Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1498319
MD5:a073a6e8e7c3ad781692b1605f258fd1
SHA1:fcf2a781f0161fee17d557329e8817d6f6038749
SHA256:f01a9a5bf10d65ce8fab82786c9d972c441037392fdef2b0cb12609033454316
Tags:exe
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Maps a DLL or memory area into another process
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7352 cmdline: "C:\Users\user\Desktop\file.exe" MD5: A073A6E8E7C3AD781692B1605F258FD1)
    • msedge.exe (PID: 7388 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 7700 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2076,i,17669347106605234999,9910388337433710884,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 7408 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7576 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7612 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8808 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2264 -parentBuildID 20230927232528 -prefsHandle 2196 -prefMapHandle 2188 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e11ac20-5cb0-448c-aa87-ee7ce181ca52} 7612 "\\.\pipe\gecko-crash-server-pipe.7612" 2c88596ef10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7500 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4232 -parentBuildID 20230927232528 -prefsHandle 4224 -prefMapHandle 4220 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6289b82-366a-4274-8261-e0b21f364452} 7612 "\\.\pipe\gecko-crash-server-pipe.7612" 2c89790c510 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 7732 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8168 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8732 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6412 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8768 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6644 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • identity_helper.exe (PID: 8984 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • identity_helper.exe (PID: 8912 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • msedge.exe (PID: 7300 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6704 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 9548 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9764 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2036,i,5757746019126546193,13556498926841986703,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 10132 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8572 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2068,i,6384063103562577227,12944840705359721373,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49800 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.4:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49818 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49819 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49821 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0081DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008268EE FindFirstFileW,FindClose,0_2_008268EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0082698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0081D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0081D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00829642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00829642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0082979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00829B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00829B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00825C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00825C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 96MB
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewIP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.14
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.14
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.14
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.14
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.14
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.14
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.36
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.36
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.36
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0082CE44
Source: global trafficHTTP traffic detected: GET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=y9Rw3h3GTccr6XW&MD=FvrnXA78 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725059462&P2=404&P3=2&P4=WU3JEXLWB4VqS5mS6%2bD%2fzcy%2bCleU2PlRBEk0d0Mc7FBvOPnGLoGuwCA%2fs2sUqZKoYsZHTPAcx9IZHRsozz9OkQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: kIl/qufiou9+44FtzgvkuFSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=y9Rw3h3GTccr6XW&MD=FvrnXA78 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000005.00000003.2063661484.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2063661484.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.1828502805.000002C8939DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2352746427.000002C8939DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1870934294.000002C8939DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2360928689.000002C8977F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2063661484.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000005.00000003.2063661484.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000005.00000003.2360928689.000002C8977F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2133832684.000002C8977A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2360928689.000002C8977A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: firefox.exe, 00000005.00000003.1828306869.000002C8954A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000005.00000003.2061393222.000002C895F73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827278277.000002C895F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000005.00000003.2061393222.000002C895F73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827278277.000002C895F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000005.00000003.2063631227.000002C89287A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000005.00000003.2061935358.000002C8959BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000005.00000003.2061935358.000002C8959BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2061935358.000002C8959BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2061935358.000002C8959BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2061935358.000002C8959BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2061935358.000002C8959BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2061935358.000002C8959BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000005.00000003.2061935358.000002C8959BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000005.00000003.2061935358.000002C8959BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2062911482.000002C893935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2061935358.000002C8959BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134862522.000002C893935000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2061935358.000002C8959BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871200089.000002C8939AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000005.00000003.2061393222.000002C895F73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827278277.000002C895F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000005.00000003.2061393222.000002C895F73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827278277.000002C895F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000005.00000003.2061393222.000002C895F73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827278277.000002C895F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000005.00000003.2061393222.000002C895F73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827278277.000002C895F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000005.00000003.2061393222.000002C895F73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827278277.000002C895F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000005.00000003.2062992272.000002C892886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000005.00000003.2062284351.000002C8939DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000005.00000003.2062284351.000002C8939DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000005.00000003.2135211927.000002C8911BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000005.00000003.2062992272.000002C892886000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000005.00000003.1874581334.000002C89108E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135295593.000002C89108A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C89108A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000005.00000003.1875935063.000002C891081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C891081000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000005.00000003.1874581334.000002C89108E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135295593.000002C89108A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C89108A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000005.00000003.1875935063.000002C891081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C891081000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000005.00000003.1874581334.000002C89108E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135295593.000002C89108A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C89108A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000005.00000003.1823847886.000002C898D19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1867444583.000002C895AD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1810889054.000002C897B68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2346262699.000002C897AA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828502805.000002C8939DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743635531.000002C895AFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2060164504.000002C897AA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1822972258.000002C898D9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1824381921.000002C898C22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2398841555.000002C895AFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1787627736.000002C897BD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743635531.000002C895AED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827939655.000002C895BCD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816851220.000002C895AFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823568183.000002C898D70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1813062247.000002C892DF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816851220.000002C895AED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828379152.000002C89545E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1869048570.000002C8981A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2398841555.000002C895AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823659024.000002C898D52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000005.00000003.2061393222.000002C895F73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827278277.000002C895F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000005.00000003.2061393222.000002C895F73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827278277.000002C895F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871200089.000002C8939AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871200089.000002C8939AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000005.00000003.2421540411.000002C897358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: firefox.exe, 00000005.00000003.2347664054.000002C892935000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350534897.000002C892935000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2346056009.000002C892935000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2346166681.000002C892935000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2347484944.000002C892935000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2347388502.000002C892932000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: firefox.exe, 00000005.00000003.2350534897.000002C892935000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com(
Source: firefox.exe, 00000005.00000003.2347452975.000002C892956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 00000005.00000003.2365597866.000002C892933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
Source: firefox.exe, 00000005.00000003.2346056009.000002C892935000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersDy
Source: firefox.exe, 00000005.00000003.2346056009.000002C892935000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersPw
Source: firefox.exe, 00000005.00000003.2350633666.000002C892953000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350664084.000002C892955000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350504090.000002C892953000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350563359.000002C892953000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350593092.000002C892955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designerspu
Source: firefox.exe, 00000005.00000003.2346056009.000002C892935000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2346166681.000002C892935000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designerss
Source: firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871200089.000002C8939AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000005.00000003.2444319880.000002C892929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: firefox.exe, 00000005.00000003.2444319880.000002C892929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/F
Source: firefox.exe, 00000005.00000003.2444319880.000002C892929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/H
Source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000005.00000003.2031276279.000002C89691B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000005.00000003.1810805248.000002C897B75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2061159290.000002C896224000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1870934294.000002C8939E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1810558900.000002C897BA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2352746427.000002C8939DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828502805.000002C8939E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828146620.000002C895940000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827103428.000002C89621F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2352712469.000002C895B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871264619.000002C89288D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828077730.000002C895B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2061771921.000002C895B46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89288D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2062284351.000002C8939DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1870550456.000002C895940000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2062992272.000002C89288D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2061935358.000002C895940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000005.00000003.1810558900.000002C897BA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulP
Source: firefox.exe, 00000005.00000003.2347081411.000002C892935000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2347018100.000002C892935000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: firefox.exe, 00000005.00000003.2421540411.000002C897358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: firefox.exe, 00000005.00000003.2362108751.000002C892932000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2361944176.000002C892932000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.typography.net
Source: firefox.exe, 00000005.00000003.2421540411.000002C897358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: firefox.exe, 00000011.00000002.2932628170.00000216E63FC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.1772618865.00000216E63FC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.1768045083.00000216E63FC000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.5.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000005.00000003.2061393222.000002C895F73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827278277.000002C895F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000005.00000003.2061393222.000002C895F73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827278277.000002C895F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000005.00000003.1728514445.000002C89302C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728645832.000002C893041000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728222810.000002C895400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728915276.000002C89306C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728352926.000002C893017000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1729730767.000002C893081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728764185.000002C893057000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000005.00000003.1822972258.000002C898DF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000005.00000003.1869968393.000002C897BC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1810558900.000002C897BC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1825414449.000002C897BC5000.00000004.00000800.00020000.00000000.sdmp, cfc841a0-289d-4016-8b33-c9b4fbfd21c8.tmp.8.dr, Session_13368928258530564.7.drString found in binary or memory: https://accounts.google.com
Source: 000003.log2.7.dr, Session_13368928258530564.7.drString found in binary or memory: https://accounts.google.com/
Source: History.7.dr, Favicons.7.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: History.7.dr, Favicons.7.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13368928258530564.7.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: file.exe, 00000000.00000002.1667056595.0000000001108000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1667056595.0000000001140000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1667056595.000000000115E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1666575692.0000000001140000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1666575692.000000000115E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000002.1670204414.00000289CF972000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1669323385.00000289CF96D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000C.00000002.2927183210.000002AD2BB8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_CT
Source: History.7.dr, Favicons.7.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2062284351.000002C8939DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000005.00000003.2133832684.000002C8977A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2360928689.000002C8977A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000005.00000003.2062911482.000002C893935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134862522.000002C893935000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000005.00000003.2062911482.000002C893935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134862522.000002C893935000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: firefox.exe, 00000005.00000003.2033070353.000002C8919D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2352809595.000002C8919D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2063858410.000002C8919D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135072429.000002C8919D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377231656.000002C8919D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://bard.google.com/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000005.00000003.2063661484.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1874581334.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135295593.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928737982.000002AD2BFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2927644555.00000216E59CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: firefox.exe, 00000005.00000003.2063661484.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1874581334.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135295593.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928737982.000002AD2BFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2927644555.00000216E59CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: firefox.exe, 00000005.00000003.1872137065.000002C892861000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: Reporting and NEL.7.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Network Persistent State0.7.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json0.7.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.7.drString found in binary or memory: https://chromewebstore.google.com/
Source: cfc841a0-289d-4016-8b33-c9b4fbfd21c8.tmp.8.drString found in binary or memory: https://clients2.google.com
Source: manifest.json.7.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: cfc841a0-289d-4016-8b33-c9b4fbfd21c8.tmp.8.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000005.00000003.1728514445.000002C89302C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728645832.000002C893041000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728222810.000002C895400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728915276.000002C89306C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728352926.000002C893017000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1729730767.000002C893081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728764185.000002C893057000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000005.00000003.2063661484.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1874581334.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135295593.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928737982.000002AD2BFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2927644555.00000216E59CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: firefox.exe, 00000005.00000003.2063661484.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1874581334.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135295593.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928737982.000002AD2BFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2927644555.00000216E59CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000005.00000003.2377527526.000002C8911BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872957363.000002C8911BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135211927.000002C8911BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json.7.drString found in binary or memory: https://docs.google.com/
Source: firefox.exe, 00000005.00000003.2350243742.000002C892955000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2364976118.000002C892953000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350212115.000002C892953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.mic
Source: firefox.exe, 00000005.00000003.2350243742.000002C892955000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350212115.000002C892953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.micL
Source: firefox.exe, 00000005.00000003.2362801924.000002C892952000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2362590585.000002C892952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.microso
Source: firefox.exe, 00000005.00000003.2350243742.000002C892955000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350633666.000002C892953000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2357098698.000002C892958000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350408340.000002C892953000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350664084.000002C892955000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350151069.000002C892955000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2357410130.000002C892959000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350311311.000002C892953000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350465811.000002C892955000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350504090.000002C892953000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350563359.000002C892953000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350593092.000002C892955000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350092424.000002C892953000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2350212115.000002C892953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.microsoft.c
Source: firefox.exe, 00000005.00000003.2364976118.000002C892953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.microsot
Source: manifest.json.7.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000005.00000003.1728514445.000002C89302C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1787724417.000002C896ADE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728645832.000002C893041000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728222810.000002C895400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2060601302.000002C896ADE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728915276.000002C89306C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728352926.000002C893017000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1774788883.000002C896ADE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1729730767.000002C893081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728764185.000002C893057000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000005.00000003.1819879721.000002C893C39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871118920.000002C8939BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1731228932.000002C893C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1814430551.000002C893C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871200089.000002C8939AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871200089.000002C8939AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 000003.log.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log0.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.7.dr, 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: HubApps Icons.7.dr, 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.7.dr, 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: HubApps Icons.7.dr, 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.7.dr, 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.7.dr, 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.7.dr, 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: firefox.exe, 00000005.00000003.1819879721.000002C893C39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871118920.000002C8939BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1731228932.000002C893C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1814430551.000002C893C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000005.00000003.2377598396.000002C8910D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135295593.000002C8910D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2352992514.000002C89198E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377231656.000002C8919D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: cfc841a0-289d-4016-8b33-c9b4fbfd21c8.tmp.8.drString found in binary or memory: https://fonts.gstatic.com
Source: firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://gaana.com/
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000005.00000003.1728514445.000002C89302C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728645832.000002C893041000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728222810.000002C895400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728915276.000002C89306C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728352926.000002C893017000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728764185.000002C893057000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000005.00000003.1825414449.000002C897BC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: prefs-1.js.5.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000005.00000003.1873141481.000002C8911B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000005.00000003.2358258449.000002C8998AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/18f3eda7-459f-45f3-9ed6-d8d3e8279e0d/health/
Source: firefox.exe, 00000005.00000003.2358258449.000002C8998AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/45e26519-596d-41a5-b290-e547b44111fd/health/
Source: firefox.exe, 00000005.00000003.2358258449.000002C8998AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/6fc53411-ad83-4cf6-a5f6-905f0f3f52e8/health/
Source: firefox.exe, 00000005.00000003.2358258449.000002C8998AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/7278f154-e8f4-4235-84c5-c5c1c6af0084/main/Fi
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: firefox.exe, 00000005.00000003.2352992514.000002C89198E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2352992514.000002C89198E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377231656.000002C8919D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000005.00000003.1822972258.000002C898DF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000005.00000003.1768651898.000002C8981B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1822972258.000002C898DF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://m.kugou.com/
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://m.soundcloud.com/
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://m.vk.com/
Source: firefox.exe, 00000005.00000003.1819879721.000002C893C39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871118920.000002C8939BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1731228932.000002C893C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1814430551.000002C893C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: firefox.exe, 00000005.00000003.1819879721.000002C893C39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871118920.000002C8939BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1731228932.000002C893C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1814430551.000002C893C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871200089.000002C8939AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000005.00000003.1819879721.000002C893C39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871118920.000002C8939BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1731228932.000002C893C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1814430551.000002C893C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871200089.000002C8939AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: firefox.exe, 0000000C.00000002.2928737982.000002AD2BF72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2927644555.00000216E5992000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2062284351.000002C8939DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://music.amazon.com
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://music.apple.com
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://music.yandex.com
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://open.spotify.com
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: firefox.exe, 00000005.00000003.1819879721.000002C893C39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871118920.000002C8939BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1731228932.000002C893C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1814430551.000002C893C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: cfc841a0-289d-4016-8b33-c9b4fbfd21c8.tmp.8.drString found in binary or memory: https://play.google.com
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000005.00000003.1819879721.000002C893C39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871118920.000002C8939BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1731228932.000002C893C33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1814430551.000002C893C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871200089.000002C8939AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000005.00000003.1829471513.000002C893987000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000005.00000003.2063631227.000002C89287A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2061935358.000002C895931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000005.00000003.2063631227.000002C89287A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000005.00000003.2063690250.000002C892837000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000005.00000003.2063690250.000002C892837000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000005.00000003.2063690250.000002C892837000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000005.00000003.2063690250.000002C892837000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000005.00000003.2063690250.000002C892837000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2062911482.000002C893935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134862522.000002C893935000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000005.00000003.2063690250.000002C892837000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2062284351.000002C8939DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000005.00000003.1728764185.000002C893057000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000005.00000003.1827103428.000002C89621F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2061130210.000002C89623A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829180379.000002C89623A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000005.00000003.1827103428.000002C89621F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2061130210.000002C89623A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829180379.000002C89623A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000005.00000003.2133832684.000002C8977A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2360928689.000002C8977A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2062284351.000002C8939DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000005.00000003.2059834184.000002C897DA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1825129902.000002C897D9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828928416.000002C897D9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000005.00000003.2352809595.000002C8919D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823437277.000002C898D7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2062911482.000002C893935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2063858410.000002C8919D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135072429.000002C8919D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2134862522.000002C893935000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377231656.000002C8919D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://tidal.com/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2062284351.000002C8939DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000005.00000003.2063661484.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828502805.000002C8939DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2352746427.000002C8939DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1870934294.000002C8939DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2062284351.000002C8939DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmp, 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://vibe.naver.com/today
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://web.telegram.org/
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://web.whatsapp.com
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.2063661484.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1874581334.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135295593.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928737982.000002AD2BFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2927644555.00000216E59CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 00000005.00000003.1728514445.000002C89302C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827103428.000002C89621F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728645832.000002C893041000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728222810.000002C895400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728915276.000002C89306C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728352926.000002C893017000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1729730767.000002C893081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2061130210.000002C89623A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829180379.000002C89623A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728764185.000002C893057000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000005.00000003.1872137065.000002C892861000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.deezer.com/
Source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000005.00000003.2063661484.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1874581334.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135295593.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928737982.000002AD2BFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2927644555.00000216E59CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: cfc841a0-289d-4016-8b33-c9b4fbfd21c8.tmp.8.drString found in binary or memory: https://www.google.com
Source: content_new.js.7.dr, content.js.7.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000005.00000003.1728514445.000002C89302C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728645832.000002C893041000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728222810.000002C895400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728915276.000002C89306C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728352926.000002C893017000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1729730767.000002C893081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728764185.000002C893057000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: Web Data.7.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000005.00000003.1728514445.000002C89302C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827103428.000002C89621F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728645832.000002C893041000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728222810.000002C895400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728915276.000002C89306C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728352926.000002C893017000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1729730767.000002C893081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2061130210.000002C89623A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829180379.000002C89623A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728764185.000002C893057000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: cfc841a0-289d-4016-8b33-c9b4fbfd21c8.tmp.8.drString found in binary or memory: https://www.googleapis.com
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: cfc841a0-289d-4016-8b33-c9b4fbfd21c8.tmp.8.drString found in binary or memory: https://www.gstatic.com
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.iheart.com/podcast/
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.instagram.com
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.last.fm/
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.messenger.com
Source: firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 0000000C.00000002.2928737982.000002AD2BFCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2927644555.00000216E59CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000005.00000003.1828379152.000002C895494000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1822972258.000002C898DF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.office.com
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/Office
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: firefox.exe, 00000005.00000003.2377527526.000002C8911BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872957363.000002C8911BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135211927.000002C8911BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000005.00000003.2063661484.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828502805.000002C8939DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2352746427.000002C8939DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1870934294.000002C8939DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2062284351.000002C8939DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.tiktok.com/
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: 92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49800 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.120:443 -> 192.168.2.4:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49818 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49819 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49821 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0082EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0082ED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0082EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0081AA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00849576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00849576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_946dc21a-7
Source: file.exe, 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_913a9c11-b
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_104b247a-6
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_dbc1a015-e
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000216E5A221F2 NtQuerySystemInformation,17_2_00000216E5A221F2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000216E5A2AAF7 NtQuerySystemInformation,17_2_00000216E5A2AAF7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0081D5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00811201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00811201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0081E8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B80600_2_007B8060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008220460_2_00822046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008182980_2_00818298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007EE4FF0_2_007EE4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E676B0_2_007E676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008448730_2_00844873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007BCAF00_2_007BCAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007DCAA00_2_007DCAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CCC390_2_007CCC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E6DD90_2_007E6DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CB1190_2_007CB119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B91C00_2_007B91C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D13940_2_007D1394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D17060_2_007D1706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D781B0_2_007D781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C997D0_2_007C997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B79200_2_007B7920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D19B00_2_007D19B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D7A4A0_2_007D7A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D1C770_2_007D1C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D7CA70_2_007D7CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E9EEE0_2_007E9EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0083BE440_2_0083BE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D1F320_2_007D1F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000216E5A221F217_2_00000216E5A221F2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000216E5A2291C17_2_00000216E5A2291C
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000216E5A2223217_2_00000216E5A22232
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000216E5A2AAF717_2_00000216E5A2AAF7
Source: C:\Users\user\Desktop\file.exeCode function: String function: 007CF9F2 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 007D0A30 appears 46 times
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal60.evad.winEXE@72/337@29/21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008237B5 GetLastError,FormatMessageW,0_2_008237B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008110BF AdjustTokenPrivileges,CloseHandle,0_2_008110BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008116C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_008116C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008251CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_008251CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_0081D4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0082648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_007B42A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66C916FE-1CDC.pmaJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Login Data.7.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2076,i,17669347106605234999,9910388337433710884,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6412 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6644 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2264 -parentBuildID 20230927232528 -prefsHandle 2196 -prefMapHandle 2188 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e11ac20-5cb0-448c-aa87-ee7ce181ca52} 7612 "\\.\pipe\gecko-crash-server-pipe.7612" 2c88596ef10 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4232 -parentBuildID 20230927232528 -prefsHandle 4224 -prefMapHandle 4220 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6289b82-366a-4274-8261-e0b21f364452} 7612 "\\.\pipe\gecko-crash-server-pipe.7612" 2c89790c510 rdd
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2036,i,5757746019126546193,13556498926841986703,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2068,i,6384063103562577227,12944840705359721373,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6704 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2076,i,17669347106605234999,9910388337433710884,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2264 -parentBuildID 20230927232528 -prefsHandle 2196 -prefMapHandle 2188 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e11ac20-5cb0-448c-aa87-ee7ce181ca52} 7612 "\\.\pipe\gecko-crash-server-pipe.7612" 2c88596ef10 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4232 -parentBuildID 20230927232528 -prefsHandle 4224 -prefMapHandle 4220 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6289b82-366a-4274-8261-e0b21f364452} 7612 "\\.\pipe\gecko-crash-server-pipe.7612" 2c89790c510 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6704 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6412 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6644 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6704 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2036,i,5757746019126546193,13556498926841986703,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2068,i,6384063103562577227,12944840705359721373,262144 /prefetch:3
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007B42DE
Source: gmpopenh264.dll.tmp.5.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D0A76 push ecx; ret 0_2_007D0A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_007CF98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00841C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00841C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95006
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000216E5A221F2 rdtsc 17_2_00000216E5A221F2
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.3 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0081DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008268EE FindFirstFileW,FindClose,0_2_008268EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0082698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0081D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0081D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00829642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00829642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0082979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00829B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00829B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00825C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00825C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007B42DE
Source: firefox.exe, 00000011.00000002.2931179178.00000216E5F20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll[
Source: firefox.exe, 0000000C.00000002.2932384946.000002AD2C118000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWR
Source: firefox.exe, 0000000C.00000002.2927183210.000002AD2BB8A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2932384946.000002AD2C118000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2931179178.00000216E5F20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000005.00000003.2377527526.000002C8911BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872957363.000002C8911BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135211927.000002C8911BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2931590315.000002AD2C012000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 0000000C.00000002.2932384946.000002AD2C118000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(
Source: firefox.exe, 00000011.00000002.2926539364.00000216E563A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@2
Source: firefox.exe, 0000000C.00000002.2932384946.000002AD2C118000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW}9.-
Source: firefox.exe, 00000011.00000002.2931179178.00000216E5F20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllb
Source: firefox.exe, 0000000C.00000002.2927183210.000002AD2BB8A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2931179178.00000216E5F20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000216E5A221F2 rdtsc 17_2_00000216E5A221F2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082EAA2 BlockInput,0_2_0082EAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007E2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007B42DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D4CE8 mov eax, dword ptr fs:[00000030h]0_2_007D4CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00810B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00810B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007E2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007D083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D09D5 SetUnhandledExceptionFilter,0_2_007D09D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_007D0C21

