9), ref: 0052164F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentOpenProcessThreadToken
                                                                              • String ID:
                                                                              • API String ID: 3974789173-0
                                                                              • Opcode ID: 8c3599be55e821c0d999a179bd30ea8d386b52c7361ec8bb8cf25d00d3878627
                                                                              • Instruction ID: f5723fb1c4577893bbd72e7bf2a675893446075ad6c7a93dca73d0c3e54ce8ae
                                                                              • Opcode Fuzzy Hash: 8c3599be55e821c0d999a179bd30ea8d386b52c7361ec8bb8cf25d00d3878627
                                                                              • Instruction Fuzzy Hash: 55E04F71602321AFD7201BA0AD1DB4B3F68AF65B92F144808F245C90D0D6245448D754
                                                                              Function 0051D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDesktopWindow.USER32 ref: 0051D858
                                                                              • GetDC.USER32(00000000), ref: 0051D862
                                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0051D882
                                                                              • ReleaseDC.USER32(?), ref: 0051D8A3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                              • String ID:
                                                                              • API String ID: 2889604237-0
                                                                              • Opcode ID: c91f19f6b82f94eeca242cb7b99a808de9b6756b15a5fbf07495334dac67e71d
                                                                              • Instruction ID: a93e5d8e79cf875e15e932eb8181f6ac6ebbb856660b59fbb5948c5175e6ed64
                                                                              • Opcode Fuzzy Hash: c91f19f6b82f94eeca242cb7b99a808de9b6756b15a5fbf07495334dac67e71d
                                                                              • Instruction Fuzzy Hash: 30E01AB4800304EFCF41AFA4D81CA6DBFB1FB18312F10841AE80AE7290C7384A46EF50
                                                                              Function 0051D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetDesktopWindow.USER32 ref: 0051D86C
                                                                              • GetDC.USER32(00000000), ref: 0051D876
                                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0051D882
                                                                              • ReleaseDC.USER32(?), ref: 0051D8A3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                              • String ID:
                                                                              • API String ID: 2889604237-0
                                                                              • Opcode ID: 374ed9351ae690defaa826f6ff4dbb3536dfb83d5f7c61a22cc4b2995c760612
                                                                              • Instruction ID: 8cd8bbd594d88fd4d06c34fca9e6881c6670430847844d8782025fc6aced9965
                                                                              • Opcode Fuzzy Hash: 374ed9351ae690defaa826f6ff4dbb3536dfb83d5f7c61a22cc4b2995c760612
                                                                              • Instruction Fuzzy Hash: 37E01A74C00300DFCF419FA4D81C66DBFB1FB18312B108009E80AE7250C7385A06EF40
                                                                              Function 00534D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C7620: _wcslen.LIBCMT ref: 004C7625
                                                                              • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00534ED4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Connection_wcslen
                                                                              • String ID: *$LPT
                                                                              • API String ID: 1725874428-3443410124
                                                                              • Opcode ID: f731330f5ce62b35400312ead91ceb10fe2a5689b711aed7da340959ba6f3d19
                                                                              • Instruction ID: 8f31bb4f284be12f00e246ad48feb3f25e36db1bbbb6b6499268929368a7999b
                                                                              • Opcode Fuzzy Hash: f731330f5ce62b35400312ead91ceb10fe2a5689b711aed7da340959ba6f3d19
                                                                              • Instruction Fuzzy Hash: 10913C79A002449FCB14DF59C484EAABBF5BF44308F19809DE80A9B762D735EE85CF91
                                                                              Function 004EE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __startOneArgErrorHandling.LIBCMT ref: 004EE30D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorHandling__start
                                                                              • String ID: pow
                                                                              • API String ID: 3213639722-2276729525
                                                                              • Opcode ID: e0190e3bc27e6762609cdcc53f13e763cd9927c73ac3a7d086dfff199038f93c
                                                                              • Instruction ID: edbeba32debc52702e64125695bd33b566b51a94a3b09007fef0558c651552e3
                                                                              • Opcode Fuzzy Hash: e0190e3bc27e6762609cdcc53f13e763cd9927c73ac3a7d086dfff199038f93c
                                                                              • Instruction Fuzzy Hash: 14519D61A0C54A96CB117B1BCD4137B3B94EB10742F30899BE5D1433E9EB3D8C869A4E