HIPS / PFW / Operating System Protection Evasion

barindex
Maps a DLL or memory area into another process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonlyJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00811201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00811201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007F2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_007F2BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081B226 SendInput,keybd_event,0_2_0081B226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008322DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_008322DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00810B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00810B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00811663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00811663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D0698 cpuid 0_2_007D0698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00828195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00828195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0080D27A GetUserNameW,0_2_0080D27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007EBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_007EBB6F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007B42DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00831204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00831204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00831806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00831806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron112
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1498319 Sample: file.exe Startdate: 24/08/2024 Architecture: WINDOWS Score: 60 48 telemetry-incoming.r53-2.services.mozilla.com 2->48 50 sni1gl.wpc.nucdn.net 2->50 52 13 other IPs or domains 2->52 70 Binary is likely a compiled AutoIt script file 2->70 72 Machine Learning detection for sample 2->72 74 AI detected suspicious sample 2->74 8 file.exe 1 2->8         started        11 msedge.exe 150 527 2->11         started        14 firefox.exe 1 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 76 Binary is likely a compiled AutoIt script file 8->76 78 Found API chain indicative of sandbox detection 8->78 18 msedge.exe 16 8->18         started        20 firefox.exe 1 8->20         started        66 192.168.2.4, 138, 443, 49457 unknown unknown 11->66 68 239.255.255.250 unknown Reserved 11->68 80 Maps a DLL or memory area into another process 11->80 22 msedge.exe 11->22         started        25 msedge.exe 11->25         started        27 msedge.exe 11->27         started        36 3 other processes 11->36 29 firefox.exe 3 94 14->29         started        32 msedge.exe 16->32         started        34 msedge.exe 16->34         started        signatures6 process7 dnsIp8 38 msedge.exe 18->38         started        54 13.107.246.40, 443, 49773, 49774 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->54 56 s-part-0032.t-0009.t-msedge.net 13.107.246.60, 443, 49761, 49762 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->56 62 15 other IPs or domains 22->62 58 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49769, 49772, 49803 GOOGLEUS United States 29->58 60 telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123, 443, 49815, 49816 GOOGLEUS United States 29->60 64 5 other IPs or domains 29->64 44 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 29->44 dropped 46 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 29->46 dropped 40 firefox.exe 29->40         started        42 firefox.exe 29->42         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e40%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
http://detectportal.firefox.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
http://www.mozilla.com00%URL Reputationsafe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
http://www.fontbureau.com/designers0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
https://spocs.getpocket.com/spocs0%URL Reputationsafe
https://screenshots.firefox.com0%URL Reputationsafe
https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
https://monitor.firefox.com/breach-details/0%URL Reputationsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
https://profiler.firefox.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
http://exslt.org/sets0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
https://api.accounts.firefox.com/v10%URL Reputationsafe
http://exslt.org/common0%URL Reputationsafe
https://drive-daily-2.corp.google.com/0%URL Reputationsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%URL Reputationsafe
https://fpn.firefox.com0%URL Reputationsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
http://exslt.org/dates-and-times0%URL Reputationsafe
https://drive-daily-1.corp.google.com/0%URL Reputationsafe
https://drive-daily-5.corp.google.com/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
https://bugzilla.mo0%URL Reputationsafe
https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
https://chromewebstore.google.com/0%URL Reputationsafe
https://drive-preprod.corp.google.com/0%URL Reputationsafe
https://spocs.getpocket.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
https://monitor.firefox.com/about0%URL Reputationsafe
https://account.bellmedia.c0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%Avira URL Cloudsafe
https://www.openh264.org/0%URL Reputationsafe
https://login.microsoftonline.com0%URL Reputationsafe
https://coverage.mozilla.org0%URL Reputationsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
https://docs.google.com/0%Avira URL Cloudsafe
http://x1.c.lencr.org/00%URL Reputationsafe
http://x1.i.lencr.org/00%URL Reputationsafe
https://www.youtube.com0%Avira URL Cloudsafe
https://blocked.cdn.mozilla.net/0%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored0%URL Reputationsafe
https://www.instagram.com0%Avira URL Cloudsafe
https://www.msn.com0%Avira URL Cloudsafe
https://profiler.firefox.com0%URL Reputationsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%Avira URL Cloudsafe
https://outlook.office.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://i.y.qq.com/n2/m/index.html0%Avira URL Cloudsafe
https://www.deezer.com/0%Avira URL Cloudsafe
https://web.telegram.org/0%Avira URL Cloudsafe
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/H0%Avira URL Cloudsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/F0%Avira URL Cloudsafe
https://www.youtube.com/0%Avira URL Cloudsafe
https://excel.new?from=EdgeM365Shoreline0%Avira URL Cloudsafe
https://amazon.com0%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r0%Avira URL Cloudsafe
https://chrome.google.com/webstore/0%Avira URL Cloudsafe
https://bard.google.com/0%Avira URL Cloudsafe
https://www.office.com0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%Avira URL Cloudsafe
https://outlook.live.com/mail/0/0%Avira URL Cloudsafe
https://play.google.com0%Avira URL Cloudsafe
http://www.inbox.lv/rfc2368/?value=%su0%Avira URL Cloudsafe
http://mozilla.org/MPL/2.0/.0%Avira URL Cloudsafe
https://tidal.com/0%Avira URL Cloudsafe
https://gaana.com/0%Avira URL Cloudsafe
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi0%Avira URL Cloudsafe
https://outlook.live.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalse
    		unknown
    prod.classify-client.prod.webservices.mozgcp.net
    		35.190.72.216
    		truefalse
      		unknown
      chrome.cloudflare-dns.com
      		172.64.41.3
      		truefalse
        		unknown
        prod.balrog.prod.cloudops.mozgcp.net
        		35.244.181.201
        		truefalse
          		unknown
          prod.detectportal.prod.cloudops.mozgcp.net
          		34.107.221.82
          		truefalse
            		unknown
            services.addons.mozilla.org
            		52.222.236.120
            		truefalse
              		unknown
              ipv4only.arpa
              		192.0.0.170
              		truefalse
                		unknown
                prod.remote-settings.prod.webservices.mozgcp.net
                		34.149.100.209
                		truefalse
                  		unknown
                  googlehosted.l.googleusercontent.com
                  		142.250.186.33
                  		truefalse
                    		unknown
                    sni1gl.wpc.nucdn.net
                    		152.199.21.175
                    		truefalse
                      		unknown
                      s-part-0032.t-0009.t-msedge.net
                      		13.107.246.60
                      		truefalse
                        		unknown
                        telemetry-incoming.r53-2.services.mozilla.com
                        		34.120.208.123
                        		truefalse
                          		unknown
                          detectportal.firefox.com
                          		unknown
                          		unknownfalse
                            		unknown
                            clients2.googleusercontent.com
                            		unknown
                            		unknownfalse
                              		unknown
                              bzib.nelreports.net
                              		unknown
                              		unknownfalse
                                		unknown
                                firefox.settings.services.mozilla.com
                                		unknown
                                		unknownfalse
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://www.google.com/favicon.icofalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bzib.nelreports.net/api/report?cat=bingbusinessfalse
                                  • URL Reputation: safe
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://duckduckgo.com/chrome_newtabWeb Data.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://duckduckgo.com/ac/?q=Web Data.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://detectportal.firefox.com/firefox.exe, 00000005.00000003.2062284351.000002C8939DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.mozilla.com0firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 00000005.00000003.2063661484.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1874581334.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135295593.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928737982.000002AD2BFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2927644555.00000216E59CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000C.00000002.2928737982.000002AD2BF72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2927644555.00000216E5992000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fontbureau.com/designersfirefox.exe, 00000005.00000003.2347452975.000002C892956000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://spocs.getpocket.com/spocsfirefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://docs.google.com/manifest.json.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://screenshots.firefox.comfirefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2062284351.000002C8939DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.youtube.com92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://completion.amazon.com/search/complete?q=firefox.exe, 00000005.00000003.1728514445.000002C89302C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728645832.000002C893041000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728222810.000002C895400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728915276.000002C89306C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728352926.000002C893017000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1729730767.000002C893081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728764185.000002C893057000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000005.00000003.2133832684.000002C8977A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2360928689.000002C8977A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.instagram.com92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://monitor.firefox.com/breach-details/firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000005.00000003.1728514445.000002C89302C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827103428.000002C89621F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728645832.000002C893041000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728222810.000002C895400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728915276.000002C89306C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728352926.000002C893017000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1729730767.000002C893081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2061130210.000002C89623A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829180379.000002C89623A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728764185.000002C893057000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://profiler.firefox.com/firefox.exe, 00000005.00000003.1829471513.000002C893987000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.msn.comfirefox.exe, 00000005.00000003.1828379152.000002C895494000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1822972258.000002C898DF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.office.com/mail/compose?isExtension=true92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://github.com/mozilla-services/screenshotsfirefox.exe, 00000005.00000003.1728514445.000002C89302C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728645832.000002C893041000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728222810.000002C895400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728915276.000002C89306C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728352926.000002C893017000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728764185.000002C893057000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://exslt.org/setsfirefox.exe, 00000005.00000003.1874581334.000002C89108E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135295593.000002C89108A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C89108A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://i.y.qq.com/n2/m/index.html92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.deezer.com/92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 00000005.00000003.2063661484.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1874581334.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135295593.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928737982.000002AD2BFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2927644555.00000216E59CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://web.telegram.org/92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://api.accounts.firefox.com/v1firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://exslt.org/commonfirefox.exe, 00000005.00000003.1874581334.000002C89108E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135295593.000002C89108A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C89108A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://drive-daily-2.corp.google.com/manifest.json.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://fpn.firefox.comfirefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://exslt.org/dates-and-timesfirefox.exe, 00000005.00000003.1875935063.000002C891081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C891081000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 00000005.00000003.2063661484.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1874581334.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135295593.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1829758093.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2032714406.000002C89286E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377598396.000002C8910B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928737982.000002AD2BFEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2927644555.00000216E59CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/Hfirefox.exe, 00000005.00000003.2444319880.000002C892929000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://ocsp.rootca1.amazontrust.com0:firefox.exe, 00000005.00000003.2061393222.000002C895F73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827278277.000002C895F73000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/Ffirefox.exe, 00000005.00000003.2444319880.000002C892929000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-1.corp.google.com/manifest.json.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://excel.new?from=EdgeM365Shoreline92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.youtube.com/firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://drive-daily-5.corp.google.com/manifest.json.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.carterandcone.comlfirefox.exe, 00000005.00000003.2421540411.000002C897358000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://127.0.0.1:firefox.exe, 00000005.00000003.1828306869.000002C8954A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bugzilla.mofirefox.exe, 00000005.00000003.1872137065.000002C892861000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://mitmdetection.services.mozilla.com/firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://amazon.comfirefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://chromewebstore.google.com/manifest.json0.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://drive-preprod.corp.google.com/manifest.json.7.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://chrome.google.com/webstore/manifest.json0.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://spocs.getpocket.com/firefox.exe, 00000005.00000003.1872464439.000002C892813000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://bard.google.com/92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.office.com92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://outlook.live.com/mail/0/92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000005.00000003.2346540070.000002C89283B000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://play.google.comcfc841a0-289d-4016-8b33-c9b4fbfd21c8.tmp.8.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000005.00000003.1828502805.000002C8939AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1871200089.000002C8939AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://tidal.com/92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://monitor.firefox.com/aboutfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://mozilla.org/MPL/2.0/.firefox.exe, 00000005.00000003.1823847886.000002C898D19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1867444583.000002C895AD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1810889054.000002C897B68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2346262699.000002C897AA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828502805.000002C8939DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743635531.000002C895AFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2060164504.000002C897AA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1822972258.000002C898D9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1824381921.000002C898C22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2398841555.000002C895AFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1787627736.000002C897BD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743635531.000002C895AED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827939655.000002C895BCD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816851220.000002C895AFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823568183.000002C898D70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1813062247.000002C892DF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816851220.000002C895AED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1828379152.000002C89545E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1869048570.000002C8981A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2398841555.000002C895AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823659024.000002C898D52000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://account.bellmedia.cfirefox.exe, 00000005.00000003.1822972258.000002C898DF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.openh264.org/firefox.exe, 00000005.00000003.2377527526.000002C8911BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872957363.000002C8911BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135211927.000002C8911BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://gaana.com/92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://login.microsoftonline.comfirefox.exe, 00000005.00000003.1768651898.000002C8981B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1822972258.000002C898DF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://coverage.mozilla.orgfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000005.00000003.2065654564.000002C896B00000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://x1.c.lencr.org/0firefox.exe, 00000005.00000003.2061393222.000002C895F73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827278277.000002C895F73000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://x1.i.lencr.org/0firefox.exe, 00000005.00000003.2061393222.000002C895F73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1827278277.000002C895F73000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://outlook.live.com/mail/compose?isExtension=true92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://blocked.cdn.mozilla.net/firefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 00000005.00000003.2377527526.000002C8911BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1872957363.000002C8911BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2135211927.000002C8911BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp.7.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://profiler.firefox.comfirefox.exe, 0000000C.00000002.2928197103.000002AD2BE20000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2927177617.00000216E5790000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  13.107.246.40
                                  		unknownUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  152.195.19.97
                                  		unknownUnited States
                                  		15133EDGECASTUSfalse
                                  23.219.82.58
                                  		unknownUnited States
                                  		20940AKAMAI-ASN1EUfalse
                                  13.107.246.60
                                  		s-part-0032.t-0009.t-msedge.netUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  172.253.122.84
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  162.159.61.3
                                  		unknownUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  142.251.41.14
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  52.222.236.120
                                  		services.addons.mozilla.orgUnited States
                                  		16509AMAZON-02USfalse
                                  23.44.133.38
                                  		unknownUnited States
                                  		20940AKAMAI-ASN1EUfalse
                                  142.250.186.33
                                  		googlehosted.l.googleusercontent.comUnited States
                                  		15169GOOGLEUSfalse
                                  172.64.41.3
                                  		chrome.cloudflare-dns.comUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  34.120.208.123
                                  		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.80.36
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  34.149.100.209
                                  		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                  		2686ATGS-MMD-ASUSfalse
                                  34.107.221.82
                                  		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  35.244.181.201
                                  		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  239.255.255.250
                                  		unknownReserved
                                  		unknownunknownfalse
                                  35.190.72.216
                                  		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.65.202
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse

                                  Private

                                  IP
                                  192.168.2.4
                                  127.0.0.1

                                  General Information

                                  Joe Sandbox version:40.0.0 Tourmaline
                                  Analysis ID:1498319
                                  Start date and time:2024-08-24 01:10:04 +02:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 6m 50s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:27
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:file.exe
                                  Detection:MAL
                                  Classification:mal60.evad.winEXE@72/337@29/21
                                  EGA Information:
                                  • Successful, ratio: 66.7%
                                  HCA Information:
                                  • Successful, ratio: 96%
                                  • Number of executed functions: 36
                                  • Number of non-executed functions: 311
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 13.107.42.16, 142.251.173.84, 204.79.197.239, 13.107.21.239, 216.58.206.78, 13.107.6.158, 2.19.126.152, 2.19.126.145, 142.250.185.99, 2.23.209.182, 2.23.209.149, 2.23.209.187, 2.23.209.133, 2.23.209.130, 142.250.186.35, 20.223.35.26, 199.232.210.172, 192.229.221.95, 2.22.61.59, 2.22.61.56, 142.250.185.206, 142.250.181.238, 142.250.64.99, 142.250.81.227, 142.250.65.227, 142.250.65.195
                                  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, incoming.telemetry.mozilla.org, edgeassetservice.afd.azureedge.net, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, arc.msn.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, redirector.gvt1.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmanager.net, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bzib.nelreports.net.akamaized.net, fonts.gstatic.com, wildcardtlu-ssl.ec.azureedge.net, ctldl.windowsupdate.com, b-0005.b-msedge.net, detectportal.prod.mozaws.net, www-www.bing.com.trafficmanager.net, edge.microsoft.com,
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtCreateFile calls found.
                                  • Report size getting too big, too many NtOpenFile calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: file.exe

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  00:11:05AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                  00:11:13AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                                  • www.aib.gov.uk/
                                  NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zs
                                  PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/42Q
                                  06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zk
                                  Quotation.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zM
                                  152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
                                  • www.ust.com/
                                  13.107.246.60https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1vGet hashmaliciousUnknownBrowse
                                  • www.mimecast.com/Customers/Support/Contact-support/
                                  http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5Get hashmaliciousUnknownBrowse
                                  • wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  example.orgfile.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 93.184.215.14
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 93.184.215.14
                                  services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.48
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 18.65.39.31
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 18.65.39.4
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 18.65.39.85
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 18.65.39.31
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.80
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 18.65.39.112
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 18.65.39.4
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.80
                                  chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                                  • 162.159.61.3
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 162.159.61.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 172.64.41.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 172.64.41.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 162.159.61.3
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 172.64.41.3
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 162.159.61.3
                                  ipv4only.arpafile.exeGet hashmaliciousUnknownBrowse
                                  • 192.0.0.171
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 192.0.0.171
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 192.0.0.170
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 192.0.0.171
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 192.0.0.170
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 192.0.0.171
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 192.0.0.170
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 192.0.0.170
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 192.0.0.171
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 192.0.0.170

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  AKAMAI-ASN1EUhttp://sp.zhabite.com/market/search/Get hashmaliciousUnknownBrowse
                                  • 2.16.241.15
                                  original (10).emlGet hashmaliciousUnknownBrowse
                                  • 23.32.242.89
                                  file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                  • 23.197.127.21
                                  GONZALES, ALFREDO 0012104586, 0010640472 b .pdfGet hashmaliciousUnknownBrowse
                                  • 2.16.241.15
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 23.59.250.66
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 23.200.0.9
                                  Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                  • 172.234.222.143
                                  roundwood.exeGet hashmaliciousSimda StealerBrowse
                                  • 172.234.222.143
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 23.59.250.80
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 23.219.82.57
                                  MICROSOFT-CORP-MSN-AS-BLOCKUShttps://new-update-108047.weeblysite.com/Get hashmaliciousUnknownBrowse
                                  • 150.171.27.10
                                  https://att-customer-service-109909.weeblysite.com/Get hashmaliciousUnknownBrowse
                                  • 150.171.27.10
                                  https://7667lghjgfmank85387sg387sfyruk53k538gfm.weeblysite.com/Get hashmaliciousUnknownBrowse
                                  • 150.171.27.10
                                  https://cathymanns101.wixsite.com/my-site-1Get hashmaliciousHTMLPhisherBrowse
                                  • 150.171.27.10
                                  https://att-login-screen-108267.weeblysite.com/Get hashmaliciousUnknownBrowse
                                  • 150.171.27.10
                                  http://ca11he1lpn0wrnre112.pages.dev/fonts/media/media/js/scripts.jsGet hashmaliciousTechSupportScamBrowse
                                  • 13.107.246.60
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 20.96.153.111
                                  original (10).emlGet hashmaliciousUnknownBrowse
                                  • 51.104.15.253
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 52.123.243.151
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 13.107.246.40
                                  EDGECASTUShttps://view.officecloudenterprise.com/jwlswkeGet hashmaliciousUnknownBrowse
                                  • 152.199.21.175
                                  https://kscknbcferamacgqpsr.93399426.ca:8443/impact?impact=j..c...@b..**.com/Get hashmaliciousHTMLPhisherBrowse
                                  • 152.199.21.175
                                  https://zebdq.indylatinawrds.com:8443/impact?impact=j..*@c...*.com/Get hashmaliciousHTMLPhisherBrowse
                                  • 152.199.21.175
                                  https://vnzjf.indylatinawrds.com:8443/impact?impact=d..*@p....com/Get hashmaliciousHTMLPhisherBrowse
                                  • 152.199.21.175
                                  https://jfjnaitfmqdfpqbwiat.93399426.ca:8443/impact?impact=l..*@i....**.com/Get hashmaliciousHTMLPhisherBrowse
                                  • 152.199.21.175
                                  https://jdgnh.indylatinawrds.com:8443/impact?impact=i..@j.**.org/Get hashmaliciousHTMLPhisherBrowse
                                  • 152.199.21.175
                                  https://fwwzp.indylatinawrds.com:8443/impact?impact=c..@t....**.com/Get hashmaliciousHTMLPhisherBrowse
                                  • 152.199.21.175
                                  https://cathymanns101.wixsite.com/my-site-1Get hashmaliciousHTMLPhisherBrowse
                                  • 93.184.221.165
                                  https://konub.indylatinawrds.com:8443/impact?impact=c...*@u...com/Get hashmaliciousHTMLPhisherBrowse
                                  • 152.199.21.175
                                  https://xffhg.indylatinawrds.com:8443/impact?impact=c.*@t...com/Get hashmaliciousHTMLPhisherBrowse
                                  • 152.199.21.175
                                  MICROSOFT-CORP-MSN-AS-BLOCKUShttps://new-update-108047.weeblysite.com/Get hashmaliciousUnknownBrowse
                                  • 150.171.27.10
                                  https://att-customer-service-109909.weeblysite.com/Get hashmaliciousUnknownBrowse
                                  • 150.171.27.10
                                  https://7667lghjgfmank85387sg387sfyruk53k538gfm.weeblysite.com/Get hashmaliciousUnknownBrowse
                                  • 150.171.27.10
                                  https://cathymanns101.wixsite.com/my-site-1Get hashmaliciousHTMLPhisherBrowse
                                  • 150.171.27.10
                                  https://att-login-screen-108267.weeblysite.com/Get hashmaliciousUnknownBrowse
                                  • 150.171.27.10
                                  http://ca11he1lpn0wrnre112.pages.dev/fonts/media/media/js/scripts.jsGet hashmaliciousTechSupportScamBrowse
                                  • 13.107.246.60
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 20.96.153.111
                                  original (10).emlGet hashmaliciousUnknownBrowse
                                  • 51.104.15.253
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 52.123.243.151
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 13.107.246.40

                                  JA3 Fingerprints

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  28a2c9bd18a11de089ef85a160da29e4https://view.officecloudenterprise.com/jwlswkeGet hashmaliciousUnknownBrowse
                                  • 52.165.165.26
                                  • 184.28.90.27
                                  http://exdstinf.xyz/Get hashmaliciousHTMLPhisherBrowse
                                  • 52.165.165.26
                                  • 184.28.90.27
                                  https://upholdoslogn.gitbook.io/usGet hashmaliciousUnknownBrowse
                                  • 52.165.165.26
                                  • 184.28.90.27
                                  http://329e60-b9.myshopify.com/_t/c/A1020004-17EE30B00427829D-68C1B5C3/Get hashmaliciousUnknownBrowse
                                  • 52.165.165.26
                                  • 184.28.90.27
                                  https://submit-for-service.vercel.app/Get hashmaliciousUnknownBrowse
                                  • 52.165.165.26
                                  • 184.28.90.27
                                  http://www.freeusps.com/collections/all-usps-stamp/products/2017-snowy-day-100-pcs/Get hashmaliciousHTMLPhisherBrowse
                                  • 52.165.165.26
                                  • 184.28.90.27
                                  http://maltimasklogin.gitbook.io/us/Get hashmaliciousUnknownBrowse
                                  • 52.165.165.26
                                  • 184.28.90.27
                                  http://y8oj.tonetrau.comGet hashmaliciousUnknownBrowse
                                  • 52.165.165.26
                                  • 184.28.90.27
                                  https://apppleteamsupport24x7.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                  • 52.165.165.26
                                  • 184.28.90.27
                                  https://sub-refresh--87-account.vercel.app/Get hashmaliciousUnknownBrowse
                                  • 52.165.165.26
                                  • 184.28.90.27
                                  fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123
                                  file.exeGet hashmaliciousUnknownBrowse
                                  • 52.222.236.120
                                  • 35.244.181.201
                                  • 34.149.100.209
                                  • 34.120.208.123

                                  Dropped Files

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousUnknownBrowse
                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                        file.exeGet hashmaliciousUnknownBrowse

                                                                          Created / dropped Files

                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_7e378b05-d2c1-4afa-8d70-0f3278cf48e3.json (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6439
                                                                          Entropy (8bit):5.13816048877709
                                                                          Encrypted:false
                                                                          SSDEEP:192:jjMXVhicbhbVbTbfbRbObtbyEzn/nSrDtTJdB:jYScNhnzFSJ5nSrDhJdB
                                                                          MD5:0DD110EC748A49D7BDF885B182199213
                                                                          SHA1:F8F792A1F5DB99060DF561DCABB101B52397D470
                                                                          SHA-256:816A991B3F7E6B7A2955E87099F5FCCF14604617ECD6FAE4C641A7932B96E820
                                                                          SHA-512:D35F27003ED5161C76F3F3A13C8AAB4440B4774F7595CBEF066AAD58E55EA17594499C565283EDDA596A4B48BD0883552640998B36587B77A3550DAB6A06A78F
                                                                          Malicious:false
                                                                          Preview:{"type":"uninstall","id":"7e378b05-d2c1-4afa-8d70-0f3278cf48e3","creationDate":"2024-08-24T01:04:00.969Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_7e378b05-d2c1-4afa-8d70-0f3278cf48e3.json.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6439
                                                                          Entropy (8bit):5.13816048877709
                                                                          Encrypted:false
                                                                          SSDEEP:192:jjMXVhicbhbVbTbfbRbObtbyEzn/nSrDtTJdB:jYScNhnzFSJ5nSrDhJdB
                                                                          MD5:0DD110EC748A49D7BDF885B182199213
                                                                          SHA1:F8F792A1F5DB99060DF561DCABB101B52397D470
                                                                          SHA-256:816A991B3F7E6B7A2955E87099F5FCCF14604617ECD6FAE4C641A7932B96E820
                                                                          SHA-512:D35F27003ED5161C76F3F3A13C8AAB4440B4774F7595CBEF066AAD58E55EA17594499C565283EDDA596A4B48BD0883552640998B36587B77A3550DAB6A06A78F
                                                                          Malicious:false
                                                                          Preview:{"type":"uninstall","id":"7e378b05-d2c1-4afa-8d70-0f3278cf48e3","creationDate":"2024-08-24T01:04:00.969Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0893dab4-c42d-4538-a026-86962f0a94b0.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:modified
                                                                          Size (bytes):8090
                                                                          Entropy (8bit):5.812556498946545
                                                                          Encrypted:false
                                                                          SSDEEP:192:asNAmKeiRUFkQUkM96qRAq1k8SPxVLZ7VTiq:asNAHsJvM96q3QxVNZTiq
                                                                          MD5:C2BCDD49868F137561899A9DDB6BBAED
                                                                          SHA1:23E426CC4729EE169820F2AC4124736C93EE7D5B
                                                                          SHA-256:B3353C587E79A66A4EA46956D38C5462DBD0334A94E370CA30D4690690DA48B5
                                                                          SHA-512:C56E52CA2F3CA3BEF221B1467431F063175DCC5062A2EC75D045516CFEE4A64FE1D0C7BD737DE2E20719CC354C0845607F4B7E30FED4B524055B6B4A1DC57556
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0ce32b7d-4a0d-4d72-bd98-442a45e2c734.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):25093
                                                                          Entropy (8bit):6.032267337123404
                                                                          Encrypted:false
                                                                          SSDEEP:768:PM7X2zt1jKYqHkZeQ1WSnMVM04R836kJt6y:PMSzvKYqsX1h+36ct6y
                                                                          MD5:33DF77D28A4147F4A06747D1BA5AA785
                                                                          SHA1:3F99AB59D6037FAC39F48F9A2E99E82770C68A18
                                                                          SHA-256:CAA5A98AC71C29F9816DEE0ACDF0367A0FCE7FBBAE431CE4DC8FD4F168FECDA7
                                                                          SHA-512:1344466B32E8EFBD462D96150E3DA2974E42E668C35CF2F9735C283F98065BCD785FE02DC5DD6951A05B504D93DC83959853940825B1C34F797599627BFCF063
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13368928257611696","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1423c9b6-f782-4dde-8ee7-4a939373c335.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:modified
                                                                          Size (bytes):24007
                                                                          Entropy (8bit):6.05036445477046
                                                                          Encrypted:false
                                                                          SSDEEP:384:FtM7XKnG7EtlXrjYJUoLUJqHsdZsJHaVsNwh0lAxtMcMkX4Rm336kVvt6wo:PM7X2zt1jKYqHkZeM1WSxGcMkX4R836/
                                                                          MD5:49214D0425DF8CAE0B6C466744739FF3
                                                                          SHA1:4BBE353DCF59EA6144A023A6EA65BE64BE73F4A1
                                                                          SHA-256:915B64FAF4B43A0424885371467FF3FE64247137F25D15C0B8D2E2B747BEE469
                                                                          SHA-512:736C13A90FFE3566572BBDEA5FFB5F526ABE32CC162B9A673B54F662A660B56CFB1E98BAD46E43261BCBE369C1B37E88B05A91CBF284E6F559DB12EB56F707C5
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13368928257611696","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\278d84a6-e5f1-4e85-99bb-752048897610.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):25144
                                                                          Entropy (8bit):6.031455438850588
                                                                          Encrypted:false
                                                                          SSDEEP:768:PM7X2zt1jKYqHkZeQkWSnMVM04R836kJt6y:PMSzvKYqsXkh+36ct6y
                                                                          MD5:497D847CB8ADB1E7AE8862E505246C84
                                                                          SHA1:848A777B890B49D3A4F942521B33B2FB6E4F6D0C
                                                                          SHA-256:592EDE083DED9BA873A8132626292CF82FDB4FE19CA158FC117011A0CC21C97A
                                                                          SHA-512:91AA3576B30A54AA85D93593E8F58E8614FA4EBE2A9495ECC54DBA7267E9522804BCDF56FF414410E03CB701CA258A91AC30BD9503EEAB21D67BADE91D431E09
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13368928257611696","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\564c0d58-07d6-4a05-8d56-31c6259843b7.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):22965
                                                                          Entropy (8bit):6.047282352576354
                                                                          Encrypted:false
                                                                          SSDEEP:384:FtM7XKnG7EtlXrjYJUoLUJqHsdZsJHaVsNwh0lAZVM04Rm336kVvt6wN:PM7X2zt1jKYqHkZeM1WSZVM04R836kJf
                                                                          MD5:D9F443E90C652AC9CC4EEB9609D4C507
                                                                          SHA1:4C262C08BC497B9F9BCE8EF308145BCCB50FC8C2
                                                                          SHA-256:CD320C24A297870CA079708FE432676E44FD5EAFC539BD3FEE47B1C3383D8146
                                                                          SHA-512:4CF10FA6F589D6F12C3BE7A234B2B0893C11E4E67610942594D0372DC5C5310D7F89B8C8CFDDA5F3520697E375FE65B7EB2C10E942120906414A04F784F52C1B
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13368928257611696","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6ce44766-9246-4051-b265-3f23f5752a6f.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):8239
                                                                          Entropy (8bit):5.795470489629192
                                                                          Encrypted:false
                                                                          SSDEEP:192:fsNAmKeiRU05jGkMw6qRAq1k8SPxVLZ7VTiQ:fsNAHvNVMw6q3QxVNZTiQ
                                                                          MD5:BB16AEBFFE8607DFFC086F55F15098B3
                                                                          SHA1:CF89F9394D91D6F4070D2FD64066AAE05560C8A1
                                                                          SHA-256:FACFE07A7C73AB78A809387A7305F3588356BACF8CA425F43530C57D26191E42
                                                                          SHA-512:217475502B9F71ECC668C9921E4AE9962959A8BBD52DBE6AD1FBEE5BFF9D8945CED38B5D4D56491FDBFC5CA68F8F1F9120AAF51419D3A86956E941831470ACA8
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9466a5db-a0b6-4d35-bec8-c1ab92b34bca.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):8090
                                                                          Entropy (8bit):5.812556498946545
                                                                          Encrypted:false
                                                                          SSDEEP:192:asNAmKeiRUFkQUkM96qRAq1k8SPxVLZ7VTiq:asNAHsJvM96q3QxVNZTiq
                                                                          MD5:C2BCDD49868F137561899A9DDB6BBAED
                                                                          SHA1:23E426CC4729EE169820F2AC4124736C93EE7D5B
                                                                          SHA-256:B3353C587E79A66A4EA46956D38C5462DBD0334A94E370CA30D4690690DA48B5
                                                                          SHA-512:C56E52CA2F3CA3BEF221B1467431F063175DCC5062A2EC75D045516CFEE4A64FE1D0C7BD737DE2E20719CC354C0845607F4B7E30FED4B524055B6B4A1DC57556
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):107893
                                                                          Entropy (8bit):4.640139867263744
                                                                          Encrypted:false
                                                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7D:fwUQC5VwBIiElEd2K57P7D
                                                                          MD5:515BFDD0A8E03F491ED66894DAC7434B
                                                                          SHA1:00534E56EA194556D8E48772D2463BB291B567AC
                                                                          SHA-256:C76D8691C06568DE0108BAD3E4C5596E5B6DB4AF6864E0C4B57F3EE2C909FA18
                                                                          SHA-512:649D4F9FF7446C1DB4B16F6A4C9BEBF0A92A9E266898D653A11CBC44FCCDE8472D91758A624AA5D5A1B306DFA793E5F72370ED70514CB25312B76ACD605EA652
                                                                          Malicious:false
                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\f9858385-89fa-4afe-87b5-0464f5b8e4dc.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):107893
                                                                          Entropy (8bit):4.640139867263744
                                                                          Encrypted:false
                                                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7D:fwUQC5VwBIiElEd2K57P7D
                                                                          MD5:515BFDD0A8E03F491ED66894DAC7434B
                                                                          SHA1:00534E56EA194556D8E48772D2463BB291B567AC
                                                                          SHA-256:C76D8691C06568DE0108BAD3E4C5596E5B6DB4AF6864E0C4B57F3EE2C909FA18
                                                                          SHA-512:649D4F9FF7446C1DB4B16F6A4C9BEBF0A92A9E266898D653A11CBC44FCCDE8472D91758A624AA5D5A1B306DFA793E5F72370ED70514CB25312B76ACD605EA652
                                                                          Malicious:false
                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66C916FE-1CDC.pma

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.0396284572462908
                                                                          Encrypted:false
                                                                          SSDEEP:192:AN01utmqvDzKX7sJ8iD12absbZHtgbXoh8IYhoPfNEl/xRQMcU9D3n8y08Tcm2Rl:a0EthlWCnh6gvR9D308T2RGOD
                                                                          MD5:4F2C7A092FFE4294C31887562D583E67
                                                                          SHA1:FFCCDC839A2E79853D51280CA7A719E95D99056C
                                                                          SHA-256:4C1B06AF15B77CEB13C0B88901C05ACEDF63AA63CBA0975FC82D4EBC3F531CA9
                                                                          SHA-512:C53D64F1A3BD5EA4A6CD2BA32959F7D6AE4470A6DA25904C0508CE453151047FA8890A6D4AE1D8691DB12ACE98DDD42BEDEA331D28DF150A6268842A8F5EDF99
                                                                          Malicious:false
                                                                          Preview:...@..@...@.....C.].....@................a...P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....e.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".rvrkgs20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z.......................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66C916FF-1E34.pma

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.46952176044507876
                                                                          Encrypted:false
                                                                          SSDEEP:6144:ssqD4A4KTW2lraHj/z/viqRrsWpdlMaHJt:GR42lWnZP
                                                                          MD5:4895A7CF10420D0D6F4DFC873CFD2AD7
                                                                          SHA1:C44267D03AF65411738DE723907E334B5250A9E4
                                                                          SHA-256:5427E3BA47CADCE4290662B7C39AFE8395B5EB2856D620BA5A61E35251C5722B
                                                                          SHA-512:83478EC4C11AD68FD04EDCA07BA9217E372CBCC6A0371B04A8E953ECAC90EA68B273A6F536187432D47817284F2B6B1D367ED396A8562565513D23A518DBEC47
                                                                          Malicious:false
                                                                          Preview:...@..@...@.....C.].....@...................(...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....i.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".rvrkgs20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U?:K..>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered....(..$...