                                                                              Function 00547771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CharUpperBuffW.USER32(0051569E,00000000,?,0055CC08,?,00000000,00000000), ref: 005478DD
                                                                                • Part of subcall function 004C6B57: _wcslen.LIBCMT ref: 004C6B6A
                                                                              • CharUpperBuffW.USER32(0051569E,00000000,?,0055CC08,00000000,?,00000000,00000000), ref: 0054783B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: BuffCharUpper$_wcslen
                                                                              • String ID: <sX
                                                                              • API String ID: 3544283678-3012703765
                                                                              • Opcode ID: d171d65a77200eee76f0d95428a600936f2fdf914978b4d8dc9c5dca2f3b3748
                                                                              • Instruction ID: 09af070a1fc9b33cfe1d3748ccd741568cc921058d50492230488b7cb4244eed
                                                                              • Opcode Fuzzy Hash: d171d65a77200eee76f0d95428a600936f2fdf914978b4d8dc9c5dca2f3b3748
                                                                              • Instruction Fuzzy Hash: B9613D7A91411CAACF44EBA5CC91EFDBB74BF18708B44452EE542B3091EF385A09DBA4
                                                                              Function 004DE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: #
                                                                              • API String ID: 0-1885708031
                                                                              • Opcode ID: 3fe45b02e1cd33b02fe9da057c46e0ce4a5177083d3fe8f45752b6f60d80f14c
                                                                              • Instruction ID: c403fdf148dda0d4d14e40a62d207754a51c2b0c00b0db6c9d4b20f758c9f4cf
                                                                              • Opcode Fuzzy Hash: 3fe45b02e1cd33b02fe9da057c46e0ce4a5177083d3fe8f45752b6f60d80f14c
                                                                              • Instruction Fuzzy Hash: 0D510235900286DFEB15EF29D492AFA7FA4FF55310F24405AEC919B2D0D6389D83CBA4
                                                                              Function 004DF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Sleep.KERNEL32(00000000), ref: 004DF2A2
                                                                              • GlobalMemoryStatusEx.KERNEL32(?), ref: 004DF2BB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: GlobalMemorySleepStatus
                                                                              • String ID: @
                                                                              • API String ID: 2783356886-2766056989
                                                                              • Opcode ID: 5b2960130563d54f1251c634619439adad0583dd5c5de92136c4a8bb348092fb
                                                                              • Instruction ID: e7903c3aabb716c262dba697b3f57f523a23cbfd04f138cd6235676dcd301342
                                                                              • Opcode Fuzzy Hash: 5b2960130563d54f1251c634619439adad0583dd5c5de92136c4a8bb348092fb
                                                                              • Instruction Fuzzy Hash: 765168714087449BD320AF11EC86BABBBF8FB94304F81885EF1D941195EB348569CB6A
                                                                              Function 00545745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 005457E0
                                                                              • _wcslen.LIBCMT ref: 005457EC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: BuffCharUpper_wcslen
                                                                              • String ID: CALLARGARRAY
                                                                              • API String ID: 157775604-1150593374
                                                                              • Opcode ID: 6be402b90ab224667553f757b07a7e2a6cce9d2fbd6df3574ec58ff87d6fc7c8
                                                                              • Instruction ID: 0b2d6eca1721254bcd55c216f4786818ee47720459016134add15f3b1c9022c2
                                                                              • Opcode Fuzzy Hash: 6be402b90ab224667553f757b07a7e2a6cce9d2fbd6df3574ec58ff87d6fc7c8
                                                                              • Instruction Fuzzy Hash: 7C419231A002099FCB14EFA9C8959EEBFF5FF59358F20406EE405A7252EB349D41CB90
                                                                              Function 0053D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _wcslen.LIBCMT ref: 0053D130
                                                                              • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0053D13A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CrackInternet_wcslen
                                                                              • String ID: |
                                                                              • API String ID: 596671847-2343686810
                                                                              • Opcode ID: c91ca28b9743a81a269195f35cb56efe2d7283120f08347c44ca73b9149cab0a
                                                                              • Instruction ID: 4242f7fbfb806a5341cac0f3a6dec6d9238fe1922bf73760ce9f89dafd18131e
                                                                              • Opcode Fuzzy Hash: c91ca28b9743a81a269195f35cb56efe2d7283120f08347c44ca73b9149cab0a