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66C91711-254C.pma

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.040766933486679036
                                                                          Encrypted:false
                                                                          SSDEEP:192:j8t0EbtmqvDtKryJEa3XxxTxqZ/g+XIC970RKENShk7N4R21gQM0Kn4n8y08TcmQ:At0Et1eK8YX4LhyCSgAK408T2RGOD
                                                                          MD5:036BA66B7BA4D756D535EF3444336B45
                                                                          SHA1:07726BA30F69657A08497954E04AF8620E9412DF
                                                                          SHA-256:C162AC48A61C8A2D4235AF446E74DB62F9B5346E8732DF56C71B3752BB6C30DC
                                                                          SHA-512:C5B3A9A392DCDB4D953066344FE179E1B318C314CDC657CA4A9AF47036B6428E981859257D9E59344793750E6AA0F22991F77E658BA5830DC8C9B0AAC67C7963
                                                                          Malicious:false
                                                                          Preview:...@..@...@.....C.].....@................b...Q..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".rvrkgs20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66C91719-2794.pma

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.03984293076457488
                                                                          Encrypted:false
                                                                          SSDEEP:192:e50EbtmqvD3KX79JEa3Xxx7uqZGXPtg34khhhBNEqMO1gQpevi654zn8y08Tcm2D:c0EtUe18xphBeagw0i+y08T2RGOD
                                                                          MD5:148531E9031D4CEAA7D2AB0FC36F6E5A
                                                                          SHA1:B5E2F43E7E89033B287FD76D34466BBB32B2F3BF
                                                                          SHA-256:876C2C3C59174643516795711F80224BFF57ADF5F03FCF3D2826CED49D656F39
                                                                          SHA-512:9B8D1C9E50C1BBA3E1DD381029F28826EF4A2ED5611D482802775F7C3DEE25A1F7A2D78F55F7E770A8108F3D727811EE2D9B417070957189B5BCCEDC6500B0FC
                                                                          Malicious:false
                                                                          Preview:...@..@...@.....C.].....@...............h^.. N..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".rvrkgs20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):16384
                                                                          Entropy (8bit):0.3553968406659012
                                                                          Encrypted:false
                                                                          SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                                                                          MD5:CFAB81B800EDABACBF6CB61AA78D5258
                                                                          SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                                                                          SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                                                                          SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                                                                          Malicious:false
                                                                          Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):280
                                                                          Entropy (8bit):3.060980776278344
                                                                          Encrypted:false
                                                                          SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1J1:o1//BVsJDG2Yq
                                                                          MD5:74B32A83C9311607EB525C6E23854EE0
                                                                          SHA1:C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2
                                                                          SHA-256:06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
                                                                          SHA-512:ADC193A89F0E476E7326B4EA0472814FE6DD0C16FC010AAF7B4CF78567D5DF6A1574C1CE99A63018AFE7E9AD68918147880621A3C00FAA7AD1014A0056B4B9C4
                                                                          Malicious:false
                                                                          Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0b375200-9603-4423-ba0f-41779e03d2ac.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):13651
                                                                          Entropy (8bit):5.239963605640991
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVcJ9pQTryZiuaba4uyxJwOC3WAPFp1YW3Q8bpj+FbYQA90L1f:sVcLAJuCJw93PPpUUQ0k
                                                                          MD5:41383D21A47E04B6CDA45B29DB32671C
                                                                          SHA1:452986D85DD3ED42C7245FC0C7A7CC92FF96C34F
                                                                          SHA-256:26E7C3E1211CAD881245E819D580D8912805A7788F9F7454DD19AF473F350E83
                                                                          SHA-512:3E357C7236E6C7BF65C5E6263CB3627BAB5D42A6A7F7A8D434EA3C489A0D4262116D22D76F6A2FC18B8E63165214BA9BCF130994224D8D96EBD8F2D540E8A3F4
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13368928257348416","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1c572696-093f-4299-b91b-6ffdae16b39e.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12924
                                                                          Entropy (8bit):5.161537360990646
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVcJ9pQTryZiuaba4uyxJwOC3WAbYW3Q8bpj+FbYQAw0L1f:sVcLAJuCJw935pUUQ1k
                                                                          MD5:E5E15CC3B931B134539BDC0D6D6AFB6F
                                                                          SHA1:000512D7EC9BD425C8C5D49FCCDFE12F2605806A
                                                                          SHA-256:62533A2DAAEBED1891A5A538FA1A41AF08410E2625F3CFB2B1F28D1F2B0C4C8F
                                                                          SHA-512:0E2CA774FC25D2C448E01091A5F5A3CB47F9337E75403FEBE6E30E7A127520F95956D8D65ED8A3A1A9173ADC3CB746950AB1838545AF79A784C451A9D0193EF1
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13368928257348416","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4326de39-c6e0-46f6-98b1-8973c4f98a37.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):39660
                                                                          Entropy (8bit):5.562098424416196
                                                                          Encrypted:false
                                                                          SSDEEP:768:YO+sQl7pLGLv6UWPr3fa28F1+UoAYDCx9Tuqh0VfUC9xbog/OV2ZRqhv2rwevIUN:YO+sQzcv6UWPr3fa2u1ja7ZRwvTevIu3
                                                                          MD5:A575E6F88EA22E776C603CC41B8F9B67
                                                                          SHA1:C35CFD047F8809885EDCA0C12832D919A4DAEB49
                                                                          SHA-256:C21CDA85B7A5250984E7EBAE19314279B35145923E57E277605E35F545D2AE54
                                                                          SHA-512:276739D7331AB6FC51754634C685DB3C77FB988578EFBB99FA0F054B173B81BFD5B88582AECB7CABBBA58021B9744E4A4EDF33BE5E48E2DA6CCF4FD1670E0722
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368928256046460","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368928256046460","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7d217389-32ea-424a-9e58-5ac1f1f81976.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):37817
                                                                          Entropy (8bit):5.5556847744319375
                                                                          Encrypted:false
                                                                          SSDEEP:768:YO+sQl7pLGLv6UWPr3fa28F1+UoAYDCx9Tuqh0VfUC9xbog/OV5qhv2rwevxUDdI:YO+sQzcv6UWPr3fa2u1jakwvTevxuJt8
                                                                          MD5:B58607EE7C7EF19D1755D2496D7F9012
                                                                          SHA1:63B8C19C35DE4182FD776693E837008E36F5D54E
                                                                          SHA-256:5D3212854D288633B39B7D1E1E3BA5E8C1B1DBAC7600413773602C60A1EF3E41
                                                                          SHA-512:E09A022B2AF099A8346D6DCB0537FB243E3671AAECE15CFD4C2E21B492E02546450EE63B84BEAFA7127E1645232ECB2FB231718085BE95E29CD206387B95728C
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368928256046460","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368928256046460","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\80a4cf2c-32c4-4efa-9c1d-4e6ebc099c7c.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\92cf1ff0-bcd9-40dc-abe5-ba8464a22025.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):115717
                                                                          Entropy (8bit):5.183660917461099
                                                                          Encrypted:false
                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                          Malicious:false
                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9efafe7a-14fd-496f-812e-93d464ff2dad.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12267
                                                                          Entropy (8bit):5.075874130471033
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVcJ9pQTryZigaba4uyxJwOC3aYW3M8bpj+FbYQAw0L1f:sVcLA3uCJw93QpUUQ1k
                                                                          MD5:5984672FCB180568E1F0CC5A8E5F08B6
                                                                          SHA1:5247C25527B193F810D9F9000221DE1119A37071
                                                                          SHA-256:53C421D2DCF7F9FDB945F48EF2A49776ABB3734E9635927C796E381B2E3130C8
                                                                          SHA-512:BD4EBD5C2C601DC41A6E46A54CE2F43E4040FE1D4232FF73F09AE6CBCF1E253E95E414CBC15562D0FAB9BFFF67078E5788666AC6BC2895AE5A4C2BEF41C2492A
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13368928257348416","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:modified
                                                                          Size (bytes):1695826
                                                                          Entropy (8bit):5.041137557136737
                                                                          Encrypted:false
                                                                          SSDEEP:24576:aPfQUg6kAdRhiGzmYoAo2ENU0ifYeV3br2M:aPfZ/mS5
                                                                          MD5:763389C0757AC140A160E8B2AA945F70
                                                                          SHA1:4F5EC898A47C1343E8F1859C436E0ED7BFA86AB0
                                                                          SHA-256:49B329DB703B4A2E5F4320A22ACFC96E2AC08B9DDCF062D8B819E735E50AEE65
                                                                          SHA-512:55144EC964F4D854A28A31E7B6BF921621036ED331A27094FE0DE0F8C841480A9CA19FDE5AB61C3284BE1B726D86FB9DDD96B43C110D81FD0BC98193850DCF98
                                                                          Malicious:false
                                                                          Preview:...m.................DB_VERSION.1)..{.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13368928262914294.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}]oV.<.................QUERY_TIMESTAMP:edge_hub_apps_manifest_gz4.7.*.13368928262918528.$QUERY:edge_hub_apps_manifest_gz4.7.*..[{"name":"edge_hub_apps_manifest_gz","url":"https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline","version":{"major":4,"minor":7,"patch":107},"hash":"Qoxdh2pZS19o99emYo77uFsfzxtXVDB75kV6eln53YE=","size":1682291}]=_.../..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivileged

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):293
                                                                          Entropy (8bit):5.085894892135229
                                                                          Encrypted:false
                                                                          SSDEEP:6:NPRWS1cQB1wkn23oH+Tcwt9Eh1ZB2KLlLPRWVq2Pwkn23oH+Tcwt9Eh1tIFUv:NPRWq0fYeb9Eh1ZFL1PRCvYfYeb9Eh1b
                                                                          MD5:51414C1F4A22E5A9EEF07B73B536EE3F
                                                                          SHA1:CC004B8CB52826BBCD8088A6D2D504AEDD19579E
                                                                          SHA-256:DDCD2F90DE91E48C9A62ED8AE84BACFEA290C86918111207824FD1AE946D1912
                                                                          SHA-512:75379A197651D7901C365DAD236E39B8FA50154AC35753FBB087897D8EAD9A2C55AC705EE32C5A224206C298C2EBCA78E391521463EA23C2E2EBB6697F604E99
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:11:02.167 2280 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2024/08/23-19:11:02.228 2280 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):12288
                                                                          Entropy (8bit):0.3202460253800455
                                                                          Encrypted:false
                                                                          SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                                          MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                                          SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                                          SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                                          SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):28672
                                                                          Entropy (8bit):0.4646308375985403
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBNjOL:TouQq3qh7z3bY2LNW9WMcUvBM
                                                                          MD5:B25DAAF6E9528AFE6ACF80F26A87BC52
                                                                          SHA1:457F6CAE0D2722AA00270D4D3A0345BFE47CAE35
                                                                          SHA-256:6EA02E56AC712CC41CBFF601B4801CE0F758CAC84F4EF15FE27C94A7C61C17E4
                                                                          SHA-512:DE9C3BEA30B878949BC18485B394F1801FC6B74D4AAAAC61CC73D9D063A4510D28FFD3EFE8DB98D0CDB9F6EBD293C684E8276F9FBFBEE358F3E6012E661D9D22
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):8.280239615765425E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):262512
                                                                          Entropy (8bit):9.553120663130604E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsNlBuyqt:Ls3
                                                                          MD5:452928C1244A73DEFD3EFB396FD1028D
                                                                          SHA1:11CEA09D5AB5D1A767111FEAE1048AFD0CE969B6
                                                                          SHA-256:60B51850677B9735C68BE04ACFAC7818573BAA376F5E59D6CEF0DFE8BF3DABFA
                                                                          SHA-512:00C97AF8659D9604C36A1A4656C1BB989730FB4F3F3A172398B55859FCE210FBD77DD86675194B24BBA7D86E417410C07D571CBD6542769268719973D3FB2E39
                                                                          Malicious:false
                                                                          Preview:.........................................).+.~/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):33
                                                                          Entropy (8bit):3.5394429593752084
                                                                          Encrypted:false
                                                                          SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                          MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                          SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                          SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                          SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                          Malicious:false
                                                                          Preview:...m.................DB_VERSION.1

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):305
                                                                          Entropy (8bit):5.256725273365919
                                                                          Encrypted:false
                                                                          SSDEEP:6:NP64OvEq1wkn23oH+TcwtnG2tbB2KLlLP64K+q2Pwkn23oH+TcwtnG2tMsIFUv:NPh1fYebn9VFL1PNvYfYebn9GFUv
                                                                          MD5:DC93B6DAD6149D1D412530D903498E41
                                                                          SHA1:0BF95511B3E3F1E7E127F3A364389A487F4F03E1
                                                                          SHA-256:5802172CCEDF489DE7E8BBDC611C3E55C236906A873ADDA2779C2EC969E69ADD
                                                                          SHA-512:C17B378302372FC92FBA2CC9095716F75ADB47EBAE260D0F756459F50569253763BE4EA460BCF4B9A9FAEA3BD815871FA1A34D7615451F8F728A98B614CBF10E
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:56.589 1f88 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2024/08/23-19:10:56.967 1f88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.494709561094235
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                                          MD5:CF7760533536E2AF66EA68BC3561B74D
                                                                          SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                                          SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                                          SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.6128496394431433
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLqpR+DDNzWjJ0npnyXKUO8+jxAEElpBLdAEblWmL:Te8D4jJ/6Up+NAEeBAEbh
                                                                          MD5:35F7F069494633D07A05DE306BEFBFFC
                                                                          SHA1:6772DAB4DCBDB612C7C8C2C5B02219FF64187222
                                                                          SHA-256:14CEDC89BEBEA979C3C15915ED10EC2AFBDAD64BAA29243FDD532AF1B1D758E9
                                                                          SHA-512:076493207D43E90D1374C5A969315B96E1BC6B17A23842DBFA7ABE631A78F2E6A217C314AB221C2A51AA3F9241389D9B8D8AA17F8D6ED6C645552A3E4CB4BED5
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):375520
                                                                          Entropy (8bit):5.354148999915461
                                                                          Encrypted:false
                                                                          SSDEEP:6144:AA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:AFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                          MD5:81EB35595A51C9BE51FD956F85FEA69E
                                                                          SHA1:5DAB1B0E7824150601EF0936F81735A19997FC1E
                                                                          SHA-256:53D1230B0C4F641905F96F153BABD577B03A749413CA5C8774775BDEF2C5F15B
                                                                          SHA-512:B27D75BD4EEE8E8A2B357B3E3862BBC6BFD10C19F57953AFB9C3A14A6DA24D66200F78B27FCF61BE4221B9DB0ECD32C4F793E66C666BE26DA489FA3CE75EB19A
                                                                          Malicious:false
                                                                          Preview:...m.................DB_VERSION.1..>.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13368928263565185..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):309
                                                                          Entropy (8bit):5.166096005358326
                                                                          Encrypted:false
                                                                          SSDEEP:6:NPRPq1wkn23oH+Tcwtk2WwnvB2KLlLPRzlkNAVq2Pwkn23oH+Tcwtk2WwnvIFUv:NPR9fYebkxwnvFL1PRzvvYfYebkxwnQg
                                                                          MD5:087ADCE1791C71F567759700B2D20FBE
                                                                          SHA1:4629103443462FD4DB4EB6FAD012CE9BF40527DF
                                                                          SHA-256:66DF0E21C3C6989C1D863BBDEAC6ADDBF6AFF85F629E330243E0D08BF995CB63
                                                                          SHA-512:F4B5143EF82B8996930B6F3A0F0B7C39850F0AD56F589353F356BB6ADB04DFABA3669B88847DDDFBD29FDCBD3A318D605375B58FCFFAE0355A19FE58B7DCFB24
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:11:02.213 2290 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/08/23-19:11:02.572 2290 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:modified
                                                                          Size (bytes):358860
                                                                          Entropy (8bit):5.324616264299282
                                                                          Encrypted:false
                                                                          SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rp:C1gAg1zfvR
                                                                          MD5:4001D204FBA6F52AD608601D41E7ACC5
                                                                          SHA1:575F77C96D1B9A2DBB6D88FF019ACC8344A4F686
                                                                          SHA-256:F97AB434334165E516109528114EF30B339834BA91434BDFAF1A60631D6A946A
                                                                          SHA-512:34CA57A68E6771AE5DF36C335C8D3B1A8AA0FC1C609872822A2EFEFE38174B56738D9D6D76CF4C9E4505BC8C09EEAADBB8F82CE21CE82E68885DE7375DFB3781
                                                                          Malicious:false
                                                                          Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):209
                                                                          Entropy (8bit):1.8784775129881184
                                                                          Encrypted:false
                                                                          SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                          MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                          SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                          SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                          SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                          Malicious:false
                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):281
                                                                          Entropy (8bit):5.218882891843751
                                                                          Encrypted:false
                                                                          SSDEEP:6:NP64K81wkn23oH+Tcwt8aVdg2KLlLP64t1N+q2Pwkn23oH+Tcwt8aPrqIFUv:NPcfYeb0L1PX1N+vYfYebL3FUv
                                                                          MD5:E9DC1DC39D37B84CF1F2DC3ACB05C8D1
                                                                          SHA1:1CD3E8FE671930E4F91C6A98675C13742B0EF3AB
                                                                          SHA-256:242C20D7D70D2AAD5E9251FB0DA0D6ED0C996A431BCDEC8789ED9518255B9401
                                                                          SHA-512:85DBAE01F57E63F73CA2D5148DEA8ADE1B1EC060FAAB17AB3070589AD4FB1B71E368AFC383D412214F664D1145869BC06ACE33672D4470908B927DFBDBBF225F
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:56.575 1f9c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2024/08/23-19:10:56.593 1f9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):209
                                                                          Entropy (8bit):1.8784775129881184
                                                                          Encrypted:false
                                                                          SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                          MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                          SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                          SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                          SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                          Malicious:false
                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):285
                                                                          Entropy (8bit):5.182052198796469
                                                                          Encrypted:false
                                                                          SSDEEP:6:NP64Fm81wkn23oH+Tcwt86FB2KLlLP644R+q2Pwkn23oH+Tcwt865IFUv:NPvyfYeb/FFL1P2R+vYfYeb/WFUv
                                                                          MD5:C0367D1050D77D391FA13E3EC6DEDAF5
                                                                          SHA1:C963A65D2317C585272C1E04C36A81F4F4C29849
                                                                          SHA-256:46ACE83F91D26056EF661A57DB07F9B8EACA5343DEEE6444C4E5CB8EA57D4AFA
                                                                          SHA-512:BF76D14836E42879772AA784889B8FB573CA1A536D05A91EEE05E84A6E96EDB8B91D762E71255E2B51C79C4C9EA07241DA963AC184B78E135BAA4BE86DB9B661
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:56.601 1f9c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2024/08/23-19:10:56.615 1f9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):1197
                                                                          Entropy (8bit):1.8784775129881184
                                                                          Encrypted:false
                                                                          SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                          MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                                                                          SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                                                                          SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                                                                          SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                                                                          Malicious:false
                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):322
                                                                          Entropy (8bit):5.22554551533204
                                                                          Encrypted:false
                                                                          SSDEEP:6:NP64slH4q2Pwkn23oH+Tcwt8NIFUt88P64s+HJZmw+8P64s+HDkwOwkn23oH+TcN:NPaH4vYfYebpFUt88PRJ/+8PRD5JfYey
                                                                          MD5:A562BA74523F230EC0D5090547A49CAA
                                                                          SHA1:9B50F172A1BF4172E33DDB6EC9C72DDA93A82246
                                                                          SHA-256:8E17BB8723F07E288DEF1754EF2B93AE6F106AD45E0E6271B5541D16565A9E2E
                                                                          SHA-512:172CC27DF3A12EAD00F099ECEC9A653CD6E8CD79D2AB03380F5B30CA85FFE50AB8B550E3664058F03C839537233CDA5032DA85DDDAD08576A81BB0A08DA7A04E
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:57.481 1f60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/08/23-19:10:57.482 1f60 Recovering log #3.2024/08/23-19:10:57.482 1f60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):322
                                                                          Entropy (8bit):5.22554551533204
                                                                          Encrypted:false
                                                                          SSDEEP:6:NP64slH4q2Pwkn23oH+Tcwt8NIFUt88P64s+HJZmw+8P64s+HDkwOwkn23oH+TcN:NPaH4vYfYebpFUt88PRJ/+8PRD5JfYey
                                                                          MD5:A562BA74523F230EC0D5090547A49CAA
                                                                          SHA1:9B50F172A1BF4172E33DDB6EC9C72DDA93A82246
                                                                          SHA-256:8E17BB8723F07E288DEF1754EF2B93AE6F106AD45E0E6271B5541D16565A9E2E
                                                                          SHA-512:172CC27DF3A12EAD00F099ECEC9A653CD6E8CD79D2AB03380F5B30CA85FFE50AB8B550E3664058F03C839537233CDA5032DA85DDDAD08576A81BB0A08DA7A04E
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:57.481 1f60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/08/23-19:10:57.482 1f60 Recovering log #3.2024/08/23-19:10:57.482 1f60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):4096
                                                                          Entropy (8bit):0.3169096321222068
                                                                          Encrypted:false
                                                                          SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                                          MD5:2554AD7847B0D04963FDAE908DB81074
                                                                          SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                                          SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                                          SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.40981274649195937
                                                                          Encrypted:false
                                                                          SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                                          MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                                          SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                                          SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                                          SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):429
                                                                          Entropy (8bit):5.809210454117189
                                                                          Encrypted:false
                                                                          SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                          MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                          SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                          SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                          SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                          Malicious:false
                                                                          Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):2.4458786408062756
                                                                          Encrypted:false
                                                                          SSDEEP:96:0BCyvkf0J4elS9nsH4/AztcWuuoKwxf0X:mNvkf0JQsHXzCWPo1xf0X
                                                                          MD5:14BF3FEF56D97B502CAC8BFDA498F4EE
                                                                          SHA1:F427CD033DA311E8283185AA4FA888008632096B
                                                                          SHA-256:472F70DDF527E07202B9ECA07B63FF52EE0D009142D780266774E49DCCD8BAD3
                                                                          SHA-512:92B734BBD383859510B4385729FC75950D406A06D3A9AFBFB83829BFEA4D034EE2C0D2F569EADA9BD4E10005A0FD916D133CFCF61209C1580062DE73A9ABFECF
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 4
                                                                          Category:dropped
                                                                          Size (bytes):159744
                                                                          Entropy (8bit):0.6460274230244114
                                                                          Encrypted:false
                                                                          SSDEEP:96:Jf0DL+YU+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjNChf0:Jf0nw+GPXBBE3upb0HtTTDxVjEf0
                                                                          MD5:B3909BE167CB523C7969A4454037C0EE
                                                                          SHA1:E39D196782A78F8B195097A57281DDB33524E49C
                                                                          SHA-256:1F294002DC85275B51351C644D1E5EF4C7DB6A6F5A62F05A5999E7E0CA1F593D
                                                                          SHA-512:F2457885AD4467379FEA8E402E9BCDDFE0E3FAD68963123590C2039E311561A683CD27376BA4A8458AB4DC78B98F7DAAFC48C6656851B2268131949970796E24
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8720
                                                                          Entropy (8bit):0.32719588341359873
                                                                          Encrypted:false
                                                                          SSDEEP:6:RiA/J3+t76Y4QZZofU99pO0BYrqR4EZY4QZvGD:RThHQws9LdHBQZGD
                                                                          MD5:03F3521FC18C19AA191B72E577EAD75A
                                                                          SHA1:E03B68ECC5FD951B8FBBFEA6B2BCBD0135BE20B2
                                                                          SHA-256:332A1EB43A5B0F9B792987E3695F755ACBB46DDCBE41CEA955D2BE7289A920A5
                                                                          SHA-512:14584A76A917C6B3935AAA1EB21BFD32AAD60CF88950511D211A44FEE6FD1816FC2AE1E97FC893E928AC2C474337BE700961E1D3F3B4A08AF96FC039E6D0FC25
                                                                          Malicious:false
                                                                          Preview:.............._...'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):115717
                                                                          Entropy (8bit):5.183660917461099
                                                                          Encrypted:false
                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                          Malicious:false
                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                          Category:dropped
                                                                          Size (bytes):45056
                                                                          Entropy (8bit):3.548993563754786
                                                                          Encrypted:false
                                                                          SSDEEP:384:zj9P0/lP/Kbt3QkQer5cY773pLjgam6IHhRRKToaAu:zdwlP/qe2+Y7wX/RKcC
                                                                          MD5:B7E730AC24343B895FC1AD2EB0216B9F
                                                                          SHA1:C92636D1E8B4828CD8D8F8D4B48CAA445EE23218
                                                                          SHA-256:025F56EEFDA657101055C89AF41229AFDC0035FCA1282FEA568182FDC7FF80EF
                                                                          SHA-512:A9B5B030D12CFF6F8487A28D908598D9D07231529A98E4B6F751D138517F8740859C61F0C2B322F3A3952004D1C408109E85B8B8014E7EF472A199C78DE144D6
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):406
                                                                          Entropy (8bit):5.299687459606517
                                                                          Encrypted:false
                                                                          SSDEEP:12:NPVvYfYeb8rcHEZrELFUt88PCM/+8PCs5JfYeb8rcHEZrEZSJ:NP5YfYeb8nZrExg88P7P5JfYeb8nZrE8
                                                                          MD5:FD2D7B1BC1E9F149AE00C3CB47D33DE4
                                                                          SHA1:21E4F9B5D606EA7CDA9021D2AA169C77C5B4D342
                                                                          SHA-256:0DACA1CECED7C1C799074EB52F4D9DABBAABA12129017381D86FBBC0598D000E
                                                                          SHA-512:7575C653FEC6A160FA52D43F79D680B81FC9F900419CD3E071661E65D42BBC1A9CE8A7FFCD645DE53B9F6E87CC906BBC6FFB2663BBC8B12DBE6D26E11530DCEA
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:58.425 1f50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/08/23-19:10:58.426 1f50 Recovering log #3.2024/08/23-19:10:58.426 1f50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):406
                                                                          Entropy (8bit):5.299687459606517
                                                                          Encrypted:false
                                                                          SSDEEP:12:NPVvYfYeb8rcHEZrELFUt88PCM/+8PCs5JfYeb8rcHEZrEZSJ:NP5YfYeb8nZrExg88P7P5JfYeb8nZrE8
                                                                          MD5:FD2D7B1BC1E9F149AE00C3CB47D33DE4
                                                                          SHA1:21E4F9B5D606EA7CDA9021D2AA169C77C5B4D342
                                                                          SHA-256:0DACA1CECED7C1C799074EB52F4D9DABBAABA12129017381D86FBBC0598D000E
                                                                          SHA-512:7575C653FEC6A160FA52D43F79D680B81FC9F900419CD3E071661E65D42BBC1A9CE8A7FFCD645DE53B9F6E87CC906BBC6FFB2663BBC8B12DBE6D26E11530DCEA
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:58.425 1f50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/08/23-19:10:58.426 1f50 Recovering log #3.2024/08/23-19:10:58.426 1f50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):334
                                                                          Entropy (8bit):5.199341965918797
                                                                          Encrypted:false
                                                                          SSDEEP:6:NP64eJF34q2Pwkn23oH+Tcwt8a2jMGIFUt88P64eJF3JZmw+8P64ZuaVNDkwOwkz:NPMJN4vYfYeb8EFUt88PMJNJ/+8PfvDE
                                                                          MD5:4EEE4C1FB4FBFD01BEB2BC39467B8E65
                                                                          SHA1:08D3104002BAE16727A5348F391DE76E0838311F
                                                                          SHA-256:472280B33E14B7D579D06AEA0F45FE5C9DF14F1293100737D431C1E69DC57B39
                                                                          SHA-512:230D909213FF3AA748118C8BC3F169CE84289FD372CB16754C0F90C4B81E99406D975A98EFF2230392FB647EAC2E9C899C98A06EA43D04296CD119DD18CD0BA6
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:57.538 11f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/08/23-19:10:57.538 11f0 Recovering log #3.2024/08/23-19:10:57.540 11f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):334
                                                                          Entropy (8bit):5.199341965918797
                                                                          Encrypted:false
                                                                          SSDEEP:6:NP64eJF34q2Pwkn23oH+Tcwt8a2jMGIFUt88P64eJF3JZmw+8P64ZuaVNDkwOwkz:NPMJN4vYfYeb8EFUt88PMJNJ/+8PfvDE
                                                                          MD5:4EEE4C1FB4FBFD01BEB2BC39467B8E65
                                                                          SHA1:08D3104002BAE16727A5348F391DE76E0838311F
                                                                          SHA-256:472280B33E14B7D579D06AEA0F45FE5C9DF14F1293100737D431C1E69DC57B39
                                                                          SHA-512:230D909213FF3AA748118C8BC3F169CE84289FD372CB16754C0F90C4B81E99406D975A98EFF2230392FB647EAC2E9C899C98A06EA43D04296CD119DD18CD0BA6
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:57.538 11f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/08/23-19:10:57.538 11f0 Recovering log #3.2024/08/23-19:10:57.540 11f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):57344
                                                                          Entropy (8bit):0.863060653641558
                                                                          Encrypted:false
                                                                          SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                                          MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                                          SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                                          SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                                          SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                          Category:dropped
                                                                          Size (bytes):45056
                                                                          Entropy (8bit):0.40293591932113104
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                                          MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                          SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                          SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                          SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\144d15d8-baf7-4616-8d88-ac22652f20cd.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\201ffe27-1eb1-46e6-aa15-c106e9bcf694.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):354
                                                                          Entropy (8bit):5.482890682528796
                                                                          Encrypted:false
                                                                          SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQcrkhqTBv31dB8wXwlmUUAnIMp5YRtAr:YWyX5Sg9vt+UAnIQcrdR7N+UAnI/XQ
                                                                          MD5:62DA3FE0EF6307B80B46B26F37109E7D
                                                                          SHA1:A9D5DC4C1534FFD70B8F88EE2989A160521CE4F1
                                                                          SHA-256:A1FEB53F122A17DBF3476EE0FDD92C98137BAC097433D823E6A7E2EA2D35F966
                                                                          SHA-512:0104F44D25A9BAA181BAF8D2E136FB1A2876AD76CCF19B08296B37DF6679C968C854BEE5FF14D87B7633EFDF3356B57479403832C5EA902259B3B1DA34B615DC
                                                                          Malicious:false
                                                                          Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1755990667.332505,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1724454667.33251}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5273e212-addc-42d0-a510-b70ae8dc30cd.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6a59bba7-8632-4334-8419-d847012337e4.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):1.082035782292588
                                                                          Encrypted:false
                                                                          SSDEEP:48:T2dKLopF+SawLUO1Xj8BVBBg6Wf5wdXOFyPr:ige+AuWkZr
                                                                          MD5:74A276B4BF89EC264EB979E6A12B3EE3
                                                                          SHA1:D623760A958DC5B76217AD10881AADC4A53A3715
                                                                          SHA-256:006ABC06915367EB85B82097D7453839C5EE627F28E75C21E0A208E9C0C33F75
                                                                          SHA-512:4FA6D5DCA6BD2D1ACA968373866ADC1F5CA2937EB4D5F263DDF26369DA7195E4985BEDA732A50ED4AAC14E908EF0EEEF012E3CF70F766A721321DA6571CFEBC4
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):61
                                                                          Entropy (8bit):3.926136109079379
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                          MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                          SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                          SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                          SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2cac8.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):61
                                                                          Entropy (8bit):3.926136109079379
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                          MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                          SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                          SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                          SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3b547.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):61
                                                                          Entropy (8bit):3.926136109079379
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                          MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                          SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                          SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                          SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                          Category:dropped
                                                                          Size (bytes):36864
                                                                          Entropy (8bit):1.328722439264589
                                                                          Encrypted:false
                                                                          SSDEEP:96:uIEumQv8m1ccnvS6heDo2dQF2YQ9UZP1nWoRVkI:uIEumQv8m1ccnvS6J282rUZP1Vd
                                                                          MD5:939466AD92F68C02EB27A8FF82A9A897
                                                                          SHA1:6C348F0995315AE3901E5772DB3E73B85300E3C7
                                                                          SHA-256:21181CB47AA312013B361FD4B20CCE877BB6615AA7E23656DF02C0481F0EC517
                                                                          SHA-512:C1763C55328F85A537CE9D673C62CD74660702AC80A24A2FC307D262D8F0F30A4470FCE71C733409A33C2B054CB362E6D9F9273F1EAB256E743C57318CF2574F
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2aa9e.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2bef1.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):203
                                                                          Entropy (8bit):5.4042796420747425
                                                                          Encrypted:false
                                                                          SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                          MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                          SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                          SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                          SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                          Malicious:false
                                                                          Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2c8d4.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):203
                                                                          Entropy (8bit):5.4042796420747425
                                                                          Encrypted:false
                                                                          SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                          MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                          SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                          SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                          SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                          Malicious:false
                                                                          Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF3cf38.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):203
                                                                          Entropy (8bit):5.4042796420747425
                                                                          Encrypted:false
                                                                          SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                          MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                          SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                          SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                          SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                          Malicious:false
                                                                          Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                          Category:dropped
                                                                          Size (bytes):36864
                                                                          Entropy (8bit):0.36515621748816035
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                          MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                          SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                          SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                          SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a78f49ef-d4f5-4120-bca4-e3f2278cae41.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):111
                                                                          Entropy (8bit):4.718418993774295
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                          MD5:285252A2F6327D41EAB203DC2F402C67
                                                                          SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                          SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                          SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b8d6340f-358a-4006-96b6-be959130a11b.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\cfc841a0-289d-4016-8b33-c9b4fbfd21c8.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2271
                                                                          Entropy (8bit):5.268733331935957
                                                                          Encrypted:false
                                                                          SSDEEP:48:YXs+P8s0+fcdssgsNrsOgnsl+Hrs9YsS+H1es1CxbZ:GPp4VjB4cy4hA1
                                                                          MD5:E16AF8A7302965624A38149A3734B3C3
                                                                          SHA1:A0CA375298ADE26EAACD14C93A05DBDB8534732A
                                                                          SHA-256:630F710EDEE38503D7151DB94F5BD701C98D99AF8FEA02B9858F8DF93C3D0D6A
                                                                          SHA-512:C7716771B326AC22FCCC0BFC73E37AB55C5E11057A4E9CC878969F49B8B72FEEC81224FD9670BB5CE9EDB1A11AE5C15971B8F6EDAD18C633AFDD53342FD7754E
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371520259876801","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371520261024590","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371520262366465","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371520266187311","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"alternative_service":[{"adver