                                                                              • Instruction Fuzzy Hash: B6312775D00209ABCF55EFA5DC85EEEBFB9FF04304F00401EE815A6162E735AA16CB64
                                                                              Function 0055356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DestroyWindow.USER32(?,?,?,?), ref: 00553621
                                                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0055365C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$DestroyMove
                                                                              • String ID: static
                                                                              • API String ID: 2139405536-2160076837
                                                                              • Opcode ID: a975907e5b1033876f91d2e08b180dbf6911002b4f901e8950a8ad354dcff2fc
                                                                              • Instruction ID: 1b4cfb7907068a1d652703b404f451fb61fa92acfe05f932b3235055ee139ff0
                                                                              • Opcode Fuzzy Hash: a975907e5b1033876f91d2e08b180dbf6911002b4f901e8950a8ad354dcff2fc
                                                                              • Instruction Fuzzy Hash: 7031AF71100604AEDB109F68DC90FBB7BA9FF88765F00961EFCA997280DA30AD85D760
                                                                              Function 00554537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0055461F
                                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00554634
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID: '
                                                                              • API String ID: 3850602802-1997036262
                                                                              • Opcode ID: faf3379d57977aaef3ce0bb7cbc06ec7275626915195b68a4a91bc942656aec8
                                                                              • Instruction ID: 5e679049c6224a63b994e117061390db86fe92a3768702210305886aa5e3a585
                                                                              • Opcode Fuzzy Hash: faf3379d57977aaef3ce0bb7cbc06ec7275626915195b68a4a91bc942656aec8
                                                                              • Instruction Fuzzy Hash: D7313974A0130A9FDB14CF69C9A0BDA7BB5FF09305F10406AED05AB341E770A985DF90
                                                                              Function 005531EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0055327C
                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00553287
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID: Combobox
                                                                              • API String ID: 3850602802-2096851135
                                                                              • Opcode ID: 06e5fe51353b71e20533e767aa41b3cf5f60b081fb602c44eb7414927e826100
                                                                              • Instruction ID: fa0fa737fd3650371bc024970f66d527f258052f15031776886d2f21cdfce025
                                                                              • Opcode Fuzzy Hash: 06e5fe51353b71e20533e767aa41b3cf5f60b081fb602c44eb7414927e826100
                                                                              • Instruction Fuzzy Hash: 1511EF753006087FEF219E94DCA0EBB3F6AFB983A5F10412AFD18AB290D6319D559760
                                                                              Function 00553710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 004C604C
                                                                                • Part of subcall function 004C600E: GetStockObject.GDI32(00000011), ref: 004C6060
                                                                                • Part of subcall function 004C600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 004C606A
                                                                              • GetWindowRect.USER32(00000000,?), ref: 0055377A
                                                                              • GetSysColor.USER32(00000012), ref: 00553794
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                              • String ID: static
                                                                              • API String ID: 1983116058-2160076837
                                                                              • Opcode ID: bb492a88a91e3497d6db478acaef2eb1db7fbecaa8a68bdfb982d0e9b774161f
                                                                              • Instruction ID: ed86d35d3384e9f49401f3994466e5a1e6e44c905663771e0cf983e9ff98d152
                                                                              • Opcode Fuzzy Hash: bb492a88a91e3497d6db478acaef2eb1db7fbecaa8a68bdfb982d0e9b774161f
                                                                              • Instruction Fuzzy Hash: AE1159B2A1020AAFDB00DFA8CC45EEA7BB8FB08355F004915FD55E2250E734E955DB50
                                                                              Function 0053CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0053CD7D
                                                                              • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0053CDA6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Internet$OpenOption
                                                                              • String ID: <local>
                                                                              • API String ID: 942729171-4266983199
                                                                              • Opcode ID: b6eb7c4e1b6cb2ffe8b5ab5548dd6db5cc452f851b1b1d75881c412d26aa6789