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d06f1456-644d-4e5f-9ddb-73e7c19ff173.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):355
                                                                          Entropy (8bit):5.466600573578674
                                                                          Encrypted:false
                                                                          SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQcrkSX4U/Bv31dB8wXwlmUUAnIMp5YR3:YWyX5Sg9vt+UAnIQcrbIMR7N+UAnI/rd
                                                                          MD5:6995B9C628485D94190EDDE5E5C12984
                                                                          SHA1:DD072BF43BF009E58839C5BD82CB3680907AD5BF
                                                                          SHA-256:610CF43717EC06242A60B4B50D2FEA76F85387C4AD882A65084289A9239C94B5
                                                                          SHA-512:2FE09A49F9B3A4BAF778520A2E6E3634CC8603AD544675CBF49939A71E17BDA1C6D17873907B7FCA826BC8C35F35392AF829C1EFAF6EE80ABC8C1C5F6077DBEA
                                                                          Malicious:false
                                                                          Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1755990727.852824,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1724454727.852829}],"version":2}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.5744102022039023
                                                                          Encrypted:false
                                                                          SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isCHIrdNG7fdjxHIXOFSY:TLiOUOq0afDdWec9sJKG7zo7J5fc
                                                                          MD5:8B7CCBAE5FB8F1D3FDB331AED0833FB0
                                                                          SHA1:7924CE8D7CF818F1132F1C8A047FBEEF13F18877
                                                                          SHA-256:8029C4EAA75734867C5970AB41422A7F551EBFDF65E152C09F8A4038B17080C8
                                                                          SHA-512:23B07F98E037ECC9BAAB37EA93264503B936CA180F4873D19944D186F3529926CBDC7A0962E7A51EADC8CEB2CA85D94BFC3C431D0068B8320C45BF24C0DDB163
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12267
                                                                          Entropy (8bit):5.075874130471033
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVcJ9pQTryZigaba4uyxJwOC3aYW3M8bpj+FbYQAw0L1f:sVcLA3uCJw93QpUUQ1k
                                                                          MD5:5984672FCB180568E1F0CC5A8E5F08B6
                                                                          SHA1:5247C25527B193F810D9F9000221DE1119A37071
                                                                          SHA-256:53C421D2DCF7F9FDB945F48EF2A49776ABB3734E9635927C796E381B2E3130C8
                                                                          SHA-512:BD4EBD5C2C601DC41A6E46A54CE2F43E4040FE1D4232FF73F09AE6CBCF1E253E95E414CBC15562D0FAB9BFFF67078E5788666AC6BC2895AE5A4C2BEF41C2492A
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13368928257348416","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2e267.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12267
                                                                          Entropy (8bit):5.075874130471033
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVcJ9pQTryZigaba4uyxJwOC3aYW3M8bpj+FbYQAw0L1f:sVcLA3uCJw93QpUUQ1k
                                                                          MD5:5984672FCB180568E1F0CC5A8E5F08B6
                                                                          SHA1:5247C25527B193F810D9F9000221DE1119A37071
                                                                          SHA-256:53C421D2DCF7F9FDB945F48EF2A49776ABB3734E9635927C796E381B2E3130C8
                                                                          SHA-512:BD4EBD5C2C601DC41A6E46A54CE2F43E4040FE1D4232FF73F09AE6CBCF1E253E95E414CBC15562D0FAB9BFFF67078E5788666AC6BC2895AE5A4C2BEF41C2492A
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13368928257348416","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF31713.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12267
                                                                          Entropy (8bit):5.075874130471033
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVcJ9pQTryZigaba4uyxJwOC3aYW3M8bpj+FbYQAw0L1f:sVcLA3uCJw93QpUUQ1k
                                                                          MD5:5984672FCB180568E1F0CC5A8E5F08B6
                                                                          SHA1:5247C25527B193F810D9F9000221DE1119A37071
                                                                          SHA-256:53C421D2DCF7F9FDB945F48EF2A49776ABB3734E9635927C796E381B2E3130C8
                                                                          SHA-512:BD4EBD5C2C601DC41A6E46A54CE2F43E4040FE1D4232FF73F09AE6CBCF1E253E95E414CBC15562D0FAB9BFFF67078E5788666AC6BC2895AE5A4C2BEF41C2492A
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13368928257348416","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF356db.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12267
                                                                          Entropy (8bit):5.075874130471033
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVcJ9pQTryZigaba4uyxJwOC3aYW3M8bpj+FbYQAw0L1f:sVcLA3uCJw93QpUUQ1k
                                                                          MD5:5984672FCB180568E1F0CC5A8E5F08B6
                                                                          SHA1:5247C25527B193F810D9F9000221DE1119A37071
                                                                          SHA-256:53C421D2DCF7F9FDB945F48EF2A49776ABB3734E9635927C796E381B2E3130C8
                                                                          SHA-512:BD4EBD5C2C601DC41A6E46A54CE2F43E4040FE1D4232FF73F09AE6CBCF1E253E95E414CBC15562D0FAB9BFFF67078E5788666AC6BC2895AE5A4C2BEF41C2492A
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13368928257348416","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3a113.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12267
                                                                          Entropy (8bit):5.075874130471033
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVcJ9pQTryZigaba4uyxJwOC3aYW3M8bpj+FbYQAw0L1f:sVcLA3uCJw93QpUUQ1k
                                                                          MD5:5984672FCB180568E1F0CC5A8E5F08B6
                                                                          SHA1:5247C25527B193F810D9F9000221DE1119A37071
                                                                          SHA-256:53C421D2DCF7F9FDB945F48EF2A49776ABB3734E9635927C796E381B2E3130C8
                                                                          SHA-512:BD4EBD5C2C601DC41A6E46A54CE2F43E4040FE1D4232FF73F09AE6CBCF1E253E95E414CBC15562D0FAB9BFFF67078E5788666AC6BC2895AE5A4C2BEF41C2492A
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13368928257348416","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):33
                                                                          Entropy (8bit):4.051821770808046
                                                                          Encrypted:false
                                                                          SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                                          MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                          SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                          SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                          SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                          Malicious:false
                                                                          Preview:{"preferred_apps":[],"version":1}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):34462
                                                                          Entropy (8bit):5.55822618233903
                                                                          Encrypted:false
                                                                          SSDEEP:768:YO+sUUWPr3fR28F1+UoAYDCx9Tuqh0VfUC9xbog/OV5qhv2rwevmUDdKpEtue:YO+sUUWPr3fR2u1jakwvTevmuJtJ
                                                                          MD5:FF378E8DF48688BA595EAB1A441D439C
                                                                          SHA1:4EDB0F620D6D12A04DDD9AB60F2A19EBE8A2D4E0
                                                                          SHA-256:C7BF664AB41A34FB5999EFFC2DC8AB0F425345420350C7F53150A35453DB34EA
                                                                          SHA-512:48975BBE24A182051023C41F820139CA333247635FFC6AC717BCC4D1DFDF8D6973F4ECBB04EA6A61B5C1D28FE9B5A2871AF5B65F49DE42911E3A8C5AB13FF289
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368928256046460","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368928256046460","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2e65e.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):34462
                                                                          Entropy (8bit):5.55822618233903
                                                                          Encrypted:false
                                                                          SSDEEP:768:YO+sUUWPr3fR28F1+UoAYDCx9Tuqh0VfUC9xbog/OV5qhv2rwevmUDdKpEtue:YO+sUUWPr3fR2u1jakwvTevmuJtJ
                                                                          MD5:FF378E8DF48688BA595EAB1A441D439C
                                                                          SHA1:4EDB0F620D6D12A04DDD9AB60F2A19EBE8A2D4E0
                                                                          SHA-256:C7BF664AB41A34FB5999EFFC2DC8AB0F425345420350C7F53150A35453DB34EA
                                                                          SHA-512:48975BBE24A182051023C41F820139CA333247635FFC6AC717BCC4D1DFDF8D6973F4ECBB04EA6A61B5C1D28FE9B5A2871AF5B65F49DE42911E3A8C5AB13FF289
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368928256046460","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368928256046460","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF312dd.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):34462
                                                                          Entropy (8bit):5.55822618233903
                                                                          Encrypted:false
                                                                          SSDEEP:768:YO+sUUWPr3fR28F1+UoAYDCx9Tuqh0VfUC9xbog/OV5qhv2rwevmUDdKpEtue:YO+sUUWPr3fR2u1jakwvTevmuJtJ
                                                                          MD5:FF378E8DF48688BA595EAB1A441D439C
                                                                          SHA1:4EDB0F620D6D12A04DDD9AB60F2A19EBE8A2D4E0
                                                                          SHA-256:C7BF664AB41A34FB5999EFFC2DC8AB0F425345420350C7F53150A35453DB34EA
                                                                          SHA-512:48975BBE24A182051023C41F820139CA333247635FFC6AC717BCC4D1DFDF8D6973F4ECBB04EA6A61B5C1D28FE9B5A2871AF5B65F49DE42911E3A8C5AB13FF289
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368928256046460","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368928256046460","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):364
                                                                          Entropy (8bit):3.9973248319898484
                                                                          Encrypted:false
                                                                          SSDEEP:6:S85aEFljljljljljljlx5/laDAA6labdw+CA5EEE:S+a8ljljljljljljlxhU/Q+CA
                                                                          MD5:4682D6963D670BA6B86EDAA36734A55B
                                                                          SHA1:F3ED164ACB7BDC60CEB3D29F88B3CA300647805B
                                                                          SHA-256:426BA431C0ECEE20104E0FB493DDB6A7110B5071876487BEE89EEBA7E8920EA5
                                                                          SHA-512:F45BE655D22BCF826F84383F862069C80CF3F7103D4549DB61D1EB6C03A0B052664C47208690B4B68B87BCFF888784FBB312E96F5429523248B6FECFE372C7A4
                                                                          Malicious:false
                                                                          Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f................5..j................next-map-id.1.Knamespace-f647ab6a_2e62_47fa_aee5_7deb1ad3f7ca-https://accounts.google.com/.0V.e................V.e................V.e................V.e................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):322
                                                                          Entropy (8bit):5.168967011258505
                                                                          Encrypted:false
                                                                          SSDEEP:6:NP64QN4q2Pwkn23oH+TcwtrQMxIFUt88P64jp3JZmw+8P64ODDkwOwkn23oH+TcM:NPo4vYfYebCFUt88P5p3J/+8PcD5JfYM
                                                                          MD5:59702D1FE139DE1E6091A66C151432A0
                                                                          SHA1:AEAC7EA798BE59B974D53EF63EBFE021E064E343
                                                                          SHA-256:34AE3D33D67B2144309FC15CF3F48E66D1D5EFEEE2A1D8D0D3E1F22732DE4D69
                                                                          SHA-512:934A79F34D5566CC0C90F50FEF62DC32A358BE62901FEEBA8BB8C20814FD1377399368B0789E25283BB1D565DA80F1AFAC9510F1FA1D4F54A57ACA3620C76932
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:57.512 11f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/08/23-19:10:57.513 11f0 Recovering log #3.2024/08/23-19:10:57.516 11f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):322
                                                                          Entropy (8bit):5.168967011258505
                                                                          Encrypted:false
                                                                          SSDEEP:6:NP64QN4q2Pwkn23oH+TcwtrQMxIFUt88P64jp3JZmw+8P64ODDkwOwkn23oH+TcM:NPo4vYfYebCFUt88P5p3J/+8PcD5JfYM
                                                                          MD5:59702D1FE139DE1E6091A66C151432A0
                                                                          SHA1:AEAC7EA798BE59B974D53EF63EBFE021E064E343
                                                                          SHA-256:34AE3D33D67B2144309FC15CF3F48E66D1D5EFEEE2A1D8D0D3E1F22732DE4D69
                                                                          SHA-512:934A79F34D5566CC0C90F50FEF62DC32A358BE62901FEEBA8BB8C20814FD1377399368B0789E25283BB1D565DA80F1AFAC9510F1FA1D4F54A57ACA3620C76932
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:57.512 11f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/08/23-19:10:57.513 11f0 Recovering log #3.2024/08/23-19:10:57.516 11f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13368928258530564

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):9664
                                                                          Entropy (8bit):4.170975979011433
                                                                          Encrypted:false
                                                                          SSDEEP:192:3s/Uaf0c3PXFaaf063PXFa1f0lf0B3PXFa1f0ceAlbpP3PXFa7:8MVs1aVK1au+J1auKZ51a7
                                                                          MD5:9E692A4BC3F570727949DD4645454B6C
                                                                          SHA1:D6B5191FDD105362F137CE03526A514929A8ACD7
                                                                          SHA-256:E22F5ECAEBC8A1927DDF2EE9714FC9E1330671FBA3177C24809A2E6924F6752B
                                                                          SHA-512:279825588F7C21AD8B9ECB7EE4BED26F895AAADF4EB4BE030AEAA3A0EACA49FBA7B545D950AC9295BE7405B0D18D807BD067B02066C39129D518E349032AB428
                                                                          Malicious:false
                                                                          Preview:SNSS..........T..............T......"...T..............T..........T..........T..........T....!.....T..................................T...T1..,......T$...f647ab6a_2e62_47fa_aee5_7deb1ad3f7ca......T..........T....%e............T......T..........................T....................5..0......T&...{1A5CCF63-1000-409F-B5C1-AFEC7F75D4D9}........T.............T..........................T..............T....>...https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd&ifkv=Ab5oB3rSpcD46D_yErnDc5CFpodOMrJUagyU9xKCVXGAREcOAw_cr1kWiZNTwSNpytSc5r4kkP3EPg&service=accountsettings&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1748160764%3A1724454661460001&ddm=0..............!........................................................................................................=..a ...=..a ..P.......h...............`...........................................................>...h.t.t.p.s.:././.a.c.c.o.u.n.t.s...g.o.o.g.l.e...c.o.m