                                                                              • Instruction ID: ab4481b86d44667364a3eaea27680a40e2e9eee377b630fb0c7ace0681677f93
                                                                              • Opcode Fuzzy Hash: b6eb7c4e1b6cb2ffe8b5ab5548dd6db5cc452f851b1b1d75881c412d26aa6789
                                                                              • Instruction Fuzzy Hash: 7A11C275215671BAD7384B668C49EE7BFACFF227A4F004A2AB109E7180D7709844D7F0
                                                                              Function 00553429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetWindowTextLengthW.USER32(00000000), ref: 005534AB
                                                                              • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 005534BA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: LengthMessageSendTextWindow
                                                                              • String ID: edit
                                                                              • API String ID: 2978978980-2167791130
                                                                              • Opcode ID: 62a5aa97327c0fd315dab7728bea776c54d2083cddedef40323cda02ce35bc36
                                                                              • Instruction ID: 2d355ecc8d0d92e2dcc160df8fb0bd9d21534db0cfbf5ad37f0fdc6f77563bcc
                                                                              • Opcode Fuzzy Hash: 62a5aa97327c0fd315dab7728bea776c54d2083cddedef40323cda02ce35bc36
                                                                              • Instruction Fuzzy Hash: 0F118B71100208AFEF118E649C68AAA3F6AFB143B9F504726FD69971D0C731DC99A750
                                                                              Function 00526C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                              • CharUpperBuffW.USER32(?,?,?), ref: 00526CB6
                                                                              • _wcslen.LIBCMT ref: 00526CC2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen$BuffCharUpper
                                                                              • String ID: STOP
                                                                              • API String ID: 1256254125-2411985666
                                                                              • Opcode ID: 9beb1b71f2ed5c6eea173619c9c2c98c54df5a7a8eaeeeecfd5ce02a17349862
                                                                              • Instruction ID: cedbe2268436728e21e34fbb2abc87afa68bc94a4e3d19bb185f7c879e9bb1fe
                                                                              • Opcode Fuzzy Hash: 9beb1b71f2ed5c6eea173619c9c2c98c54df5a7a8eaeeeecfd5ce02a17349862
                                                                              • Instruction Fuzzy Hash: CF01C83261053B8BCB20AFBDEC419BF7BA5FF627147500929E852A71D1EB35DD00C650
                                                                              Function 00521CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                                • Part of subcall function 00523CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00523CCA
                                                                              • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00521D4C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                              • String ID: ComboBox$ListBox
                                                                              • API String ID: 624084870-1403004172
                                                                              • Opcode ID: 9d7f5dcd705b12d359af805fa66a95dc4bfd070059d72e283665c1f3c2347f7a
                                                                              • Instruction ID: 4c238cf3b25c4b72749355300ba1361c2cd3a71cfed5dd019beec2f5d5874473
                                                                              • Opcode Fuzzy Hash: 9d7f5dcd705b12d359af805fa66a95dc4bfd070059d72e283665c1f3c2347f7a
                                                                              • Instruction Fuzzy Hash: 7101B575611624ABCB04FBA4EC55DFF7B68FF67350B04091EA832672C1EA345D088764
                                                                              Function 00521BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                                • Part of subcall function 00523CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00523CCA
                                                                              • SendMessageW.USER32(?,00000180,00000000,?), ref: 00521C46
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                              • String ID: ComboBox$ListBox
                                                                              • API String ID: 624084870-1403004172
                                                                              • Opcode ID: f7642b3a5d12cf0e8fcb96754b4bad044dfa6b301efc02a653bb0e3ffa57765a
                                                                              • Instruction ID: 8b18a5152f2cb067fda18dadb66263a53d3056833793d0fdab434f4084859670
                                                                              • Opcode Fuzzy Hash: f7642b3a5d12cf0e8fcb96754b4bad044dfa6b301efc02a653bb0e3ffa57765a
                                                                              • Instruction Fuzzy Hash: D101A7796811187ACB04FB90D959EFF7BA8AF62340F14001EA816772C1EA249F1887B9
                                                                              Function 00521C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                                • Part of subcall function 00523CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00523CCA
                                                                              • SendMessageW.USER32(?,00000182,?,00000000), ref: 00521CC8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                              • String ID: ComboBox$ListBox
                                                                              • API String ID: 624084870-1403004172
                                                                              • Opcode ID: f91f57ecde507cfebb19ec9e84d11845de31f7e48feb9f927a630754d71586c6
                                                                              • Instruction ID: fabb02de6b6e6a8e7888b4aa78e5fa4e297aca1388c9326f9341077a986edbd5
                                                                              • Opcode Fuzzy Hash: f91f57ecde507cfebb19ec9e84d11845de31f7e48feb9f927a630754d71586c6
                                                                              • Instruction Fuzzy Hash: 9A01DB7964012477CB04FB95DA16EFF7BA8BF22380F14001EB802772C1EA249F18C679
                                                                              Function 004DA4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __Init_thread_footer.LIBCMT ref: 004DA529
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Init_thread_footer_wcslen
                                                                              • String ID: ,%Y$3yQ
                                                                              • API String ID: 2551934079-486503892
                                                                              • Opcode ID: 11fdd7889b2bb3a156dbb2b867a14248c4b4e8af26dd475ee8c473f5270c78b5
                                                                              • Instruction ID: d0a3f651e63998fe5ae6861361a73dd916ad140f83eb3bc5b7ef15323fb2388e
                                                                              • Opcode Fuzzy Hash: 11fdd7889b2bb3a156dbb2b867a14248c4b4e8af26dd475ee8c473f5270c78b5
                                                                              • Instruction Fuzzy Hash: D8012631700610BBCA00F76AE83BF6D37A4AB05715F41006FF5221B3C2EE58AD458A9F
                                                                              Function 00521D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004C9CB3: _wcslen.LIBCMT ref: 004C9CBD
                                                                                • Part of subcall function 00523CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00523CCA
                                                                              • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00521DD3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                              • String ID: ComboBox$ListBox
                                                                              • API String ID: 624084870-1403004172
                                                                              • Opcode ID: 553797e2bf0845fb5f8368e676c9516283fa3807f5011d1137a8e79cb3e5e78c
                                                                              • Instruction ID: 041fb0bee159f8d5faf648fcc84ce51af457db775575f8744495bad4fded3452
                                                                              • Opcode Fuzzy Hash: 553797e2bf0845fb5f8368e676c9516283fa3807f5011d1137a8e79cb3e5e78c
                                                                              • Instruction Fuzzy Hash: 8FF0F975A50624B6C704F7A4DC55FFF7B68BF12384F04091DB822772C1EB745D088268
                                                                              Function 00558172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00593018,0059305C), ref: 005581BF
                                                                              • CloseHandle.KERNEL32 ref: 005581D1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCreateHandleProcess
                                                                              • String ID: \0Y
                                                                              • API String ID: 3712363035-1461113189
                                                                              • Opcode ID: 36123150f8d97c0e341b9789cb813aa8a678f2b75dd223ddeb05a44431784cd8
                                                                              • Instruction ID: ed2f462a66b6cec5a342ace785db83d5b95116dd8f38b21bc925d91c1c15df14
                                                                              • Opcode Fuzzy Hash: 36123150f8d97c0e341b9789cb813aa8a678f2b75dd223ddeb05a44431784cd8
                                                                              • Instruction Fuzzy Hash: 88F089B1640704FEE7106762AC5EF773E5CEB14755F010426BF08D51A1D6B98E08A7F8
                                                                              Function 0054747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: _wcslen
                                                                              • String ID: 3, 3, 16, 1
                                                                              • API String ID: 176396367-3042988571
                                                                              • Opcode ID: 743f5e0e6b3b52b4240eb050d8824848fbe7250b608f6d31f35cd1c396d73ab2
                                                                              • Instruction ID: dd0560eb92a9e4a82158027288affda6b8570a00071f59ffb9837bf04d7aa361
                                                                              • Opcode Fuzzy Hash: 743f5e0e6b3b52b4240eb050d8824848fbe7250b608f6d31f35cd1c396d73ab2
                                                                              • Instruction Fuzzy Hash: B8E02B62204360109631227B9CC59BF5F89EFCD7657101C2FF981D2267EB98CD9193F5
                                                                              Function 00520B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00520B23
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Message
                                                                              • String ID: AutoIt$Error allocating memory.