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.44194574462308833
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                          MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                          SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                          SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                          SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):350
                                                                          Entropy (8bit):5.207698074731918
                                                                          Encrypted:false
                                                                          SSDEEP:6:NP64QW/+q2Pwkn23oH+Tcwt7Uh2ghZIFUt88P6440Zmw+8P644UVkwOwkn23oH+Q:NPeZvYfYebIhHh2FUt88PW0/+8PW05J8
                                                                          MD5:0A688CA4FE88F2CB7F36778E1F00B05B
                                                                          SHA1:4469F93A9E699AA92ED1B8A1265650BEE5A4A00D
                                                                          SHA-256:B53DD0085301E522AB0C1ACE18AAC8706F627C74C0C164533CBD1E6059BB41A0
                                                                          SHA-512:988AD4C7C952A2732A4AA83468E27674B00D9E11E60F652C907CE7C68251389D1696BF701E917B69B2C9EBC494D4195EE0D5256C56AE08B4B40C72F96545F44B
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:56.433 1f98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/08/23-19:10:56.444 1f98 Recovering log #3.2024/08/23-19:10:56.444 1f98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):350
                                                                          Entropy (8bit):5.207698074731918
                                                                          Encrypted:false
                                                                          SSDEEP:6:NP64QW/+q2Pwkn23oH+Tcwt7Uh2ghZIFUt88P6440Zmw+8P644UVkwOwkn23oH+Q:NPeZvYfYebIhHh2FUt88PW0/+8PW05J8
                                                                          MD5:0A688CA4FE88F2CB7F36778E1F00B05B
                                                                          SHA1:4469F93A9E699AA92ED1B8A1265650BEE5A4A00D
                                                                          SHA-256:B53DD0085301E522AB0C1ACE18AAC8706F627C74C0C164533CBD1E6059BB41A0
                                                                          SHA-512:988AD4C7C952A2732A4AA83468E27674B00D9E11E60F652C907CE7C68251389D1696BF701E917B69B2C9EBC494D4195EE0D5256C56AE08B4B40C72F96545F44B
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:56.433 1f98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/08/23-19:10:56.444 1f98 Recovering log #3.2024/08/23-19:10:56.444 1f98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):8.280239615765425E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):524656
                                                                          Entropy (8bit):5.027445846313988E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:Lsul3//:LsY
                                                                          MD5:A1AAE811320A157BBA94636E2EE4F7AC
                                                                          SHA1:E20AF423F93503D013443B54E77CE42DD2862F47
                                                                          SHA-256:5249A1E248A3C7B6E15AE4484FB8E272BBED2FAD444A8843FC14FBAAB802127E
                                                                          SHA-512:ED6DD2A4A43E236F07ED66CE5D52EE4C879B83730ACB1BB19FA22B2BB6B1F6DDD44B25354C48733ABB3C906C68CDC39B5F76F43C32F743104957928C71BF6A38
                                                                          Malicious:false
                                                                          Preview:..........................................(,.~/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):0.0012471779557650352
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):262512
                                                                          Entropy (8bit):9.553120663130604E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsNlp+t:Ls3s
                                                                          MD5:1C5B7BF33085370E04C37E6C3004174E
                                                                          SHA1:2CE7F6C495C9F974961A86E52CDFE9F3DCD8E926
                                                                          SHA-256:E7BCD8C8923549A8C779DAA1E2A0947D683B84C827B3B5DB6FD6B7D11C4B9BDD
                                                                          SHA-512:C305C9ED11B623782E4AB4861F25983FAAA516190E607D2DB623F801DB0B431C0969FE2759E52659D2E803A532C3BF1BB100533C66C74E0DC2B517ED3D714C29
                                                                          Malicious:false
                                                                          Preview:.........................................U.+.~/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):0.0012471779557650352
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):432
                                                                          Entropy (8bit):5.271843109896443
                                                                          Encrypted:false
                                                                          SSDEEP:12:NPu4vYfYebvqBQFUt88Px8J/+8P/v3D5JfYebvqBvJ:NPuKYfYebvZg88PS/P/v3VJfYebvk
                                                                          MD5:448D7ED05A38F1F7D2BE0CC415ED012F
                                                                          SHA1:E1DB0A293CDD57FA277F867CB0B3A9C345374C4E
                                                                          SHA-256:BC8B16F56259CB0E6173A4C92003BA66C5E146FF30CCD693BDBDAC54C27CD9C6
                                                                          SHA-512:3A2EB93321798623AABA57679FA13DB4EDDDAE07DF24B5592FBAD6DAB199EA5086E874D0892FCAE4C3A67DF0E7E71F3CEAAA4106E8E881EA8382DA0E31A20646
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:57.785 11f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/08/23-19:10:57.789 11f0 Recovering log #3.2024/08/23-19:10:57.881 11f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):432
                                                                          Entropy (8bit):5.271843109896443
                                                                          Encrypted:false
                                                                          SSDEEP:12:NPu4vYfYebvqBQFUt88Px8J/+8P/v3D5JfYebvqBvJ:NPuKYfYebvZg88PS/P/v3VJfYebvk
                                                                          MD5:448D7ED05A38F1F7D2BE0CC415ED012F
                                                                          SHA1:E1DB0A293CDD57FA277F867CB0B3A9C345374C4E
                                                                          SHA-256:BC8B16F56259CB0E6173A4C92003BA66C5E146FF30CCD693BDBDAC54C27CD9C6
                                                                          SHA-512:3A2EB93321798623AABA57679FA13DB4EDDDAE07DF24B5592FBAD6DAB199EA5086E874D0892FCAE4C3A67DF0E7E71F3CEAAA4106E8E881EA8382DA0E31A20646
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:57.785 11f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/08/23-19:10:57.789 11f0 Recovering log #3.2024/08/23-19:10:57.881 11f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\9be46351-d7a6-4253-a433-7a5aea730ab2.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):193
                                                                          Entropy (8bit):4.864047146590611
                                                                          Encrypted:false
                                                                          SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                          MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                          SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                          SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                          SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3c0e0.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):193
                                                                          Entropy (8bit):4.864047146590611
                                                                          Encrypted:false
                                                                          SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                          MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                          SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                          SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                          SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                          Category:dropped
                                                                          Size (bytes):36864
                                                                          Entropy (8bit):0.555790634850688
                                                                          Encrypted:false
                                                                          SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                          MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                          SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                          SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                          SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2bf10.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                          Category:dropped
                                                                          Size (bytes):36864
                                                                          Entropy (8bit):0.36515621748816035
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                          MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                          SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                          SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                          SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a4503f6e-2792-4a26-a603-e93b22db2880.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b02b92ad-21c2-4058-9d88-65110b23d436.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\daf9f001-8814-46ac-b99c-38210a432e70.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):111
                                                                          Entropy (8bit):4.718418993774295
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                          MD5:285252A2F6327D41EAB203DC2F402C67
                                                                          SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                          SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                          SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):80
                                                                          Entropy (8bit):3.4921535629071894
                                                                          Encrypted:false
                                                                          SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                          MD5:69449520FD9C139C534E2970342C6BD8
                                                                          SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                          SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                          SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                          Malicious:false
                                                                          Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):420
                                                                          Entropy (8bit):5.219170947897643
                                                                          Encrypted:false
                                                                          SSDEEP:12:NPV4vYfYebvqBZFUt88PqJ/+8PLvD5JfYebvqBaJ:NPVKYfYebvyg88Pq/PDVJfYebvL
                                                                          MD5:3F549EF0A85832738D282F0D2A6B4253
                                                                          SHA1:95B836EBB0853CB0E9F204A8045C026C5EA9234F
                                                                          SHA-256:3B4E226F802DFF418554FAD519E5F25F29F7B854990BAEED466B60B8D50B09D5
                                                                          SHA-512:6D80150AA057754989C07FDE59D86856765650BCA6815BF258846EF479804EA2B96C837A106B1CCAEFB1E55DC7062413F70DA90BE27F0F3DD8B324D05D001E54
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:11:13.398 11f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/08/23-19:11:13.399 11f0 Recovering log #3.2024/08/23-19:11:13.402 11f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):420
                                                                          Entropy (8bit):5.219170947897643
                                                                          Encrypted:false
                                                                          SSDEEP:12:NPV4vYfYebvqBZFUt88PqJ/+8PLvD5JfYebvqBaJ:NPVKYfYebvyg88Pq/PDVJfYebvL
                                                                          MD5:3F549EF0A85832738D282F0D2A6B4253
                                                                          SHA1:95B836EBB0853CB0E9F204A8045C026C5EA9234F
                                                                          SHA-256:3B4E226F802DFF418554FAD519E5F25F29F7B854990BAEED466B60B8D50B09D5
                                                                          SHA-512:6D80150AA057754989C07FDE59D86856765650BCA6815BF258846EF479804EA2B96C837A106B1CCAEFB1E55DC7062413F70DA90BE27F0F3DD8B324D05D001E54
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:11:13.398 11f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/08/23-19:11:13.399 11f0 Recovering log #3.2024/08/23-19:11:13.402 11f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):326
                                                                          Entropy (8bit):5.264777998092215
                                                                          Encrypted:false
                                                                          SSDEEP:6:NP64WWFG+q2Pwkn23oH+TcwtpIFUt88P642Zmw+8P64Yur3VkwOwkn23oH+Tcwt7:NP7FHvYfYebmFUt88Po/+8PeuR5JfYev
                                                                          MD5:67FA2A09A81009826142067EB93CA26C
                                                                          SHA1:2F007E0B553320D71F67EC9F076E1020E7839648
                                                                          SHA-256:D2B97C80E0D825F2775F63C4B1A2CCA502584B935041C6260928B6C48B24CFE1
                                                                          SHA-512:14730DA02565311741CAA8070B8B0DFCDBF94DF1B497965449214EA2329F22FED0A4E708790498787739B4E1F69147EAC0D2BC95DFAF94914B57C544FC1E09D3
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:56.453 1f88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/08/23-19:10:56.488 1f88 Recovering log #3.2024/08/23-19:10:56.544 1f88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):326
                                                                          Entropy (8bit):5.264777998092215
                                                                          Encrypted:false
                                                                          SSDEEP:6:NP64WWFG+q2Pwkn23oH+TcwtpIFUt88P642Zmw+8P64Yur3VkwOwkn23oH+Tcwt7:NP7FHvYfYebmFUt88Po/+8PeuR5JfYev
                                                                          MD5:67FA2A09A81009826142067EB93CA26C
                                                                          SHA1:2F007E0B553320D71F67EC9F076E1020E7839648
                                                                          SHA-256:D2B97C80E0D825F2775F63C4B1A2CCA502584B935041C6260928B6C48B24CFE1
                                                                          SHA-512:14730DA02565311741CAA8070B8B0DFCDBF94DF1B497965449214EA2329F22FED0A4E708790498787739B4E1F69147EAC0D2BC95DFAF94914B57C544FC1E09D3
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:56.453 1f88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/08/23-19:10:56.488 1f88 Recovering log #3.2024/08/23-19:10:56.544 1f88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):28672
                                                                          Entropy (8bit):0.26707851465859517
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                                          MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                                          SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                                          SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                                          SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):131072
                                                                          Entropy (8bit):0.005567161523650777
                                                                          Encrypted:false
                                                                          SSDEEP:3:ImtVx//l/2DgeXlPyE/lUvult:IiVt/iXYEtUy
                                                                          MD5:94679413F709C01AF03CCBEC66403017
                                                                          SHA1:56FA5180984F3378C2750659D92A5AEA5C45540B
                                                                          SHA-256:A537781DB77DB11034F76659D2631D354A63FDE8F89B3246E2D2CF55811CAA5C
                                                                          SHA-512:991C382BD968752E807E47627452A191C00AEA2056E9800A5509D648402273AB0EC156F3E08A3FD1313749812C8300F8A3440BDBCEFBC3C78E9124C1A5480A3B
                                                                          Malicious:false
                                                                          Preview:VLnk.....?.........u.6Q.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5
                                                                          Category:dropped
                                                                          Size (bytes):184320
                                                                          Entropy (8bit):1.067257639292145
                                                                          Encrypted:false
                                                                          SSDEEP:192:QSqzWMMUfTOnGCTjHbRJkkqtXaWTK+hGgH+6e7EHVumYPen6:QrzWMffinzkkqtXnTK+hNH+5EVumB
                                                                          MD5:C1926E866A15C7529F451A24922362A2
                                                                          SHA1:7A81206CF84035DB8B3419283F43729A2A675E20
                                                                          SHA-256:04620E933E20E851B766B44588D3779DBF24BD37CC144E5C9D104F536D1ABB88
                                                                          SHA-512:B43EDF5AD974500525E697054AA56EE0B7C6F1CCAF407025CEEDAB66E8D018658AE645E813FC99E3730D6C8B35D84EE3B1F2D3BD6B1D56DD03BC1E78D31B64A4
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ .......Y...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
                                                                          Category:dropped
                                                                          Size (bytes):14336
                                                                          Entropy (8bit):1.4150603866372211
                                                                          Encrypted:false
                                                                          SSDEEP:48:uOK3tjkSdj5IUltGhp22iSBgj2RykrYVudwl2RykrYjxj/:PtSjGhp22iS3f0jAf0d
                                                                          MD5:4CA68E5609B0FB7461D9AD278F0D0060
                                                                          SHA1:E2511E94A3A044A22139CF322C1D2468A32A5C7E
                                                                          SHA-256:FDB411BB8AFCD637574A268E4CD2F4B157BD30B3C511694E3048DD4A9877A8B2
                                                                          SHA-512:7D674146E4BA535AA6D88C6710BB43BDAD1BEF4D8634F67C841D43032C21D6B7C5642AE58137B91A1BBA5D7504C3BB8888ED08EE96CD48DF04E575793640C52A
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):40960
                                                                          Entropy (8bit):0.41235120905181716
                                                                          Encrypted:false
                                                                          SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                          MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                          SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                          SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                          SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a746d35c-9167-4d6c-9c67-8f39ba8e5e0c.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):34462
                                                                          Entropy (8bit):5.55822618233903
                                                                          Encrypted:false
                                                                          SSDEEP:768:YO+sUUWPr3fR28F1+UoAYDCx9Tuqh0VfUC9xbog/OV5qhv2rwevmUDdKpEtue:YO+sUUWPr3fR2u1jakwvTevmuJtJ
                                                                          MD5:FF378E8DF48688BA595EAB1A441D439C
                                                                          SHA1:4EDB0F620D6D12A04DDD9AB60F2A19EBE8A2D4E0
                                                                          SHA-256:C7BF664AB41A34FB5999EFFC2DC8AB0F425345420350C7F53150A35453DB34EA
                                                                          SHA-512:48975BBE24A182051023C41F820139CA333247635FFC6AC717BCC4D1DFDF8D6973F4ECBB04EA6A61B5C1D28FE9B5A2871AF5B65F49DE42911E3A8C5AB13FF289
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13368928256046460","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13368928256046460","location":5,"ma

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):11755
                                                                          Entropy (8bit):5.190465908239046
                                                                          Encrypted:false
                                                                          SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                          MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                          SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                          SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                          SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                          Malicious:false
                                                                          Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cc6a4bcf-ac53-41ba-81af-e41d6df2afaa.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):13579
                                                                          Entropy (8bit):5.24090035594285
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVcJ9pQTryZiuaba4uyxJwOC3WAPFp1YW3Q8bpj+FbYQAu0L1f:sVcLAJuCJw93PPpUUQ7k
                                                                          MD5:5EA0B8A2523A6643C7AEDC50EAF26F88
                                                                          SHA1:C812EFE0C6A0C72A0EBBE7A3E4082C81B143E01E
                                                                          SHA-256:4F6A88CCAB42D93888F51FE205B39F7F03B5ADCD1DC8F0E664F6DA2F19E60505
                                                                          SHA-512:4133C45E6A8899DAC69C0F4E8C9623710BEC30E92256C14E8BFA9A502566966626A23B5FC07A8D1FC812F1B4E6AA157FC23606F25A8E7197CA95EFA867A5390C
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13368928257348416","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):28672
                                                                          Entropy (8bit):0.3410017321959524
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                          MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                          SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                          SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                          SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e0078f05-8114-40fc-a192-979cff8e3ec2.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):13689
                                                                          Entropy (8bit):5.239200823516053
                                                                          Encrypted:false
                                                                          SSDEEP:192:sVcJ9pQTryZiuaba4uyxJwOC3WAPFp1YW3Q8bpj+FbYQAW0L1f:sVcLAJuCJw93PPpUUQ3k
                                                                          MD5:7500659375888ABBF50C812C557BC8A2
                                                                          SHA1:3E403D77E78EF08C5955BE166D464FCD7CF7CCFC
                                                                          SHA-256:3C39A1ADF2A94232F0F522718CB96A17F8E17AEC720C7E5665D5EF213EED730D
                                                                          SHA-512:3B9160E12EB07A17B5EAF1D31E0712403D153B6E1981B16BBC19C2AF39B2D979F7BE5F0E5CD26765E56726EBED582AF394F4ED5896C4D382D38BDDF2A40D1076
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13368928257348416","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ef04d324-37fb-4cbb-a0e2-78896cfee348.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):16384
                                                                          Entropy (8bit):0.35226517389931394
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                                          MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                          SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                          SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                          SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.09691305496869185
                                                                          Encrypted:false
                                                                          SSDEEP:6:G9l/Cwu0Il/Cwu+//9XHl/Vl/Unkl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/u:CtFItFFnnnnnnnnnnnnnnpEo
                                                                          MD5:9D704ED5C12871433A40B96FDAB1FDD4
                                                                          SHA1:651E87EF24CE327DF60DA3632B834306D9CDA09A
                                                                          SHA-256:FEA58F2747004D4471AA07FB4A81B79A53380A417BA842DEA7A0EE897E231416
                                                                          SHA-512:DCD89A492FC7194332E9D21EB18C4CBA2E87497448C881521B5B4F358537106FEBC9A7E5A1369185F4C32E021B48969BC89311B952E8BB0523F63674082D72A2
                                                                          Malicious:false
                                                                          Preview:..-.............H..........H.&./.5..u.&VG ~...;..-.............H..........H.&./.5..u.&VG ~...;........D...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                          Category:dropped
                                                                          Size (bytes):296672
                                                                          Entropy (8bit):1.0133098858441991
                                                                          Encrypted:false
                                                                          SSDEEP:768:cvgE44Gj2jLBxjcUjumjcrjlJwjqCjKVjjCijn:R2AL
                                                                          MD5:7117701E30F622E8660537BEA4A69573
                                                                          SHA1:40ACEF17EBED0A3C30E24667E28D5BB4645422A4
                                                                          SHA-256:2CC59A643F9B1B3C32B495F60212DBE4C503A3934C1C411317FA736834E605D4
                                                                          SHA-512:ED6438334DE3BF253CB6FA0D88B70AA628D9CF3211EC30726902E734A8FB34DD2354879DA5EEC8D6147F840F30C2D61239020395844C8C525B1FCDA022C914C3
                                                                          Malicious:false
                                                                          Preview:7....-........../.5..u.&...B...p......../.5..u.&.N.ZQf.N................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:modified
                                                                          Size (bytes):250
                                                                          Entropy (8bit):3.688891878236998
                                                                          Encrypted:false
                                                                          SSDEEP:3:VVXntjQPEnjQ0V+S/l3seGKT9rcQ6xoIQKUtlTxotlTxotlTxotlTxotlTxotlTy:/XntM+TV+il3sedhOoIQKUuuuuuu
                                                                          MD5:6D57EC27C1677F1B514CAAD8D55DD3F6
                                                                          SHA1:8CE0552411562798BECB2EFF24379BCBD632A671
                                                                          SHA-256:155CD2F0B1ABE1F529FBA251D60908F92E7BF9B71324ADC8C373E46AF6D4CB8B
                                                                          SHA-512:6E813DCB0D738A3ED14C9C2A8D27E7793230BDE00512FDB828D68ACAFF9DEF745B2BA612CDDE98D00BD4923CEF7DABDE1E580666689C82FC69EE7288DB472A71
                                                                          Malicious:false
                                                                          Preview:A..r.................20_1_1...1.,U.................20_1_1...1..0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):281
                                                                          Entropy (8bit):5.269212216300902
                                                                          Encrypted:false
                                                                          SSDEEP:6:NP64ds1wkn23oH+Tcwtfrl2KLlLP64FAOq2Pwkn23oH+TcwtfrK+IFUv:NPzLfYeb1L1PzAOvYfYeb23FUv
                                                                          MD5:B5B1657AD26500ED287F6115A0177FC3
                                                                          SHA1:13011FA2D60A6E7BC46F1472306F914A4CE6E966
                                                                          SHA-256:2485E5480C761C53449DCDE4779BBC9D07B0B487D2728BCA1C07EC76711B510B
                                                                          SHA-512:6F5C62A747201FD42387558F55431E0E78159F34B781B3813B98D1FAAD8715CE03D7CD66EF0ECB00EF2B2F2F36C3C9F05245681CE29D638CD156DC4F4D7DE99C
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:57.354 1f50 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2024/08/23-19:10:57.365 1f50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):617
                                                                          Entropy (8bit):3.9325179151892424
                                                                          Encrypted:false
                                                                          SSDEEP:12:G0nYUteza//z3p/Uz0RuWlJhC+lvBavRtin01zv0:G0nYUtezaD3RUovhC+lvBOL0
                                                                          MD5:AD15D72AA4792C14DDD002CED70E8245
                                                                          SHA1:30D0E75166FDA7126A73480EE3222C193231B579
                                                                          SHA-256:17A781FB31D3176491D9B277ADEEE5521972C68956A2271637BBCBFEB27D6A7D
                                                                          SHA-512:20B8D19B529A392FE0CBB44844926210D98C477498377B8370AA3A3A763C047EF96BE341686406522868EF848C83EF5EF4792B17CDD0462D4680EDA542C8A54F
                                                                          Malicious:false
                                                                          Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....n[.=.................33_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.....

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):299
                                                                          Entropy (8bit):5.2137335869565
                                                                          Encrypted:false
                                                                          SSDEEP:6:NP64tqs1wkn23oH+Tcwtfrzs52KLlLP643q2Pwkn23oH+TcwtfrzAdIFUv:NPnqLfYebs9L1P9vYfYeb9FUv
                                                                          MD5:F2F3C8AB316B99F73165FE055C17AF48
                                                                          SHA1:787978409172416B265DE0F87FE8DA04962DEBC9
                                                                          SHA-256:3571B291A1D4DB2FD95D16E5772F304CDB0D32319F42A87E99154D9E62A0CEEA
                                                                          SHA-512:4FD02599CC5855A07B7A17540EA0B0F06B523AD3F95F41A292A07A672D082090C384A384AD852858E68E8E0880B4D45E77792884706E37D1ACA2C18D89F8D728
                                                                          Malicious:false
                                                                          Preview:2024/08/23-19:10:57.351 1f50 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2024/08/23-19:10:57.358 1f50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):8.280239615765425E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):262512
                                                                          Entropy (8bit):9.553120663130604E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsNl/duX:Ls3/0
                                                                          MD5:5B1DA40461DB90638B1BD9B2C85FC9FB
                                                                          SHA1:AFE3BB6BB6FFFF4164E9B2F1BD2F44F42BD5E68B
                                                                          SHA-256:7683DA66DFCFA870C5CA38429464D4654ABAFD1465A3547B275D9166303DA970
                                                                          SHA-512:AA1A463D3CC87CF46C8F7122B2E1C18D92B6684D3A520073967A4920F45FCFFB69454035E75F1D5FB5BB63AB72615BCCF187C94E1D648D8C14D357BB7AF998A8
                                                                          Malicious:false
                                                                          Preview:.........................................O.+.~/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):8.280239615765425E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):262512
                                                                          Entropy (8bit):9.553120663130604E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsNlX//:Ls3v
                                                                          MD5:F3EB105D2ADB3DD274C4FB3FA376AB27
                                                                          SHA1:406E12BF9DE275104DE275AB582AFE76688F29A2
                                                                          SHA-256:4FCEC8C7D8C377C66314104A031B306B86B453315D1AC496FF4256B50E488F21
                                                                          SHA-512:D33A84B91F6B3D245A5A75FCD4778204D0B2B90B87A0B8BCBD782D1B39CDCF789667AD6123F8A5B2E72B45729364595A6940AD44827D916E61E808A6E55B6B75
                                                                          Malicious:false
                                                                          Preview:........................................$F.+.~/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):120
                                                                          Entropy (8bit):3.32524464792714
                                                                          Encrypted:false
                                                                          SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                          MD5:A397E5983D4A1619E36143B4D804B870
                                                                          SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                          SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                          SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                          Malicious:false
                                                                          Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):13
                                                                          Entropy (8bit):2.7192945256669794
                                                                          Encrypted:false
                                                                          SSDEEP:3:NYLFRQI:ap2I
                                                                          MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                          SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                          SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                          SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                          Malicious:false
                                                                          Preview:117.0.2045.47

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.794928566978235
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfOvff5ih/cI9URLl8RotolMFVvlwhne4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akmYeiRUyhZ6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:8020D99949F9B2E289A8A479CAF6894C
                                                                          SHA1:8FDFCDFE6C17394842B754D8AC1A418307E87E4B
                                                                          SHA-256:3147AE078891464E375F14C8E3C84FC340ADA7A0E2C34D7253FCE6BC49992025
                                                                          SHA-512:4BD62C9D8D024B787EA752D8DC7482E1AA2DAE67787DEF7AE87A9820F7BF9BB67B740B56C8880E169413A31128510B2DCB0CA494798D495C73029BE3685E4281
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABQ5jNOkPWgQYjUYMNQRKH/EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAysOs8XKTgHaP+CnVCG2FTuCoiGYT7OMUu3HTIGcsPmQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28ce4.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.794928566978235
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfOvff5ih/cI9URLl8RotolMFVvlwhne4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akmYeiRUyhZ6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:8020D99949F9B2E289A8A479CAF6894C
                                                                          SHA1:8FDFCDFE6C17394842B754D8AC1A418307E87E4B
                                                                          SHA-256:3147AE078891464E375F14C8E3C84FC340ADA7A0E2C34D7253FCE6BC49992025
                                                                          SHA-512:4BD62C9D8D024B787EA752D8DC7482E1AA2DAE67787DEF7AE87A9820F7BF9BB67B740B56C8880E169413A31128510B2DCB0CA494798D495C73029BE3685E4281
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABQ5jNOkPWgQYjUYMNQRKH/EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAysOs8XKTgHaP+CnVCG2FTuCoiGYT7OMUu3HTIGcsPmQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28d61.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.794928566978235
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfOvff5ih/cI9URLl8RotolMFVvlwhne4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akmYeiRUyhZ6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:8020D99949F9B2E289A8A479CAF6894C
                                                                          SHA1:8FDFCDFE6C17394842B754D8AC1A418307E87E4B
                                                                          SHA-256:3147AE078891464E375F14C8E3C84FC340ADA7A0E2C34D7253FCE6BC49992025
                                                                          SHA-512:4BD62C9D8D024B787EA752D8DC7482E1AA2DAE67787DEF7AE87A9820F7BF9BB67B740B56C8880E169413A31128510B2DCB0CA494798D495C73029BE3685E4281
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABQ5jNOkPWgQYjUYMNQRKH/EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAysOs8XKTgHaP+CnVCG2FTuCoiGYT7OMUu3HTIGcsPmQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF29234.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.794928566978235
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfOvff5ih/cI9URLl8RotolMFVvlwhne4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akmYeiRUyhZ6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:8020D99949F9B2E289A8A479CAF6894C
                                                                          SHA1:8FDFCDFE6C17394842B754D8AC1A418307E87E4B
                                                                          SHA-256:3147AE078891464E375F14C8E3C84FC340ADA7A0E2C34D7253FCE6BC49992025
                                                                          SHA-512:4BD62C9D8D024B787EA752D8DC7482E1AA2DAE67787DEF7AE87A9820F7BF9BB67B740B56C8880E169413A31128510B2DCB0CA494798D495C73029BE3685E4281
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABQ5jNOkPWgQYjUYMNQRKH/EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAysOs8XKTgHaP+CnVCG2FTuCoiGYT7OMUu3HTIGcsPmQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF29272.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.794928566978235
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfOvff5ih/cI9URLl8RotolMFVvlwhne4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akmYeiRUyhZ6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:8020D99949F9B2E289A8A479CAF6894C
                                                                          SHA1:8FDFCDFE6C17394842B754D8AC1A418307E87E4B
                                                                          SHA-256:3147AE078891464E375F14C8E3C84FC340ADA7A0E2C34D7253FCE6BC49992025
                                                                          SHA-512:4BD62C9D8D024B787EA752D8DC7482E1AA2DAE67787DEF7AE87A9820F7BF9BB67B740B56C8880E169413A31128510B2DCB0CA494798D495C73029BE3685E4281
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABQ5jNOkPWgQYjUYMNQRKH/EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAysOs8XKTgHaP+CnVCG2FTuCoiGYT7OMUu3HTIGcsPmQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b924.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.794928566978235
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfOvff5ih/cI9URLl8RotolMFVvlwhne4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akmYeiRUyhZ6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:8020D99949F9B2E289A8A479CAF6894C
                                                                          SHA1:8FDFCDFE6C17394842B754D8AC1A418307E87E4B
                                                                          SHA-256:3147AE078891464E375F14C8E3C84FC340ADA7A0E2C34D7253FCE6BC49992025
                                                                          SHA-512:4BD62C9D8D024B787EA752D8DC7482E1AA2DAE67787DEF7AE87A9820F7BF9BB67B740B56C8880E169413A31128510B2DCB0CA494798D495C73029BE3685E4281
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABQ5jNOkPWgQYjUYMNQRKH/EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAysOs8XKTgHaP+CnVCG2FTuCoiGYT7OMUu3HTIGcsPmQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d557.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.794928566978235
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfOvff5ih/cI9URLl8RotolMFVvlwhne4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akmYeiRUyhZ6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:8020D99949F9B2E289A8A479CAF6894C
                                                                          SHA1:8FDFCDFE6C17394842B754D8AC1A418307E87E4B
                                                                          SHA-256:3147AE078891464E375F14C8E3C84FC340ADA7A0E2C34D7253FCE6BC49992025
                                                                          SHA-512:4BD62C9D8D024B787EA752D8DC7482E1AA2DAE67787DEF7AE87A9820F7BF9BB67B740B56C8880E169413A31128510B2DCB0CA494798D495C73029BE3685E4281
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABQ5jNOkPWgQYjUYMNQRKH/EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAysOs8XKTgHaP+CnVCG2FTuCoiGYT7OMUu3HTIGcsPmQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d5d4.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.794928566978235
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfOvff5ih/cI9URLl8RotolMFVvlwhne4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akmYeiRUyhZ6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:8020D99949F9B2E289A8A479CAF6894C
                                                                          SHA1:8FDFCDFE6C17394842B754D8AC1A418307E87E4B
                                                                          SHA-256:3147AE078891464E375F14C8E3C84FC340ADA7A0E2C34D7253FCE6BC49992025
                                                                          SHA-512:4BD62C9D8D024B787EA752D8DC7482E1AA2DAE67787DEF7AE87A9820F7BF9BB67B740B56C8880E169413A31128510B2DCB0CA494798D495C73029BE3685E4281
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABQ5jNOkPWgQYjUYMNQRKH/EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAysOs8XKTgHaP+CnVCG2FTuCoiGYT7OMUu3HTIGcsPmQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d5e4.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.794928566978235
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfOvff5ih/cI9URLl8RotolMFVvlwhne4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akmYeiRUyhZ6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:8020D99949F9B2E289A8A479CAF6894C
                                                                          SHA1:8FDFCDFE6C17394842B754D8AC1A418307E87E4B
                                                                          SHA-256:3147AE078891464E375F14C8E3C84FC340ADA7A0E2C34D7253FCE6BC49992025
                                                                          SHA-512:4BD62C9D8D024B787EA752D8DC7482E1AA2DAE67787DEF7AE87A9820F7BF9BB67B740B56C8880E169413A31128510B2DCB0CA494798D495C73029BE3685E4281
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABQ5jNOkPWgQYjUYMNQRKH/EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAysOs8XKTgHaP+CnVCG2FTuCoiGYT7OMUu3HTIGcsPmQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f543.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.794928566978235
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfOvff5ih/cI9URLl8RotolMFVvlwhne4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akmYeiRUyhZ6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:8020D99949F9B2E289A8A479CAF6894C
                                                                          SHA1:8FDFCDFE6C17394842B754D8AC1A418307E87E4B
                                                                          SHA-256:3147AE078891464E375F14C8E3C84FC340ADA7A0E2C34D7253FCE6BC49992025
                                                                          SHA-512:4BD62C9D8D024B787EA752D8DC7482E1AA2DAE67787DEF7AE87A9820F7BF9BB67B740B56C8880E169413A31128510B2DCB0CA494798D495C73029BE3685E4281
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABQ5jNOkPWgQYjUYMNQRKH/EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAysOs8XKTgHaP+CnVCG2FTuCoiGYT7OMUu3HTIGcsPmQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f562.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.794928566978235
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfOvff5ih/cI9URLl8RotolMFVvlwhne4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akmYeiRUyhZ6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:8020D99949F9B2E289A8A479CAF6894C
                                                                          SHA1:8FDFCDFE6C17394842B754D8AC1A418307E87E4B
                                                                          SHA-256:3147AE078891464E375F14C8E3C84FC340ADA7A0E2C34D7253FCE6BC49992025
                                                                          SHA-512:4BD62C9D8D024B787EA752D8DC7482E1AA2DAE67787DEF7AE87A9820F7BF9BB67B740B56C8880E169413A31128510B2DCB0CA494798D495C73029BE3685E4281
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABQ5jNOkPWgQYjUYMNQRKH/EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAysOs8XKTgHaP+CnVCG2FTuCoiGYT7OMUu3HTIGcsPmQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a048.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.794928566978235
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfOvff5ih/cI9URLl8RotolMFVvlwhne4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akmYeiRUyhZ6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:8020D99949F9B2E289A8A479CAF6894C
                                                                          SHA1:8FDFCDFE6C17394842B754D8AC1A418307E87E4B
                                                                          SHA-256:3147AE078891464E375F14C8E3C84FC340ADA7A0E2C34D7253FCE6BC49992025
                                                                          SHA-512:4BD62C9D8D024B787EA752D8DC7482E1AA2DAE67787DEF7AE87A9820F7BF9BB67B740B56C8880E169413A31128510B2DCB0CA494798D495C73029BE3685E4281
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABQ5jNOkPWgQYjUYMNQRKH/EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAysOs8XKTgHaP+CnVCG2FTuCoiGYT7OMUu3HTIGcsPmQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c768.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.794928566978235
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfOvff5ih/cI9URLl8RotolMFVvlwhne4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akmYeiRUyhZ6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:8020D99949F9B2E289A8A479CAF6894C
                                                                          SHA1:8FDFCDFE6C17394842B754D8AC1A418307E87E4B
                                                                          SHA-256:3147AE078891464E375F14C8E3C84FC340ADA7A0E2C34D7253FCE6BC49992025
                                                                          SHA-512:4BD62C9D8D024B787EA752D8DC7482E1AA2DAE67787DEF7AE87A9820F7BF9BB67B740B56C8880E169413A31128510B2DCB0CA494798D495C73029BE3685E4281
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABQ5jNOkPWgQYjUYMNQRKH/EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAysOs8XKTgHaP+CnVCG2FTuCoiGYT7OMUu3HTIGcsPmQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ff31.TMP (copy)