                                                                              • API String ID: 2030045667-4017498283
                                                                              • Opcode ID: c51f683cd04fafd0350ab7d97e578bcc2ce37fc8b0327ca6e37c8492560c8030
                                                                              • Instruction ID: 1fcc9a563b5cec63992778d4651143de13cb6551f571e60adb7b67d65efa11ea
                                                                              • Opcode Fuzzy Hash: c51f683cd04fafd0350ab7d97e578bcc2ce37fc8b0327ca6e37c8492560c8030
                                                                              • Instruction Fuzzy Hash: 52E0D8312453182ED22036967C13F8D7FC4DF09F56F10042FFB59655C38AD5285446AD
                                                                              Function 004E0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004DF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,004E0D71,?,?,?,004C100A), ref: 004DF7CE
                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,004C100A), ref: 004E0D75
                                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,004C100A), ref: 004E0D84
                                                                              Strings
                                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 004E0D7F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                              • API String ID: 55579361-631824599
                                                                              • Opcode ID: 2355da33c47592f6dbc642bdf446b14f3c1e7b2c790e2a0ae01b6d16f529240f
                                                                              • Instruction ID: fd7385edddccc9e84ba53ebed7dfe854aecf0b85d8285b5d74f1b00182c88abc
                                                                              • Opcode Fuzzy Hash: 2355da33c47592f6dbc642bdf446b14f3c1e7b2c790e2a0ae01b6d16f529240f
                                                                              • Instruction Fuzzy Hash: 78E06D742007518FD3709FBAE814B467FE4BB1074AF00892FE892C6651DBF8E4888BA5
                                                                              Function 004DE398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __Init_thread_footer.LIBCMT ref: 004DE3D5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Init_thread_footer
                                                                              • String ID: 0%Y$8%Y
                                                                              • API String ID: 1385522511-2818701029
                                                                              • Opcode ID: 9c86d7f8aa1d9cb9b1f8ddfbb3bd8cd9047a940762c09a1462ced5809a3eba4e
                                                                              • Instruction ID: 7f3b14cb09fd299c7ba50ba0dd01f882ead6136bf3ad835608c5dd72181b7588
                                                                              • Opcode Fuzzy Hash: 9c86d7f8aa1d9cb9b1f8ddfbb3bd8cd9047a940762c09a1462ced5809a3eba4e
                                                                              • Instruction Fuzzy Hash: 28E02631401910EBCA04B71BF874AAC3391FB14324F1301ABE9128F3D19B7C6881A68D
                                                                              Function 00533017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0053302F
                                                                              • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00533044
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Temp$FileNamePath
                                                                              • String ID: aut
                                                                              • API String ID: 3285503233-3010740371
                                                                              • Opcode ID: 9018863bf6d40abf0ee268d27aa7189cac40cacaa39bd2a41fa99b75248371e7
                                                                              • Instruction ID: 0647a19c7b0b420b49f2abb6842f1464a828811a64a0dbd762a13fa7c299f87f
                                                                              • Opcode Fuzzy Hash: 9018863bf6d40abf0ee268d27aa7189cac40cacaa39bd2a41fa99b75248371e7
                                                                              • Instruction Fuzzy Hash: 8BD05B755003146BDB20A7949C4EFC73E6CD704751F0001917695E2091DAB09544CBD0
                                                                              Function 0051D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: LocalTime
                                                                              • String ID: %.3d$X64
                                                                              • API String ID: 481472006-1077770165