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.794928566978235
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfOvff5ih/cI9URLl8RotolMFVvlwhne4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akmYeiRUyhZ6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:8020D99949F9B2E289A8A479CAF6894C
                                                                          SHA1:8FDFCDFE6C17394842B754D8AC1A418307E87E4B
                                                                          SHA-256:3147AE078891464E375F14C8E3C84FC340ADA7A0E2C34D7253FCE6BC49992025
                                                                          SHA-512:4BD62C9D8D024B787EA752D8DC7482E1AA2DAE67787DEF7AE87A9820F7BF9BB67B740B56C8880E169413A31128510B2DCB0CA494798D495C73029BE3685E4281
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABQ5jNOkPWgQYjUYMNQRKH/EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAysOs8XKTgHaP+CnVCG2FTuCoiGYT7OMUu3HTIGcsPmQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.5963118027796015
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                                          MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                                          SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                                          SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                                          SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.01057775872642915
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsFl:/F
                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                          Malicious:false
                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):8.280239615765425E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.011852361981932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsHlDll:/H
                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8192
                                                                          Entropy (8bit):0.012340643231932763
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsGl3ll:/y
                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                          Category:dropped
                                                                          Size (bytes):262512
                                                                          Entropy (8bit):9.553120663130604E-4
                                                                          Encrypted:false
                                                                          SSDEEP:3:LsNlm/:Ls3m
                                                                          MD5:585B0AFE65C16D4FCACE5DAE7EA10F0D
                                                                          SHA1:121A83F6387A8444FAAF8E02D0913CF358CDEA81
                                                                          SHA-256:AC47C77618A7ADFE207DD9BD973C74C4F6ACFF7DAEA79AC82406562F60A70A62
                                                                          SHA-512:05D4204FC397012E4933857E8C18FBB1AE98632600BBFA48D564FEFEC4A9A316EE1786CE3544EDC7E75E9B179407C888D840C1D8F92D4E47D10FAA3AF59A3EFB
                                                                          Malicious:false
                                                                          Preview:........................................x..+.~/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):47
                                                                          Entropy (8bit):4.3818353308528755
                                                                          Encrypted:false
                                                                          SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                          MD5:48324111147DECC23AC222A361873FC5
                                                                          SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                          SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                          SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                          Malicious:false
                                                                          Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):35
                                                                          Entropy (8bit):4.014438730983427
                                                                          Encrypted:false
                                                                          SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                          MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                          SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                          SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                          SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                          Malicious:false
                                                                          Preview:{"forceServiceDetermination":false}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):29
                                                                          Entropy (8bit):3.922828737239167
                                                                          Encrypted:false
                                                                          SSDEEP:3:2NGw+K+:fwZ+
                                                                          MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                          SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                          SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                          SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                          Malicious:false
                                                                          Preview:customSynchronousLookupUris_0

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):35302
                                                                          Entropy (8bit):7.99333285466604
                                                                          Encrypted:true
                                                                          SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                          MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                          SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                          SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                          SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                          Malicious:false
                                                                          Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):18
                                                                          Entropy (8bit):3.5724312513221195
                                                                          Encrypted:false
                                                                          SSDEEP:3:kDnaV6bVon:kDYa2
                                                                          MD5:5692162977B015E31D5F35F50EFAB9CF
                                                                          SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                                          SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                                          SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                                          Malicious:false
                                                                          Preview:edgeSettings_2.0-0

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3581
                                                                          Entropy (8bit):4.459693941095613
                                                                          Encrypted:false
                                                                          SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                          MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                          SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                          SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                          SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                          Malicious:false
                                                                          Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):47
                                                                          Entropy (8bit):4.493433469104717
                                                                          Encrypted:false
                                                                          SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                                          MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                                          SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                                          SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                                          SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                                          Malicious:false
                                                                          Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):35302
                                                                          Entropy (8bit):7.99333285466604
                                                                          Encrypted:true
                                                                          SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                          MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                          SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                          SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                          SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                          Malicious:false
                                                                          Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):50
                                                                          Entropy (8bit):3.9904355005135823
                                                                          Encrypted:false
                                                                          SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                          MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                          SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                          SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                          SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                          Malicious:false
                                                                          Preview:topTraffic_170540185939602997400506234197983529371

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):575056
                                                                          Entropy (8bit):7.999649474060713
                                                                          Encrypted:true
                                                                          SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                          MD5:BE5D1A12C1644421F877787F8E76642D
                                                                          SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                          SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                          SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                          Malicious:false
                                                                          Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):86
                                                                          Entropy (8bit):4.389669793590032
                                                                          Encrypted:false
                                                                          SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                                                                          MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                                                                          SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                                                                          SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                                                                          SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                                                                          Malicious:false
                                                                          Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c02e70a0-5cec-4324-8c7e-97bd2b2a076d.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):8321
                                                                          Entropy (8bit):5.78943864381359
                                                                          Encrypted:false
                                                                          SSDEEP:192:fsNwmKeiRUt5jGkMw6qRAq1k8SPxVLZ7VTiQ:fsNwH4NVMw6q3QxVNZTiQ
                                                                          MD5:7C9C34A9E645A2114930C1EA0AEA0A13
                                                                          SHA1:8D99BBB11C255B1EDDA71057B9F284CB71680AE5
                                                                          SHA-256:B38D71AF89AD5E7E978A4D4FE60C75FF766703D46C1C844FF9B478B545B3B709
                                                                          SHA-512:2FCCA286D8F770BD087CFE5C9CCBF57751369F079E77B7BE45396B685510A352A78EE9380879007C443861BC3B32B7CDCEC32DAC5932CF52641ECD5CA163791C
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c3a71620-db3a-4b94-9c1c-59da02cd0e3f.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):24007
                                                                          Entropy (8bit):6.05036445477046
                                                                          Encrypted:false
                                                                          SSDEEP:384:FtM7XKnG7EtlXrjYJUoLUJqHsdZsJHaVsNwh0lAxtMcMkX4Rm336kVvt6wo:PM7X2zt1jKYqHkZeM1WSxGcMkX4R836/
                                                                          MD5:49214D0425DF8CAE0B6C466744739FF3
                                                                          SHA1:4BBE353DCF59EA6144A023A6EA65BE64BE73F4A1
                                                                          SHA-256:915B64FAF4B43A0424885371467FF3FE64247137F25D15C0B8D2E2B747BEE469
                                                                          SHA-512:736C13A90FFE3566572BBDEA5FFB5F526ABE32CC162B9A673B54F662A660B56CFB1E98BAD46E43261BCBE369C1B37E88B05A91CBF284E6F559DB12EB56F707C5
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13368928257611696","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\cad2e16a-29b3-4dd1-b2c4-0c6fff78458a.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):25093
                                                                          Entropy (8bit):6.032244489799757
                                                                          Encrypted:false
                                                                          SSDEEP:768:PM7X2zt1jKYqHkZeQ1WSnCVM04R836kJt6y:PMSzvKYqsX1h436ct6y
                                                                          MD5:AD8592B20374123FED2C78F8CFBFEF0D
                                                                          SHA1:2F9B72F7590A7634883027E68E8CD371C5532D68
                                                                          SHA-256:3768E61CA0DDD178070DEEB585F762DBEE8D631B9BBAFFCA4807CB7C58862730
                                                                          SHA-512:93C1933AAF55741E33E553ABD08ACD6875861E6D567B834136F5E42897123454E4E025E4D273E20C9C9A9EA51AD0B419D347266EC460E1EF40CF2E7C572A5420
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13368928257611696","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d13414b6-86e8-4821-bcd9-160177a6885e.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6820
                                                                          Entropy (8bit):5.794928566978235
                                                                          Encrypted:false
                                                                          SSDEEP:96:iaqkHfOvff5ih/cI9URLl8RotolMFVvlwhne4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akmYeiRUyhZ6qRAq1k8SPxVLZ7VTiq
                                                                          MD5:8020D99949F9B2E289A8A479CAF6894C
                                                                          SHA1:8FDFCDFE6C17394842B754D8AC1A418307E87E4B
                                                                          SHA-256:3147AE078891464E375F14C8E3C84FC340ADA7A0E2C34D7253FCE6BC49992025
                                                                          SHA-512:4BD62C9D8D024B787EA752D8DC7482E1AA2DAE67787DEF7AE87A9820F7BF9BB67B740B56C8880E169413A31128510B2DCB0CA494798D495C73029BE3685E4281
                                                                          Malicious:false
                                                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABQ5jNOkPWgQYjUYMNQRKH/EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAysOs8XKTgHaP+CnVCG2FTuCoiGYT7OMUu3HTIGcsPmQAAAAA

                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\eb6e5f43-726e-4d44-b0e0-822f4557e9b2.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):22965
                                                                          Entropy (8bit):6.047301354108188
                                                                          Encrypted:false
                                                                          SSDEEP:384:FtM7XKnG7EtlXrjYJUoLUJqHsdZsJHaVsNwh0lACVM04Rm336kVvt6wN:PM7X2zt1jKYqHkZeM1WSCVM04R836kJf
                                                                          MD5:7A9C47D3D8CB89AEC39AB4B2688CD4D4
                                                                          SHA1:EA48774EBE4D110B2C09A85AF1E4F55956843A3B
                                                                          SHA-256:32259F5E24C6767C4F43ABEB7BB5FFB47A8E8E4AC5AF478D1E38DA6F2A1961A8
                                                                          SHA-512:7DA29F094B06BA4C920F247115B342C0973908845A2D9ED3FAFCCC97BC0CFF4D2DEF53C6A8658BB420DD60C508DB4B45EF117F35B512C38D8CC108BA37BF0E83
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13368928257611696","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):2278
                                                                          Entropy (8bit):3.843915629208627
                                                                          Encrypted:false
                                                                          SSDEEP:48:uiTrlKxrgx69xl9Il8umZ8L3hafHj8vVynG9d1rc:mRZYQZ8LUHDGG
                                                                          MD5:239C95FDD9B41FB1F90F9FD17217E6A8
                                                                          SHA1:EC944A9B7D8F1B9BFE51BB511AC5F4FBB1B3CAD8
                                                                          SHA-256:43DE90A8721BFBD440DA782C39DBDAA28900E0421EE8EA42CF98C8088A9BD773
                                                                          SHA-512:AA94C7F35CD6CDFBF09B700F47689F2BE6CC6387F93D9AD866060EA00C6B4AA7895714A20BECB2A1CC3D023CD69AD4E7F063CB6EEAB224FB96B677045DD5C6D2
                                                                          Malicious:false
                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.F.g.D.G.r.r.1.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.U.O.Y.z.T.p.

                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4622
                                                                          Entropy (8bit):4.000993256114747
                                                                          Encrypted:false
                                                                          SSDEEP:96:I9YJ0ka7HC8nUx/hwUqvP2XFprvBNSi2vr:I9EaO8X2V1vbSB
                                                                          MD5:C9A5A4E5A0D766DC6FD993B6FB2EDF44
                                                                          SHA1:6BB7856758158F3687F92BB21A316B859D476D11
                                                                          SHA-256:2F9A18A3C737699D200D15AF9150FA42CE727AA54723CED5BBC9DAD7D0904414
                                                                          SHA-512:2178A8A8E43A10A0B30E98085D2159E7D5353675BB1AAE874AF93D38DA0479DD8262EA2FE591D98A4C749518402655249BE7F6D3B7CF30DE462DC113B0A12369
                                                                          Malicious:false
                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".O.H.m.Q./.7.H.1.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.U.O.Y.z.T.p.

                                                                          C:\Users\user\AppData\Local\Temp\0851a52f-e44e-42c0-9e16-14931df1d75e.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.

                                                                          C:\Users\user\AppData\Local\Temp\26d8b094-3352-4bd9-957b-8f53dae65061.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                          Category:dropped
                                                                          Size (bytes):206855
                                                                          Entropy (8bit):7.983996634657522
                                                                          Encrypted:false
                                                                          SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                          MD5:788DF0376CE061534448AA17288FEA95
                                                                          SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                          SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                          SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                          Malicious:false
                                                                          Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                          C:\Users\user\AppData\Local\Temp\34e12570-f07b-4810-8494-837b296ac767.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.

                                                                          C:\Users\user\AppData\Local\Temp\3b851aed-31af-4712-8281-6e4f08699641.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):11185
                                                                          Entropy (8bit):7.951995436832936
                                                                          Encrypted:false
                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                          C:\Users\user\AppData\Local\Temp\5126c9f4-3d5f-4638-8963-c63427ca7a50.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902
                                                                          Category:dropped
                                                                          Size (bytes):76319
                                                                          Entropy (8bit):7.996132588300074
                                                                          Encrypted:true
                                                                          SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6w6DLZ8:GdS8scZNzFrMa4M+lK5/nEDd8
                                                                          MD5:24439F0E82F6A60E541FB2697F02043F
                                                                          SHA1:E3FAA84B0ED8CDD2268D53A0ECC6F3134D5EBD8F
                                                                          SHA-256:B24DD5C374F8BB381A48605D183B6590245EE802C65F643632A3BE9BB1F313C5
                                                                          SHA-512:8FD794657A9F80FDBC2350DC26A2C82DFD82266B934A4472B3319FDB870841C832137D4F5CE41D518859B8B1DA63031C6B7E750D301F87D6ECA45B958B147FCD
                                                                          Malicious:false
                                                                          Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                          C:\Users\user\AppData\Local\Temp\c2cac3cd-0876-4269-aef4-c6d433c3b061.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):135751
                                                                          Entropy (8bit):7.804610863392373
                                                                          Encrypted:false
                                                                          SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                          MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                          SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                          SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                          SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                          C:\Users\user\AppData\Local\Temp\cf9a2d72-3d75-49eb-a224-e50303897734.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 245064
                                                                          Category:dropped
                                                                          Size (bytes):480467
                                                                          Entropy (8bit):7.998196206572721
                                                                          Encrypted:true
                                                                          SSDEEP:12288:ebuUfUlncF8P9BzK6of3gHRiW4Gbah5FmMqSVKJL10ZeJ2I+:qugUGFMGaGGWbrqSVKJLOZeM
                                                                          MD5:656AEDB3EFA66523AACD53C02E19AEC7
                                                                          SHA1:3E84DFC01206F6C54B2948A815C47DC6FDC04F0C
                                                                          SHA-256:BFD8856EC7AE0D9D5346E9A456CA0521FA154DB70D8029AF27C67404D0865661
                                                                          SHA-512:2EDF2B34F9CC98524CCD768700E3F491FC8DBB910673C7AFEDBDFA918D26E0A4F63F33FD5D49C9B33EA739F5E95AA932C5193DB2FA0FD1846B26169EF496B465
                                                                          Malicious:false
                                                                          Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D

                                                                          C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):353
                                                                          Entropy (8bit):5.3522629967091735
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEvMeiiDqu56s/uvMe28A+jqGLQJjDrwv/uvMeMeY0OQfL56s/C:YgMeFj56s/KMefjqGL0Dkv/KMepY0OKC
                                                                          MD5:C9A93D2FEA832A66C0F34A703830CBAC
                                                                          SHA1:56D1C6BDEEB52CF9B1B22AD201FEDA1F667E9311
                                                                          SHA-256:2CB63061DA453B5E5633F45D9C1C5EA009952AD75976549E139E2E59581D2EB8
                                                                          SHA-512:A6DC403A41D53D0A2DB603B8A287B918CAAA9AAEABCE25F23F6E5D8AA07FAFF470E8612C8D501712378334F41C87A661559B042202BE57CDA216AEB44B8A652F
                                                                          Malicious:false
                                                                          Preview:{"logTime": "0823/231103", "correlationVector":"jFaTW8xb5d6DvTBBQ2HSj2","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "0823/231103", "correlationVector":"01AFFF2DFF6B4E8CA2319C9BEB772F6F","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "0823/231103", "correlationVector":"kIl/qufiou9+44FtzgvkuF","action":"EXTENSION_UPDATER", "result":""}.

                                                                          C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.4593089050301797
                                                                          Encrypted:false
                                                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                          MD5:D910AD167F0217587501FDCDB33CC544
                                                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                          Malicious:false
                                                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\128.png

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                          Category:dropped
                                                                          Size (bytes):4982
                                                                          Entropy (8bit):7.929761711048726
                                                                          Encrypted:false
                                                                          SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                          MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                          SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                          SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                          SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                          Malicious:false
                                                                          Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\af\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):908
                                                                          Entropy (8bit):4.512512697156616
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                          MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                          SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                          SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                          SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\am\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1285
                                                                          Entropy (8bit):4.702209356847184
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                          MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                          SHA1:58979859B28513608626B563138097DC19236F1F
                                                                          SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                          SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\ar\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1244
                                                                          Entropy (8bit):4.5533961615623735
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                          MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                          SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                          SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                          SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\az\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):977
                                                                          Entropy (8bit):4.867640976960053
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                          MD5:9A798FD298008074E59ECC253E2F2933
                                                                          SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                          SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                          SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\be\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3107
                                                                          Entropy (8bit):3.535189746470889
                                                                          Encrypted:false
                                                                          SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                          MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                          SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                          SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                          SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\bg\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1389
                                                                          Entropy (8bit):4.561317517930672
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                          MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                          SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                          SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                          SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\bn\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1763
                                                                          Entropy (8bit):4.25392954144533
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                          MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                          SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                          SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                          SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\ca\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):930
                                                                          Entropy (8bit):4.569672473374877
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                          MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                          SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                          SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                          SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\cs\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):913
                                                                          Entropy (8bit):4.947221919047
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                          MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                          SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                          SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                          SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\cy\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):806
                                                                          Entropy (8bit):4.815663786215102
                                                                          Encrypted:false
                                                                          SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                          MD5:A86407C6F20818972B80B9384ACFBBED
                                                                          SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                          SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                          SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\da\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):883
                                                                          Entropy (8bit):4.5096240460083905
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                          MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                          SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                          SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                          SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\de\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1031
                                                                          Entropy (8bit):4.621865814402898
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                          MD5:D116453277CC860D196887CEC6432FFE
                                                                          SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                          SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                          SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\el\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1613
                                                                          Entropy (8bit):4.618182455684241
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                          MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                          SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                          SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                          SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\en\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):851
                                                                          Entropy (8bit):4.4858053753176526
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\en_CA\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):851
                                                                          Entropy (8bit):4.4858053753176526
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\en_GB\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):848
                                                                          Entropy (8bit):4.494568170878587
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                          MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                          SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                          SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                          SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\en_US\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1425
                                                                          Entropy (8bit):4.461560329690825
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                          MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                          SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                          SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                          SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                          Malicious:false
                                                                          Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\es\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):961
                                                                          Entropy (8bit):4.537633413451255
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                          MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                          SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                          SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                          SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\es_419\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):959
                                                                          Entropy (8bit):4.570019855018913
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                          MD5:535331F8FB98894877811B14994FEA9D
                                                                          SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                          SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                          SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\et\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):968
                                                                          Entropy (8bit):4.633956349931516
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                          MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                          SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                          SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                          SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\eu\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):838
                                                                          Entropy (8bit):4.4975520913636595
                                                                          Encrypted:false
                                                                          SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                          MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                          SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                          SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                          SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\fa\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1305
                                                                          Entropy (8bit):4.673517697192589
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                          MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                          SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                          SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                          SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\fi\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):911
                                                                          Entropy (8bit):4.6294343834070935
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                          MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                          SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                          SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                          SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\fil\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):939
                                                                          Entropy (8bit):4.451724169062555
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                          MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                          SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                          SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                          SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\fr\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):977
                                                                          Entropy (8bit):4.622066056638277
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                          MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                          SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                          SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                          SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):972
                                                                          Entropy (8bit):4.621319511196614
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                          MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                          SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                          SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                          SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\gl\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):990
                                                                          Entropy (8bit):4.497202347098541
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                          MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                          SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                          SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                          SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\gu\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1658
                                                                          Entropy (8bit):4.294833932445159
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                          MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                          SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                          SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                          SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\hi\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1672
                                                                          Entropy (8bit):4.314484457325167
                                                                          Encrypted:false
                                                                          SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                          MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                          SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                          SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                          SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\hr\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):935
                                                                          Entropy (8bit):4.6369398601609735
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                          MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                          SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                          SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                          SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\hu\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1065
                                                                          Entropy (8bit):4.816501737523951
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                          MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                          SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                          SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                          SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\hy\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2771
                                                                          Entropy (8bit):3.7629875118570055
                                                                          Encrypted:false
                                                                          SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                          MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                          SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                          SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                          SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\id\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):858
                                                                          Entropy (8bit):4.474411340525479
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                          MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                          SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                          SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                          SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\is\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):954
                                                                          Entropy (8bit):4.631887382471946
                                                                          Encrypted:false
                                                                          SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                                          MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                                          SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                                          SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                                          SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\it\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):899
                                                                          Entropy (8bit):4.474743599345443
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                          MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                          SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                          SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                          SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\iw\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2230
                                                                          Entropy (8bit):3.8239097369647634
                                                                          Encrypted:false
                                                                          SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                          MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                          SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                          SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                          SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\ja\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1160
                                                                          Entropy (8bit):5.292894989863142
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                          MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                          SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                          SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                          SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\ka\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3264
                                                                          Entropy (8bit):3.586016059431306
                                                                          Encrypted:false
                                                                          SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                          MD5:83F81D30913DC4344573D7A58BD20D85
                                                                          SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                          SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                          SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\kk\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3235
                                                                          Entropy (8bit):3.6081439490236464
                                                                          Encrypted:false
                                                                          SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                          MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                          SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                          SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                          SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\km\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3122
                                                                          Entropy (8bit):3.891443295908904
                                                                          Encrypted:false
                                                                          SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                          MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                          SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                          SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                          SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\kn\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1880
                                                                          Entropy (8bit):4.295185867329351
                                                                          Encrypted:false
                                                                          SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                                          MD5:8E16966E815C3C274EEB8492B1EA6648
                                                                          SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                                          SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                                          SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\ko\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1042
                                                                          Entropy (8bit):5.3945675025513955
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                          MD5:F3E59EEEB007144EA26306C20E04C292
                                                                          SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                          SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                          SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\lo\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2535
                                                                          Entropy (8bit):3.8479764584971368
                                                                          Encrypted:false
                                                                          SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                          MD5:E20D6C27840B406555E2F5091B118FC5
                                                                          SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                          SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                          SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\lt\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1028
                                                                          Entropy (8bit):4.797571191712988
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                          MD5:970544AB4622701FFDF66DC556847652
                                                                          SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                          SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                          SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\lv\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):994
                                                                          Entropy (8bit):4.700308832360794
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                          MD5:A568A58817375590007D1B8ABCAEBF82
                                                                          SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                          SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                          SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\ml\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2091
                                                                          Entropy (8bit):4.358252286391144
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                          MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                          SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                          SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                          SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\mn\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2778
                                                                          Entropy (8bit):3.595196082412897
                                                                          Encrypted:false
                                                                          SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                          MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                          SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                          SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                          SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\mr\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1719
                                                                          Entropy (8bit):4.287702203591075
                                                                          Encrypted:false
                                                                          SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                          MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                          SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                          SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                          SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\ms\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):936
                                                                          Entropy (8bit):4.457879437756106
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                          MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                          SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                          SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                          SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\my\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3830
                                                                          Entropy (8bit):3.5483353063347587
                                                                          Encrypted:false
                                                                          SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                          MD5:342335A22F1886B8BC92008597326B24
                                                                          SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                          SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                          SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\ne\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1898
                                                                          Entropy (8bit):4.187050294267571
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                          MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                          SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                          SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                          SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\nl\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):914
                                                                          Entropy (8bit):4.513485418448461
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                          MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                          SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                          SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                          SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\no\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):878
                                                                          Entropy (8bit):4.4541485835627475
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                          MD5:A1744B0F53CCF889955B95108367F9C8
                                                                          SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                          SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                          SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\pa\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2766
                                                                          Entropy (8bit):3.839730779948262
                                                                          Encrypted:false
                                                                          SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                          MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                          SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                          SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                          SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\pl\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):978
                                                                          Entropy (8bit):4.879137540019932
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                          MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                          SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                          SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                          SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):907
                                                                          Entropy (8bit):4.599411354657937
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                          MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                          SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                          SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                          SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):914
                                                                          Entropy (8bit):4.604761241355716
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                          MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                          SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                          SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                          SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\ro\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):937
                                                                          Entropy (8bit):4.686555713975264
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                          MD5:BED8332AB788098D276B448EC2B33351
                                                                          SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                          SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                          SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\ru\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1337
                                                                          Entropy (8bit):4.69531415794894
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                          MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                          SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                          SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                          SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\si\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2846
                                                                          Entropy (8bit):3.7416822879702547
                                                                          Encrypted:false
                                                                          SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                          MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                          SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                          SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                          SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\sk\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):934
                                                                          Entropy (8bit):4.882122893545996
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                          MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                          SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                          SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                          SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\sl\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):963
                                                                          Entropy (8bit):4.6041913416245
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                          MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                          SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                          SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                          SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\sr\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1320
                                                                          Entropy (8bit):4.569671329405572
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                          MD5:7F5F8933D2D078618496C67526A2B066
                                                                          SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                          SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                          SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\sv\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):884
                                                                          Entropy (8bit):4.627108704340797
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                          MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                          SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                          SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                          SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\sw\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):980
                                                                          Entropy (8bit):4.50673686618174
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                          MD5:D0579209686889E079D87C23817EDDD5
                                                                          SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                          SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                          SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\ta\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1941
                                                                          Entropy (8bit):4.132139619026436
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                          MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                          SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                          SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                          SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\te\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1969
                                                                          Entropy (8bit):4.327258153043599
                                                                          Encrypted:false
                                                                          SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                          MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                          SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                          SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                          SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\th\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1674
                                                                          Entropy (8bit):4.343724179386811
                                                                          Encrypted:false
                                                                          SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                          MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                          SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                          SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                          SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\tr\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1063
                                                                          Entropy (8bit):4.853399816115876
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                          MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                          SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                          SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                          SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\uk\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1333
                                                                          Entropy (8bit):4.686760246306605
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                          MD5:970963C25C2CEF16BB6F60952E103105
                                                                          SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                          SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                          SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\ur\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1263
                                                                          Entropy (8bit):4.861856182762435
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                          MD5:8B4DF6A9281333341C939C244DDB7648
                                                                          SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                          SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                          SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\vi\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1074
                                                                          Entropy (8bit):5.062722522759407
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                          MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                          SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                          SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                          SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):879
                                                                          Entropy (8bit):5.7905809868505544
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                          MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                          SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                          SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                          SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1205
                                                                          Entropy (8bit):4.50367724745418
                                                                          Encrypted:false
                                                                          SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                          MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                          SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                          SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                          SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):843
                                                                          Entropy (8bit):5.76581227215314
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                          MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                          SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                          SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                          SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_locales\zu\messages.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):912
                                                                          Entropy (8bit):4.65963951143349
                                                                          Encrypted:false
                                                                          SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                          MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                          SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                          SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                          SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\_metadata\verified_contents.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):11280
                                                                          Entropy (8bit):5.754230909218899
                                                                          Encrypted:false
                                                                          SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                                          MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                                          SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                                          SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                                          SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                                          Malicious:false
                                                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\dasherSettingSchema.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):854
                                                                          Entropy (8bit):4.284628987131403
                                                                          Encrypted:false
                                                                          SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                          MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                          SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                          SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                          SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                          Malicious:false
                                                                          Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\manifest.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2525
                                                                          Entropy (8bit):5.417689528134667
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                                          MD5:10FF8E5B674311683D27CE1879384954
                                                                          SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                                          SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                                          SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                                          Malicious:false
                                                                          Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\offscreendocument.html

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:HTML document, ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):97
                                                                          Entropy (8bit):4.862433271815736
                                                                          Encrypted:false
                                                                          SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                          MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                          SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                          SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                          SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                          Malicious:false
                                                                          Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\offscreendocument_main.js

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (4369)
                                                                          Category:dropped
                                                                          Size (bytes):95567
                                                                          Entropy (8bit):5.4016395763198135
                                                                          Encrypted:false
                                                                          SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                                          MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                                          SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                                          SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                                          SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                                          Malicious:false
                                                                          Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\page_embed_script.js

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):291
                                                                          Entropy (8bit):4.65176400421739
                                                                          Encrypted:false
                                                                          SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                          MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                          SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                          SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                          SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                          Malicious:false
                                                                          Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\CRX_INSTALL\service_worker_bin_prod.js

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (4369)
                                                                          Category:dropped
                                                                          Size (bytes):103988
                                                                          Entropy (8bit):5.389407461078688
                                                                          Encrypted:false
                                                                          SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                                          MD5:EA946F110850F17E637B15CF22B82837
                                                                          SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                                          SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                                          SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                                          Malicious:false
                                                                          Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_1509674899\c2cac3cd-0876-4269-aef4-c6d433c3b061.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):135751
                                                                          Entropy (8bit):7.804610863392373
                                                                          Encrypted:false
                                                                          SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                          MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                          SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                          SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                          SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_727279712\3b851aed-31af-4712-8281-6e4f08699641.tmp

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):11185
                                                                          Entropy (8bit):7.951995436832936
                                                                          Encrypted:false
                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_727279712\CRX_INSTALL\_metadata\verified_contents.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1753
                                                                          Entropy (8bit):5.8889033066924155
                                                                          Encrypted:false
                                                                          SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                          MD5:738E757B92939B24CDBBD0EFC2601315
                                                                          SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                          SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                          SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                          Malicious:false
                                                                          Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_727279712\CRX_INSTALL\content.js

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):9815
                                                                          Entropy (8bit):6.1716321262973315
                                                                          Encrypted:false
                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                          MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                          SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                          SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                          SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                          Malicious:false
                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_727279712\CRX_INSTALL\content_new.js

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):10388
                                                                          Entropy (8bit):6.174387413738973
                                                                          Encrypted:false
                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                          MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                          SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                          SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                          SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                          Malicious:false
                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir7732_727279712\CRX_INSTALL\manifest.json

                                                                          Download File
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):962
                                                                          Entropy (8bit):5.698567446030411
                                                                          Encrypted:false
                                                                          SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                          MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                          SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                          SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                          SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                          Malicious:false
                                                                          Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                          C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                          Category:dropped
                                                                          Size (bytes):453023
                                                                          Entropy (8bit):7.997718157581587
                                                                          Encrypted:true
                                                                          SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                          MD5:85430BAED3398695717B0263807CF97C
                                                                          SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                          SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                          SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                          Malicious:false
                                                                          Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):24
                                                                          Entropy (8bit):3.91829583405449
                                                                          Encrypted:false
                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                          Malicious:false
                                                                          Preview:{"schema":6,"addons":[]}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):24
                                                                          Entropy (8bit):3.91829583405449
                                                                          Encrypted:false
                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                          Malicious:false
                                                                          Preview:{"schema":6,"addons":[]}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                          Category:dropped
                                                                          Size (bytes):66
                                                                          Entropy (8bit):4.837595020998689
                                                                          Encrypted:false
                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                          Malicious:false
                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                          Category:dropped
                                                                          Size (bytes):66
                                                                          Entropy (8bit):4.837595020998689
                                                                          Encrypted:false
                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                          Malicious:false
                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):36830
                                                                          Entropy (8bit):5.185924656884556
                                                                          Encrypted:false
                                                                          SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                          MD5:5656BA69BD2966108A461AAE35F60226
                                                                          SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                          SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                          SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                          Malicious:false
                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):36830
                                                                          Entropy (8bit):5.185924656884556
                                                                          Encrypted:false
                                                                          SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                          MD5:5656BA69BD2966108A461AAE35F60226
                                                                          SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                          SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                          SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                          Malicious:false
                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1021904
                                                                          Entropy (8bit):6.648417932394748
                                                                          Encrypted:false
                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1021904
                                                                          Entropy (8bit):6.648417932394748
                                                                          Encrypted:false
                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):116
                                                                          Entropy (8bit):4.968220104601006
                                                                          Encrypted:false
                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                          Malicious:false
                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):116
                                                                          Entropy (8bit):4.968220104601006
                                                                          Encrypted:false
                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                          Malicious:false
                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):11292
                                                                          Entropy (8bit):5.5289342473722884
                                                                          Encrypted:false
                                                                          SSDEEP:192:NnaRtZYbBp6ihj4qyaaX26KoKkfGNBw8rYSl:Megq+/Pcwp0
                                                                          MD5:A10412EC0F4D6EA75B739D1791B961D5
                                                                          SHA1:F436549CCA0471C6E8A643BDDE86771EE9CA9E06
                                                                          SHA-256:C70D788367E79E740ABD15D899B5FF5CE3437DB87E5437BCA486A93672BF6154
                                                                          SHA-512:B6CEAE4CDE18D32EE1F9A9DB8B5203C0D802AB3FED96BF1AE238E665F56E836EF7D66712AECC3818D8A6B6E0376261A7FE68FAE7AB42AC7FF33F2C791E6CCD76
                                                                          Malicious:false
                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1724461409);..user_pref("app.update.lastUpdateTime.background-update-timer", 1724461409);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):11292
                                                                          Entropy (8bit):5.5289342473722884
                                                                          Encrypted:false
                                                                          SSDEEP:192:NnaRtZYbBp6ihj4qyaaX26KoKkfGNBw8rYSl:Megq+/Pcwp0
                                                                          MD5:A10412EC0F4D6EA75B739D1791B961D5
                                                                          SHA1:F436549CCA0471C6E8A643BDDE86771EE9CA9E06
                                                                          SHA-256:C70D788367E79E740ABD15D899B5FF5CE3437DB87E5437BCA486A93672BF6154
                                                                          SHA-512:B6CEAE4CDE18D32EE1F9A9DB8B5203C0D802AB3FED96BF1AE238E665F56E836EF7D66712AECC3818D8A6B6E0376261A7FE68FAE7AB42AC7FF33F2C791E6CCD76
                                                                          Malicious:false
                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1724461409);..user_pref("app.update.lastUpdateTime.background-update-timer", 1724461409);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\18f3eda7-459f-45f3-9ed6-d8d3e8279e0d (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):493
                                                                          Entropy (8bit):4.959370330584445
                                                                          Encrypted:false
                                                                          SSDEEP:12:YZFge9XeASPIVHlW8cOlZGV1AQIYzvZcyBuLZ2d:YvXeDPSlCOlZGV1AQIWZcy6Z2d
                                                                          MD5:383B73AF8BFBB51E4B23572D47CC2A20
                                                                          SHA1:5381E6EFFF1734AF178B4E3D88FD540D67E98DEC
                                                                          SHA-256:7AC840BA667B3B12729873601E54B6D9FB33BDD9E01CC90316C07E86F4BDD007
                                                                          SHA-512:7062C63A0C640AF60739A31F116A5BD70BAB6F6FA09EBE986FEB2B2CC3171D0B7707A69A0513CE9E66F3C189145DFD2C21A7E8CF03BDC41E2BDD45A0D42C0DEC
                                                                          Malicious:false
                                                                          Preview:{"type":"health","id":"18f3eda7-459f-45f3-9ed6-d8d3e8279e0d","creationDate":"2024-08-24T01:04:01.605Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c"}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\18f3eda7-459f-45f3-9ed6-d8d3e8279e0d.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:modified
                                                                          Size (bytes):493
                                                                          Entropy (8bit):4.959370330584445
                                                                          Encrypted:false
                                                                          SSDEEP:12:YZFge9XeASPIVHlW8cOlZGV1AQIYzvZcyBuLZ2d:YvXeDPSlCOlZGV1AQIWZcy6Z2d
                                                                          MD5:383B73AF8BFBB51E4B23572D47CC2A20
                                                                          SHA1:5381E6EFFF1734AF178B4E3D88FD540D67E98DEC
                                                                          SHA-256:7AC840BA667B3B12729873601E54B6D9FB33BDD9E01CC90316C07E86F4BDD007
                                                                          SHA-512:7062C63A0C640AF60739A31F116A5BD70BAB6F6FA09EBE986FEB2B2CC3171D0B7707A69A0513CE9E66F3C189145DFD2C21A7E8CF03BDC41E2BDD45A0D42C0DEC
                                                                          Malicious:false
                                                                          Preview:{"type":"health","id":"18f3eda7-459f-45f3-9ed6-d8d3e8279e0d","creationDate":"2024-08-24T01:04:01.605Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c"}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):53
                                                                          Entropy (8bit):4.136624295551173
                                                                          Encrypted:false
                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                          MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                          SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                          SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                          SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                          Malicious:false
                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):53
                                                                          Entropy (8bit):4.136624295551173
                                                                          Encrypted:false
                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                          MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                          SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                          SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                          SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                          Malicious:false
                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                          Category:dropped
                                                                          Size (bytes):271
                                                                          Entropy (8bit):5.48925987822214
                                                                          Encrypted:false
                                                                          SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3SIgCKTFntVnTJNzdDdCQ:vLz2S+EWDDoWqC+bfPK34z5Fd9
                                                                          MD5:58AF6DC8E28BDCA46176F93B2FCB7E38
                                                                          SHA1:829BEA14CC75322F59D7691F901C6BF96141F681
                                                                          SHA-256:BC7BD41974B1D60BE0B31FE84D814744C756645F84376BE33F8DA7AD26971574
                                                                          SHA-512:E9ED9F8C4C4027FA062FEDE9103AC130936164C37074116DCADA7CC62ADADA8FDB511730870030D4035AFD18C00875995FA3BCB77DAC5CC1422F212BBA67A131
                                                                          Malicious:false
                                                                          Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1724461397985,"startTim...#78710,"recentCrashes":0},"global":{},"cookies":[]}

                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                          Category:dropped
                                                                          Size (bytes):271
                                                                          Entropy (8bit):5.48925987822214
                                                                          Encrypted:false
                                                                          SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3SIgCKTFntVnTJNzdDdCQ:vLz2S+EWDDoWqC+bfPK34z5Fd9
                                                                          MD5:58AF6DC8E28BDCA46176F93B2FCB7E38
                                                                          SHA1:829BEA14CC75322F59D7691F901C6BF96141F681
                                                                          SHA-256:BC7BD41974B1D60BE0B31FE84D814744C756645F84376BE33F8DA7AD26971574
                                                                          SHA-512:E9ED9F8C4C4027FA062FEDE9103AC130936164C37074116DCADA7CC62ADADA8FDB511730870030D4035AFD18C00875995FA3BCB77DAC5CC1422F212BBA67A131
                                                                          Malicious:false
                                                                          Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1724461397985,"startTim...#78710,"recentCrashes":0},"global":{},"cookies":[]}

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                          Entropy (8bit):6.579596853199439
                                                                          TrID:
                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                          File name:file.exe
                                                                          File size:917'504 bytes
                                                                          MD5:a073a6e8e7c3ad781692b1605f258fd1
                                                                          SHA1:fcf2a781f0161fee17d557329e8817d6f6038749
                                                                          SHA256:f01a9a5bf10d65ce8fab82786c9d972c441037392fdef2b0cb12609033454316
                                                                          SHA512:a4aa964776af91b664e190deb592938a69ae9113fc19e60b3cc1006044e337b60a33a287964096ef50a482616efecc98a5b38b6f9085be727ca0bf8ef9ac2be2
                                                                          SSDEEP:12288:6qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgavTz:6qDEvCTbMWu7rQYlBQcBiT6rprG8aLz
                                                                          TLSH:B8159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                          File Icon

                                                                          Icon Hash:aaf3e3e3938382a0

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x420577
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:false
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                          Time Stamp:0x66C90F16 [Fri Aug 23 22:37:10 2024 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:5
                                                                          OS Version Minor:1
                                                                          File Version Major:5
                                                                          File Version Minor:1
                                                                          Subsystem Version Major:5
                                                                          Subsystem Version Minor:1
                                                                          Import Hash:948cc502fe9226992dce9417f952fce3

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          call 00007F9DB4E002A3h
                                                                          jmp 00007F9DB4DFFBAFh
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          push dword ptr [ebp+08h]
                                                                          mov esi, ecx
                                                                          call 00007F9DB4DFFD8Dh
                                                                          mov dword ptr [esi], 0049FDF0h
                                                                          mov eax, esi
                                                                          pop esi
                                                                          pop ebp
                                                                          retn 0004h
                                                                          and dword ptr [ecx+04h], 00000000h
                                                                          mov eax, ecx
                                                                          and dword ptr [ecx+08h], 00000000h
                                                                          mov dword ptr [ecx+04h], 0049FDF8h
                                                                          mov dword ptr [ecx], 0049FDF0h
                                                                          ret
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          push dword ptr [ebp+08h]
                                                                          mov esi, ecx
                                                                          call 00007F9DB4DFFD5Ah
                                                                          mov dword ptr [esi], 0049FE0Ch
                                                                          mov eax, esi
                                                                          pop esi
                                                                          pop ebp
                                                                          retn 0004h
                                                                          and dword ptr [ecx+04h], 00000000h
                                                                          mov eax, ecx
                                                                          and dword ptr [ecx+08h], 00000000h
                                                                          mov dword ptr [ecx+04h], 0049FE14h
                                                                          mov dword ptr [ecx], 0049FE0Ch
                                                                          ret
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          mov esi, ecx
                                                                          lea eax, dword ptr [esi+04h]
                                                                          mov dword ptr [esi], 0049FDD0h
                                                                          and dword ptr [eax], 00000000h
                                                                          and dword ptr [eax+04h], 00000000h
                                                                          push eax
                                                                          mov eax, dword ptr [ebp+08h]
                                                                          add eax, 04h
                                                                          push eax
                                                                          call 00007F9DB4E0294Dh
                                                                          pop ecx
                                                                          pop ecx
                                                                          mov eax, esi
                                                                          pop esi
                                                                          pop ebp
                                                                          retn 0004h
                                                                          lea eax, dword ptr [ecx+04h]
                                                                          mov dword ptr [ecx], 0049FDD0h
                                                                          push eax
                                                                          call 00007F9DB4E02998h
                                                                          pop ecx
                                                                          ret
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          mov esi, ecx
                                                                          lea eax, dword ptr [esi+04h]
                                                                          mov dword ptr [esi], 0049FDD0h
                                                                          push eax
                                                                          call 00007F9DB4E02981h
                                                                          test byte ptr [ebp+08h], 00000001h
                                                                          pop ecx

                                                                          Rich Headers

                                                                          Programming Language:
                                                                          • [ C ] VS2008 SP1 build 30729
                                                                          • [IMP] VS2008 SP1 build 30729

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x94fc.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                          .rsrc0xd40000x94fc0x9600045a1dd627deb6d6c900de864825b15dFalse0.28098958333333335data5.161101910272883IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                          RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                          RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                          RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                          RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                          RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                          RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                          RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                          RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                          RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                          RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                          RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                          RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                          RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                          RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                          RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                          RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                          RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                          RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                          RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                          RT_RCDATA0xdc7b80x7c2data1.0055387713997985
                                                                          RT_GROUP_ICON0xdcf7c0x76dataEnglishGreat Britain0.6610169491525424
                                                                          RT_GROUP_ICON0xdcff40x14dataEnglishGreat Britain1.25
                                                                          RT_GROUP_ICON0xdd0080x14dataEnglishGreat Britain1.15
                                                                          RT_GROUP_ICON0xdd01c0x14dataEnglishGreat Britain1.25
                                                                          RT_VERSION0xdd0300xdcdataEnglishGreat Britain0.6181818181818182
                                                                          RT_MANIFEST0xdd10c0x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                          Imports

                                                                          DLLImport
                                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                          PSAPI.DLLGetProcessMemoryInfo
                                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                          UxTheme.dllIsThemeActive
                                                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                          Possible Origin

                                                                          Language of compilation systemCountry where language is spokenMap
                                                                          EnglishGreat Britain