                                                                              • Opcode ID: 1ba5a0b9e80a16cf90173f201083e997bb0b7dde36a8be25a0c64cbed0120f2f
                                                                              • Instruction ID: ded895d2a8b5a35b091103f5c011e1ccb28da27667f318d338a971bed115a9ec
                                                                              • Opcode Fuzzy Hash: 1ba5a0b9e80a16cf90173f201083e997bb0b7dde36a8be25a0c64cbed0120f2f
                                                                              • Instruction Fuzzy Hash: 36D01269C08218EADF90A6D0CC559F9BB7CFB19301F608853F836A1040D638D588A772
                                                                              Function 00552356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0055236C
                                                                              • PostMessageW.USER32(00000000), ref: 00552373
                                                                                • Part of subcall function 0052E97B: Sleep.KERNEL32 ref: 0052E9F3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: FindMessagePostSleepWindow
                                                                              • String ID: Shell_TrayWnd
                                                                              • API String ID: 529655941-2988720461
                                                                              • Opcode ID: bf35f40d804dc96cae8da61682f5784768ab8750818270c920376b867f22fc89
                                                                              • Instruction ID: 7f8d3caf01dd36243ad8552963c71fcc555d9b1be46d7212175df1ea11c3a1e0
                                                                              • Opcode Fuzzy Hash: bf35f40d804dc96cae8da61682f5784768ab8750818270c920376b867f22fc89
                                                                              • Instruction Fuzzy Hash: 87D0C9723813107AE664B770AC2FFC66E14AB55B11F4049167645EA1D0D9A0A8458A54
                                                                              Function 00552322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0055232C
                                                                              • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0055233F
                                                                                • Part of subcall function 0052E97B: Sleep.KERNEL32 ref: 0052E9F3
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: FindMessagePostSleepWindow
                                                                              • String ID: Shell_TrayWnd
                                                                              • API String ID: 529655941-2988720461
                                                                              • Opcode ID: 24319bbcc0964fe6a7ec2065c01f36fa79cfdd9201a68c0978af3e6a931df3b3
                                                                              • Instruction ID: 234ac360f17520efb1578817b45cdb8ff110d1019a65a8ff849a064d32562186
                                                                              • Opcode Fuzzy Hash: 24319bbcc0964fe6a7ec2065c01f36fa79cfdd9201a68c0978af3e6a931df3b3
                                                                              • Instruction Fuzzy Hash: 04D0C976394310BAE664B770AC2FFC66E14AB51B11F0049167645AA1D0D9A0A8458A54
                                                                              Function 004FBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 004FBE93
                                                                              • GetLastError.KERNEL32 ref: 004FBEA1
                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004FBEFC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2018283686.00000000004C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004C0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2018268574.00000000004C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.000000000055C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018335601.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018376194.000000000058C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2018391322.0000000000594000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_4c0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 1717984340-0
                                                                              • Opcode ID: 5d2f569dff6ef2f28431f99fdaa7d101c82dcfd7b0132fb8d16acf06058d2272
                                                                              • Instruction ID: b891140b73050a591108ae16846c25968472a1d123d3154321c690d17706b5ac
                                                                              • Opcode Fuzzy Hash: 5d2f569dff6ef2f28431f99fdaa7d101c82dcfd7b0132fb8d16acf06058d2272
                                                                              • Instruction Fuzzy Hash: 6B41D73460020AAFCF218F65CC54ABB7BA5EF43310F15416AFA59972A1DB358D01DBA9