                                                                          Network Behavior

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Aug 24, 2024 01:10:50.311744928 CEST49675443192.168.2.4173.222.162.32
                                                                          Aug 24, 2024 01:10:59.922893047 CEST49675443192.168.2.4173.222.162.32
                                                                          Aug 24, 2024 01:11:00.889894962 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:00.889941931 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:00.889996052 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:00.890222073 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:00.890237093 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.634720087 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.634984970 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.635009050 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.635360003 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.635370970 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.635438919 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.635447979 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.635534048 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.636089087 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.638097048 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.638159037 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.638889074 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.638895988 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.766355991 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.905538082 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.905575991 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.905622959 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.905632973 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.907094955 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.907159090 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.907166958 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.913563013 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.913650990 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.913657904 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.919774055 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.919850111 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.919857979 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.926068068 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.926111937 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.926121950 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.932153940 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.932204962 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.932214022 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.938462973 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.938519001 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.938528061 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.944443941 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.944498062 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.944506884 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.995378971 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.995438099 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.995467901 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.995471954 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.995482922 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.995527029 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.999196053 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:01.999243021 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:01.999250889 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.006105900 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.006185055 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.006195068 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.011795998 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.011864901 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.011873960 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.018017054 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.018196106 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.018204927 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.024435997 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.024521112 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.024528980 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.030452967 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.030554056 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.030560970 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.036618948 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.036681890 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.036691904 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.042958975 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.043087959 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.043095112 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.048152924 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.048202991 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.048212051 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.054011106 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.054078102 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.054086924 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.058708906 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.058968067 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.058975935 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.064070940 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.064142942 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.064151049 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.070036888 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.070103884 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.070111990 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.075750113 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.076185942 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.076193094 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.086180925 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.086234093 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.086241007 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.086344004 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.086394072 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.086400986 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.086772919 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.086817026 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.086823940 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.089942932 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.089987040 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.089994907 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.093580008 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.093624115 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.093631983 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.097044945 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.097131014 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.097138882 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.100404024 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.100442886 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.100451946 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.104470015 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.104516029 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.104523897 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.107364893 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.107403994 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.107410908 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.112884045 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.112932920 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.112942934 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.114521027 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.114567995 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.114577055 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.117696047 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.117789984 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.117798090 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.121316910 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.121370077 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.121376991 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.124586105 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.124654055 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.124661922 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.128657103 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.128837109 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.128845930 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.132342100 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.133529902 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.133541107 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.135608912 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.135680914 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.135689020 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.147208929 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.147239923 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.147264957 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.147273064 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.147284031 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.147319078 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.149626970 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.149791956 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.149838924 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.149847984 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.153503895 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.153512001 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.155144930 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.155308962 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.155359983 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.155369997 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.155401945 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.155561924 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.160804987 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.160845041 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.160852909 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.162359953 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.162388086 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.162436008 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.162444115 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.162497997 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.164634943 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.164778948 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:02.165505886 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.180569887 CEST49741443192.168.2.4142.250.186.33
                                                                          Aug 24, 2024 01:11:02.180584908 CEST44349741142.250.186.33192.168.2.4
                                                                          Aug 24, 2024 01:11:03.512743950 CEST49757443192.168.2.435.190.72.216
                                                                          Aug 24, 2024 01:11:03.512777090 CEST4434975735.190.72.216192.168.2.4
                                                                          Aug 24, 2024 01:11:03.515748978 CEST49757443192.168.2.435.190.72.216
                                                                          Aug 24, 2024 01:11:03.521615982 CEST49757443192.168.2.435.190.72.216
                                                                          Aug 24, 2024 01:11:03.521631002 CEST4434975735.190.72.216192.168.2.4
                                                                          Aug 24, 2024 01:11:03.801850080 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:03.801863909 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:03.801978111 CEST49762443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:03.801985025 CEST4434976213.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:03.806334019 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:03.806353092 CEST49762443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:03.806562901 CEST49762443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:03.806574106 CEST4434976213.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:03.806651115 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:03.806662083 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:03.993411064 CEST4434975735.190.72.216192.168.2.4
                                                                          Aug 24, 2024 01:11:03.993474007 CEST49757443192.168.2.435.190.72.216
                                                                          Aug 24, 2024 01:11:04.005141973 CEST49757443192.168.2.435.190.72.216
                                                                          Aug 24, 2024 01:11:04.005148888 CEST4434975735.190.72.216192.168.2.4
                                                                          Aug 24, 2024 01:11:04.005271912 CEST49757443192.168.2.435.190.72.216
                                                                          Aug 24, 2024 01:11:04.005409956 CEST4434975735.190.72.216192.168.2.4
                                                                          Aug 24, 2024 01:11:04.006175041 CEST49757443192.168.2.435.190.72.216
                                                                          Aug 24, 2024 01:11:04.101425886 CEST49764443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.101445913 CEST44349764172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.101524115 CEST49764443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.101696014 CEST49764443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.101705074 CEST44349764172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.102992058 CEST49765443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:04.103002071 CEST44349765162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.103072882 CEST49765443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:04.103260040 CEST49765443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:04.103272915 CEST44349765162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.441082001 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.441112995 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.441200972 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.442043066 CEST49767443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.442065001 CEST44349767172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.442460060 CEST49767443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.442539930 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.442553043 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.443249941 CEST49767443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.443263054 CEST44349767172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.444011927 CEST4434976213.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.446917057 CEST49762443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.446928978 CEST4434976213.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.447971106 CEST4434976213.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.451750040 CEST49762443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.452702999 CEST49762443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.452769041 CEST4434976213.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.452861071 CEST49762443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.466732025 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.467159033 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.467168093 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.468240023 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.470607042 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.471098900 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.471179008 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.471213102 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.496510983 CEST4434976213.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.512502909 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.530316114 CEST49762443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.530322075 CEST4434976213.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.530350924 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.530359983 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.548775911 CEST4434976213.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.548785925 CEST4434976213.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.548814058 CEST4434976213.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.548830986 CEST4434976213.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.548844099 CEST4434976213.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.549185038 CEST4434976213.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.549185991 CEST49762443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.556607962 CEST49762443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.556935072 CEST49762443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.556945086 CEST4434976213.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.565664053 CEST44349765162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.566663980 CEST49765443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:04.566677094 CEST44349765162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.568303108 CEST44349765162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.568403006 CEST49765443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:04.569494963 CEST49765443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:04.569595098 CEST44349765162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.569654942 CEST49765443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:04.578846931 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.578855991 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.578877926 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.578891039 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.578898907 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.578937054 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.578950882 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.578979969 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.579514980 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.583106995 CEST44349764172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.583770037 CEST49764443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.583781958 CEST44349764172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.584860086 CEST44349764172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.585024118 CEST49764443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.585851908 CEST49764443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.585897923 CEST44349764172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.585987091 CEST49764443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.612509012 CEST44349765162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.628521919 CEST44349764172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.637851954 CEST49765443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:04.637866020 CEST44349765162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.664848089 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.664855957 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.664881945 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.664892912 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.666083097 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.666090012 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.666317940 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.666630030 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.666639090 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.666661024 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.666687012 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.666831017 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.666836023 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.666872978 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.668289900 CEST49764443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.668297052 CEST44349764172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.681839943 CEST44349765162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.682070971 CEST49765443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:04.682248116 CEST49765443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:04.682260036 CEST44349765162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.714520931 CEST44349764172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.714612007 CEST49764443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.714752913 CEST49764443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.714761019 CEST44349764172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.754913092 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.754921913 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.754947901 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.756180048 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.756222010 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.756228924 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.757277966 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.767998934 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.768011093 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.768032074 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.768059969 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.768136978 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.768146038 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.768323898 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.770541906 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.770889044 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.770893097 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.770927906 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.830033064 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.845784903 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.845803976 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.846684933 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.846724033 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.847435951 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.847460985 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.849195004 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.849214077 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.850322962 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.850359917 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.851140022 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.851171970 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.854032993 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.854043007 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.854239941 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.854243994 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.854296923 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.854360104 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.854393005 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.854444981 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.856295109 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.856355906 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.856405973 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.863003016 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.863034964 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.897294998 CEST44349767172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.908010960 CEST49767443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.908031940 CEST44349767172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.909805059 CEST44349767172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.922418118 CEST49767443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.933679104 CEST49767443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.933821917 CEST44349767172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.933871031 CEST49767443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:04.936944962 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.936983109 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.937072039 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.937102079 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.937249899 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.937263966 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.937477112 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.937510014 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.937530994 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.937613010 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.937648058 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.937693119 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:04.938421011 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.953587055 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.968595028 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.976504087 CEST44349767172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:04.983624935 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.988235950 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.997720003 CEST49761443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:04.997730970 CEST4434976113.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.032017946 CEST49768443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:05.032038927 CEST44349768172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.032186985 CEST49768443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:05.032429934 CEST49768443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:05.032443047 CEST44349768172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.033215046 CEST44349767172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.037033081 CEST49767443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:05.037389040 CEST49767443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:05.037395000 CEST44349767172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.088212013 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.132515907 CEST4976980192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:05.133604050 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:05.133618116 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.134520054 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.137655973 CEST804976934.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:05.140425920 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:05.140464067 CEST4976980192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:05.142304897 CEST4976980192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:05.144866943 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:05.144921064 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.146552086 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:05.146558046 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.147228003 CEST804976934.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:05.248539925 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.248554945 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.248573065 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.251106977 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:05.251118898 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.251127005 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.258322954 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:05.335470915 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.335479021 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.335520029 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.335541010 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.335551023 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.335561037 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.337852955 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.337862015 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.337888002 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.337897062 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.344049931 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:05.344060898 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.344084024 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.348426104 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:05.348436117 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.349756002 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:05.349863052 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:05.423564911 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.423579931 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.423609972 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.423662901 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.423757076 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:05.430197001 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:05.437582970 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:05.476291895 CEST49766443192.168.2.413.107.246.60
                                                                          Aug 24, 2024 01:11:05.476301908 CEST4434976613.107.246.60192.168.2.4
                                                                          Aug 24, 2024 01:11:05.490955114 CEST44349768172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.491633892 CEST49768443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:05.491651058 CEST44349768172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.491991997 CEST44349768172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.497838974 CEST49768443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:05.497917891 CEST44349768172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.498095989 CEST49768443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:05.538507938 CEST49768443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:05.538516045 CEST44349768172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.541692019 CEST49770443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.541707039 CEST44349770162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.541867971 CEST49771443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.541897058 CEST44349771162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.542093992 CEST49770443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.542114019 CEST49771443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.542490959 CEST49771443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.542505980 CEST44349771162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.542599916 CEST49770443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.542612076 CEST44349770162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.612273932 CEST804976934.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:05.618738890 CEST44349768172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.618819952 CEST44349768172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.623261929 CEST49768443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:05.624119997 CEST49768443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:05.624134064 CEST44349768172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.648195982 CEST4977280192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:05.653042078 CEST804977234.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:05.653621912 CEST4977280192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:05.653856039 CEST4977280192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:05.656822920 CEST4976980192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:05.658839941 CEST804977234.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:05.808955908 CEST49773443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.808985949 CEST4434977313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:05.809084892 CEST49774443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.809091091 CEST4434977413.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:05.809199095 CEST49775443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.809231997 CEST4434977513.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:05.809606075 CEST49776443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.809633970 CEST4434977613.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:05.809792995 CEST49777443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.809815884 CEST4434977713.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:05.810168982 CEST49778443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.810178995 CEST4434977813.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:05.814934015 CEST49773443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.814954042 CEST49775443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.814954996 CEST49776443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.814970016 CEST49774443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.815123081 CEST49777443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.815123081 CEST49778443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.818531990 CEST49773443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.818543911 CEST4434977313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:05.818897009 CEST49774443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.818906069 CEST4434977413.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:05.819505930 CEST49775443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.819519997 CEST4434977513.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:05.819608927 CEST49776443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.819624901 CEST4434977613.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:05.819761992 CEST49777443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.819772959 CEST4434977713.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:05.819873095 CEST49778443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:05.819881916 CEST4434977813.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:05.996884108 CEST44349771162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.997939110 CEST44349770162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:06.005553007 CEST49770443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:06.005568981 CEST44349770162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:06.005671978 CEST49771443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:06.005697012 CEST44349771162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:06.005904913 CEST44349770162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:06.006002903 CEST44349771162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:06.006608009 CEST49779443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.006624937 CEST44349779142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.017827988 CEST49779443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.025636911 CEST49771443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:06.025692940 CEST44349771162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:06.025922060 CEST49770443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:06.025996923 CEST44349770162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:06.026209116 CEST49779443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.026222944 CEST44349779142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.028383017 CEST49780443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.028400898 CEST44349780142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.032768965 CEST49780443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.050416946 CEST49780443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.050431013 CEST44349780142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.109152079 CEST804977234.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:06.140425920 CEST49771443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:06.171441078 CEST49770443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:06.171534061 CEST4977280192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:06.204590082 CEST49781443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:06.204621077 CEST44349781184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:06.204921007 CEST49781443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:06.206716061 CEST49781443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:06.206727028 CEST44349781184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:06.454030037 CEST49782443192.168.2.4142.250.80.36
                                                                          Aug 24, 2024 01:11:06.454054117 CEST44349782142.250.80.36192.168.2.4
                                                                          Aug 24, 2024 01:11:06.454149961 CEST49782443192.168.2.4142.250.80.36
                                                                          Aug 24, 2024 01:11:06.454332113 CEST49782443192.168.2.4142.250.80.36
                                                                          Aug 24, 2024 01:11:06.454344988 CEST44349782142.250.80.36192.168.2.4
                                                                          Aug 24, 2024 01:11:06.457207918 CEST4434977613.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.457444906 CEST49776443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.457472086 CEST4434977613.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.458408117 CEST4434977613.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.458730936 CEST49776443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.458910942 CEST49776443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.458967924 CEST4434977613.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.459048986 CEST49776443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.466566086 CEST4434977313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.467041969 CEST4434977413.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.470288038 CEST49773443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.470304012 CEST4434977313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.470392942 CEST49774443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.470400095 CEST4434977413.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.470671892 CEST4434977313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.470896959 CEST4434977413.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.471048117 CEST49773443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.471107960 CEST4434977313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.471184015 CEST49773443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.471687078 CEST49774443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.471762896 CEST4434977413.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.471805096 CEST49774443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.471879959 CEST4434977813.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.472951889 CEST49778443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.472960949 CEST4434977813.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.474378109 CEST4434977813.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.474476099 CEST49778443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.474795103 CEST49778443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.474869013 CEST4434977813.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.474911928 CEST49778443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.482863903 CEST4434977713.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.483028889 CEST4434977513.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.486428976 CEST49775443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.486444950 CEST4434977513.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.486572027 CEST49777443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.486578941 CEST4434977713.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.487514019 CEST4434977513.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.487601042 CEST4434977713.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.487901926 CEST49775443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.487956047 CEST49777443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.488265991 CEST49777443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.488322020 CEST4434977713.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.488538980 CEST49775443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.488595963 CEST4434977513.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.488651991 CEST49777443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.488678932 CEST49775443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.493849039 CEST44349779142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.495302916 CEST49779443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.495318890 CEST44349779142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.495703936 CEST44349779142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.495712996 CEST44349779142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.496417046 CEST44349779142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.496875048 CEST49779443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.496884108 CEST44349779142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.498135090 CEST49779443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.498197079 CEST44349779142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.498307943 CEST49779443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.504502058 CEST4434977613.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.512497902 CEST4434977313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.512526989 CEST4434977413.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.520499945 CEST4434977813.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.528872967 CEST44349780142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.532396078 CEST49780443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.532413006 CEST44349780142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.532501936 CEST4434977513.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.532507896 CEST4434977713.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.532799959 CEST44349780142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.533499956 CEST44349780142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.534581900 CEST49780443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.534591913 CEST44349780142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.535146952 CEST49780443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.535208941 CEST44349780142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.535348892 CEST49780443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.539258003 CEST49776443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.539268970 CEST49775443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.539272070 CEST4434977613.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.539274931 CEST4434977513.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.540504932 CEST44349779142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.557786942 CEST4434977613.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.557929039 CEST49776443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.557940006 CEST4434977613.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.559519053 CEST49776443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.559568882 CEST4434977613.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.559680939 CEST4434977613.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.559859991 CEST49783443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.559887886 CEST4434978313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.560792923 CEST49776443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.560822010 CEST49776443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.560864925 CEST49783443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.561116934 CEST49783443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.561130047 CEST4434978313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.569581985 CEST49773443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.569696903 CEST49774443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.569698095 CEST49778443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.569698095 CEST49777443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.569709063 CEST4434977813.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.569725037 CEST4434977713.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.569988966 CEST4434977413.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.570436001 CEST4434977413.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.570497036 CEST4434977413.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.570719004 CEST49774443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.571345091 CEST49774443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.571357012 CEST4434977413.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.573645115 CEST4434977813.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.573710918 CEST49778443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.573717117 CEST4434977813.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.573827028 CEST4434977813.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.574408054 CEST49778443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.575387955 CEST49778443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.575397968 CEST4434977813.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.576564074 CEST4434977313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.576577902 CEST4434977313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.576783895 CEST4434977313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.577466965 CEST49773443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.578804970 CEST49773443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.578814983 CEST4434977313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.580495119 CEST44349780142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.588634014 CEST4434977713.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.588639021 CEST4434977513.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.589031935 CEST4434977713.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.589240074 CEST49777443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.589243889 CEST49775443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.589251995 CEST4434977513.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.589927912 CEST4434977513.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.590024948 CEST49775443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.590801954 CEST49775443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.590811968 CEST4434977513.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.591371059 CEST49777443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:06.591382027 CEST4434977713.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:06.607332945 CEST44349779142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.607414961 CEST49779443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.609503984 CEST49779443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.609514952 CEST44349779142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.646158934 CEST44349780142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.649698019 CEST49780443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.650796890 CEST49780443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.650809050 CEST44349780142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.847250938 CEST44349781184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:06.849013090 CEST49781443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:06.853046894 CEST49781443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:06.853060961 CEST44349781184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:06.853277922 CEST44349781184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:06.896934986 CEST49781443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:06.923877001 CEST49784443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.923897028 CEST44349784142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.924273014 CEST49784443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.924545050 CEST49784443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.924557924 CEST44349784142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.944495916 CEST44349781184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:06.945851088 CEST44349782142.250.80.36192.168.2.4
                                                                          Aug 24, 2024 01:11:06.961477995 CEST49782443192.168.2.4142.250.80.36
                                                                          Aug 24, 2024 01:11:06.961488962 CEST44349782142.250.80.36192.168.2.4
                                                                          Aug 24, 2024 01:11:06.962280989 CEST49785443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.962299109 CEST44349785142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.962440968 CEST49785443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.962580919 CEST44349782142.250.80.36192.168.2.4
                                                                          Aug 24, 2024 01:11:06.962654114 CEST49785443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.962666988 CEST44349785142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:06.962707043 CEST49782443192.168.2.4142.250.80.36
                                                                          Aug 24, 2024 01:11:06.967833996 CEST49782443192.168.2.4142.250.80.36
                                                                          Aug 24, 2024 01:11:06.967905045 CEST44349782142.250.80.36192.168.2.4
                                                                          Aug 24, 2024 01:11:06.968024015 CEST49782443192.168.2.4142.250.80.36
                                                                          Aug 24, 2024 01:11:07.008506060 CEST44349782142.250.80.36192.168.2.4
                                                                          Aug 24, 2024 01:11:07.034018993 CEST49782443192.168.2.4142.250.80.36
                                                                          Aug 24, 2024 01:11:07.034025908 CEST44349782142.250.80.36192.168.2.4
                                                                          Aug 24, 2024 01:11:07.067868948 CEST44349782142.250.80.36192.168.2.4
                                                                          Aug 24, 2024 01:11:07.067898989 CEST44349782142.250.80.36192.168.2.4
                                                                          Aug 24, 2024 01:11:07.067922115 CEST44349782142.250.80.36192.168.2.4
                                                                          Aug 24, 2024 01:11:07.067960978 CEST44349782142.250.80.36192.168.2.4
                                                                          Aug 24, 2024 01:11:07.068027973 CEST44349782142.250.80.36192.168.2.4
                                                                          Aug 24, 2024 01:11:07.068078041 CEST49782443192.168.2.4142.250.80.36
                                                                          Aug 24, 2024 01:11:07.068167925 CEST49782443192.168.2.4142.250.80.36
                                                                          Aug 24, 2024 01:11:07.075952053 CEST49782443192.168.2.4142.250.80.36
                                                                          Aug 24, 2024 01:11:07.075969934 CEST44349782142.250.80.36192.168.2.4
                                                                          Aug 24, 2024 01:11:07.118555069 CEST44349781184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:07.118618011 CEST44349781184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:07.124548912 CEST49781443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:07.127435923 CEST49781443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:07.127435923 CEST49781443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:07.127456903 CEST44349781184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:07.127465963 CEST44349781184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:07.209492922 CEST4434978313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:07.359899044 CEST49783443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:07.394726992 CEST44349784142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.424514055 CEST44349785142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.469569921 CEST49783443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:07.469587088 CEST4434978313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:07.470382929 CEST49784443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.470400095 CEST44349784142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.470474958 CEST49785443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.470496893 CEST44349785142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.470561981 CEST4434978313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:07.470570087 CEST4434978313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:07.470944881 CEST44349785142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.470954895 CEST44349784142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.470964909 CEST44349784142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.471662045 CEST44349785142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.471700907 CEST44349784142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.478070021 CEST49783443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:07.478193045 CEST49784443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.478199005 CEST49785443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.478202105 CEST44349784142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.478209019 CEST44349785142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.489597082 CEST49783443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:07.489665031 CEST4434978313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:07.489871025 CEST49785443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.489945889 CEST44349785142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.490134001 CEST49784443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.490216017 CEST44349784142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.490293026 CEST49783443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:07.512551069 CEST49786443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:07.512583971 CEST44349786184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:07.512685061 CEST49786443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:07.514225960 CEST49786443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:07.514239073 CEST44349786184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:07.536490917 CEST4434978313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:07.589570999 CEST4434978313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:07.589728117 CEST4434978313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:07.591746092 CEST49783443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:07.594191074 CEST49783443192.168.2.413.107.246.40
                                                                          Aug 24, 2024 01:11:07.594206095 CEST4434978313.107.246.40192.168.2.4
                                                                          Aug 24, 2024 01:11:07.621212006 CEST49785443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.621221066 CEST44349785142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.628236055 CEST49784443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.628247976 CEST44349784142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.736860991 CEST49784443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.765863895 CEST49785443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:08.163657904 CEST44349786184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:08.166294098 CEST49786443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:08.173700094 CEST49786443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:08.173712969 CEST44349786184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:08.173988104 CEST44349786184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:08.175914049 CEST49786443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:08.220500946 CEST44349786184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:08.445534945 CEST44349786184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:08.445602894 CEST44349786184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:08.455513000 CEST49786443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:08.459039927 CEST49786443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:08.459059000 CEST44349786184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:08.459086895 CEST49786443192.168.2.4184.28.90.27
                                                                          Aug 24, 2024 01:11:08.459094048 CEST44349786184.28.90.27192.168.2.4
                                                                          Aug 24, 2024 01:11:09.151916981 CEST49787443192.168.2.4142.250.65.202
                                                                          Aug 24, 2024 01:11:09.151953936 CEST44349787142.250.65.202192.168.2.4
                                                                          Aug 24, 2024 01:11:09.152055979 CEST49787443192.168.2.4142.250.65.202
                                                                          Aug 24, 2024 01:11:09.152270079 CEST49787443192.168.2.4142.250.65.202
                                                                          Aug 24, 2024 01:11:09.152282000 CEST44349787142.250.65.202192.168.2.4
                                                                          Aug 24, 2024 01:11:09.634397030 CEST44349787142.250.65.202192.168.2.4
                                                                          Aug 24, 2024 01:11:09.635353088 CEST49787443192.168.2.4142.250.65.202
                                                                          Aug 24, 2024 01:11:09.635364056 CEST44349787142.250.65.202192.168.2.4
                                                                          Aug 24, 2024 01:11:09.636219025 CEST44349787142.250.65.202192.168.2.4
                                                                          Aug 24, 2024 01:11:09.636573076 CEST49787443192.168.2.4142.250.65.202
                                                                          Aug 24, 2024 01:11:09.638062954 CEST49787443192.168.2.4142.250.65.202
                                                                          Aug 24, 2024 01:11:09.638113976 CEST44349787142.250.65.202192.168.2.4
                                                                          Aug 24, 2024 01:11:09.638276100 CEST49787443192.168.2.4142.250.65.202
                                                                          Aug 24, 2024 01:11:09.680500984 CEST44349787142.250.65.202192.168.2.4
                                                                          Aug 24, 2024 01:11:09.764228106 CEST49787443192.168.2.4142.250.65.202
                                                                          Aug 24, 2024 01:11:09.764235973 CEST44349787142.250.65.202192.168.2.4
                                                                          Aug 24, 2024 01:11:09.774059057 CEST44349787142.250.65.202192.168.2.4
                                                                          Aug 24, 2024 01:11:09.780447006 CEST49787443192.168.2.4142.250.65.202
                                                                          Aug 24, 2024 01:11:09.805644989 CEST49787443192.168.2.4142.250.65.202
                                                                          Aug 24, 2024 01:11:09.805656910 CEST44349787142.250.65.202192.168.2.4
                                                                          Aug 24, 2024 01:11:12.252876997 CEST49788443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:12.252912998 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:12.253226995 CEST49788443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:12.254312992 CEST49788443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:12.254323959 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:12.946130991 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:12.946254969 CEST49788443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:12.950228930 CEST49788443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:12.950234890 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:12.950423002 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:13.001138926 CEST49788443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:13.539681911 CEST49788443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:13.580502033 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:13.767493963 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:13.767527103 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:13.767534971 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:13.767556906 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:13.767566919 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:13.767579079 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:13.767642975 CEST49788443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:13.767657042 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:13.767981052 CEST49788443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:13.768357038 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:13.768416882 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:13.771491051 CEST49788443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:14.275156021 CEST49788443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:14.275168896 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:14.275180101 CEST49788443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:14.275187016 CEST4434978852.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:15.622116089 CEST4976980192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:15.627027988 CEST804976934.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:16.110404968 CEST4977280192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:16.115238905 CEST804977234.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:19.601830006 CEST49794443192.168.2.4152.195.19.97
                                                                          Aug 24, 2024 01:11:19.601866961 CEST44349794152.195.19.97192.168.2.4
                                                                          Aug 24, 2024 01:11:19.601991892 CEST49794443192.168.2.4152.195.19.97
                                                                          Aug 24, 2024 01:11:19.602194071 CEST49794443192.168.2.4152.195.19.97
                                                                          Aug 24, 2024 01:11:19.602206945 CEST44349794152.195.19.97192.168.2.4
                                                                          Aug 24, 2024 01:11:20.154259920 CEST44349794152.195.19.97192.168.2.4
                                                                          Aug 24, 2024 01:11:20.157294035 CEST49794443192.168.2.4152.195.19.97
                                                                          Aug 24, 2024 01:11:20.157326937 CEST44349794152.195.19.97192.168.2.4
                                                                          Aug 24, 2024 01:11:20.158423901 CEST44349794152.195.19.97192.168.2.4
                                                                          Aug 24, 2024 01:11:20.158477068 CEST49794443192.168.2.4152.195.19.97
                                                                          Aug 24, 2024 01:11:20.159516096 CEST49794443192.168.2.4152.195.19.97
                                                                          Aug 24, 2024 01:11:20.159588099 CEST44349794152.195.19.97192.168.2.4
                                                                          Aug 24, 2024 01:11:20.159718990 CEST49794443192.168.2.4152.195.19.97
                                                                          Aug 24, 2024 01:11:20.203905106 CEST49794443192.168.2.4152.195.19.97
                                                                          Aug 24, 2024 01:11:20.203923941 CEST44349794152.195.19.97192.168.2.4
                                                                          Aug 24, 2024 01:11:20.247951031 CEST49794443192.168.2.4152.195.19.97
                                                                          Aug 24, 2024 01:11:20.256232023 CEST44349794152.195.19.97192.168.2.4
                                                                          Aug 24, 2024 01:11:20.256587982 CEST44349794152.195.19.97192.168.2.4
                                                                          Aug 24, 2024 01:11:20.256616116 CEST44349794152.195.19.97192.168.2.4
                                                                          Aug 24, 2024 01:11:20.256644011 CEST44349794152.195.19.97192.168.2.4
                                                                          Aug 24, 2024 01:11:20.256659985 CEST44349794152.195.19.97192.168.2.4
                                                                          Aug 24, 2024 01:11:20.256670952 CEST44349794152.195.19.97192.168.2.4
                                                                          Aug 24, 2024 01:11:20.256844997 CEST49794443192.168.2.4152.195.19.97
                                                                          Aug 24, 2024 01:11:20.257208109 CEST49794443192.168.2.4152.195.19.97
                                                                          Aug 24, 2024 01:11:20.257224083 CEST44349794152.195.19.97192.168.2.4
                                                                          Aug 24, 2024 01:11:20.512829065 CEST49795443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.512873888 CEST44349795172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.512973070 CEST49796443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.513015985 CEST44349796172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.513890982 CEST49795443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.513973951 CEST49796443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.514077902 CEST49796443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.514091015 CEST44349796172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.514193058 CEST49795443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.514210939 CEST44349795172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.906702042 CEST44349770162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.906769037 CEST44349770162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.906887054 CEST49770443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:20.909018040 CEST44349771162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.909085989 CEST44349771162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.909157038 CEST49771443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:20.976635933 CEST44349795172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.976845980 CEST49795443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.976861954 CEST44349795172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.977169991 CEST44349795172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.977452040 CEST49795443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.977511883 CEST44349795172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.977693081 CEST44349796172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.977941990 CEST49796443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.977955103 CEST44349796172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.978266001 CEST44349796172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.978542089 CEST49796443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.978598118 CEST44349796172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:21.024573088 CEST49795443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:21.024578094 CEST49796443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:25.641560078 CEST4976980192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:25.646501064 CEST804976934.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:26.127743006 CEST4977280192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:26.132618904 CEST804977234.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:31.689999104 CEST49799443192.168.2.434.149.100.209
                                                                          Aug 24, 2024 01:11:31.690031052 CEST4434979934.149.100.209192.168.2.4
                                                                          Aug 24, 2024 01:11:31.690249920 CEST49800443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:31.690282106 CEST4434980035.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:31.690321922 CEST49799443192.168.2.434.149.100.209
                                                                          Aug 24, 2024 01:11:31.690468073 CEST49799443192.168.2.434.149.100.209
                                                                          Aug 24, 2024 01:11:31.690475941 CEST4434979934.149.100.209192.168.2.4
                                                                          Aug 24, 2024 01:11:31.690602064 CEST49800443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:31.690763950 CEST49800443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:31.690778017 CEST4434980035.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:31.723325014 CEST49801443192.168.2.435.190.72.216
                                                                          Aug 24, 2024 01:11:31.723337889 CEST4434980135.190.72.216192.168.2.4
                                                                          Aug 24, 2024 01:11:31.731592894 CEST49801443192.168.2.435.190.72.216
                                                                          Aug 24, 2024 01:11:31.733066082 CEST49801443192.168.2.435.190.72.216
                                                                          Aug 24, 2024 01:11:31.733078003 CEST4434980135.190.72.216192.168.2.4
                                                                          Aug 24, 2024 01:11:32.167162895 CEST4434980035.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:32.167257071 CEST49800443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:32.178014040 CEST4434979934.149.100.209192.168.2.4
                                                                          Aug 24, 2024 01:11:32.178149939 CEST49799443192.168.2.434.149.100.209
                                                                          Aug 24, 2024 01:11:32.197479010 CEST4434980135.190.72.216192.168.2.4
                                                                          Aug 24, 2024 01:11:32.197493076 CEST4434980135.190.72.216192.168.2.4
                                                                          Aug 24, 2024 01:11:32.197537899 CEST49801443192.168.2.435.190.72.216
                                                                          Aug 24, 2024 01:11:32.244061947 CEST49800443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:32.244096994 CEST4434980035.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:32.244316101 CEST4434980035.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:32.246977091 CEST49799443192.168.2.434.149.100.209
                                                                          Aug 24, 2024 01:11:32.246998072 CEST4434979934.149.100.209192.168.2.4
                                                                          Aug 24, 2024 01:11:32.247582912 CEST4434979934.149.100.209192.168.2.4
                                                                          Aug 24, 2024 01:11:32.249253988 CEST49802443192.168.2.452.222.236.120
                                                                          Aug 24, 2024 01:11:32.249283075 CEST4434980252.222.236.120192.168.2.4
                                                                          Aug 24, 2024 01:11:32.250817060 CEST49802443192.168.2.452.222.236.120
                                                                          Aug 24, 2024 01:11:32.251507998 CEST49802443192.168.2.452.222.236.120
                                                                          Aug 24, 2024 01:11:32.251522064 CEST4434980252.222.236.120192.168.2.4
                                                                          Aug 24, 2024 01:11:32.251935005 CEST49800443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:32.252078056 CEST4434980035.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:32.252274036 CEST49800443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:32.252279997 CEST4434980035.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:32.252545118 CEST49799443192.168.2.434.149.100.209
                                                                          Aug 24, 2024 01:11:32.252588034 CEST49799443192.168.2.434.149.100.209
                                                                          Aug 24, 2024 01:11:32.252717972 CEST4434979934.149.100.209192.168.2.4
                                                                          Aug 24, 2024 01:11:32.252819061 CEST49799443192.168.2.434.149.100.209
                                                                          Aug 24, 2024 01:11:32.254086971 CEST49801443192.168.2.435.190.72.216
                                                                          Aug 24, 2024 01:11:32.254100084 CEST4434980135.190.72.216192.168.2.4
                                                                          Aug 24, 2024 01:11:32.254148960 CEST49801443192.168.2.435.190.72.216
                                                                          Aug 24, 2024 01:11:32.254288912 CEST4434980135.190.72.216192.168.2.4
                                                                          Aug 24, 2024 01:11:32.254378080 CEST49801443192.168.2.435.190.72.216
                                                                          Aug 24, 2024 01:11:32.263118982 CEST4977280192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:32.263144016 CEST4976980192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:32.268297911 CEST804977234.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:32.268352032 CEST4977280192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:32.268667936 CEST804976934.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:32.268902063 CEST4976980192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:32.270164967 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:32.275103092 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:32.275162935 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:32.275322914 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:32.280373096 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:32.460494995 CEST4434980035.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:32.461277008 CEST49800443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:32.730799913 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:32.734648943 CEST4980480192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:32.739564896 CEST804980434.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:32.739633083 CEST4980480192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:32.739782095 CEST4980480192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:32.744617939 CEST804980434.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:32.779190063 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:33.007442951 CEST4434980252.222.236.120192.168.2.4
                                                                          Aug 24, 2024 01:11:33.007518053 CEST49802443192.168.2.452.222.236.120
                                                                          Aug 24, 2024 01:11:33.010523081 CEST49802443192.168.2.452.222.236.120
                                                                          Aug 24, 2024 01:11:33.010529995 CEST4434980252.222.236.120192.168.2.4
                                                                          Aug 24, 2024 01:11:33.010922909 CEST4434980252.222.236.120192.168.2.4
                                                                          Aug 24, 2024 01:11:33.013241053 CEST49802443192.168.2.452.222.236.120
                                                                          Aug 24, 2024 01:11:33.013464928 CEST4434980252.222.236.120192.168.2.4
                                                                          Aug 24, 2024 01:11:33.013554096 CEST49802443192.168.2.452.222.236.120
                                                                          Aug 24, 2024 01:11:33.013559103 CEST4434980252.222.236.120192.168.2.4
                                                                          Aug 24, 2024 01:11:33.021872997 CEST49805443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.021891117 CEST4434980535.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.022313118 CEST49805443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.022416115 CEST49805443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.022420883 CEST4434980535.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.026226997 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:33.030785084 CEST49806443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.030792952 CEST4434980635.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.030929089 CEST49807443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.030955076 CEST4434980735.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.030977011 CEST49806443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.031056881 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:33.031080961 CEST49806443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.031090975 CEST4434980635.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.031156063 CEST49807443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.031306982 CEST49807443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.031320095 CEST4434980735.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.120879889 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:33.121684074 CEST4980480192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:33.124469042 CEST4980880192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:33.127760887 CEST804980434.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:33.127823114 CEST4980480192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:33.129369020 CEST804980834.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:33.131318092 CEST4980880192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:33.131445885 CEST4980880192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:33.136301041 CEST804980834.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:33.180313110 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:33.220536947 CEST4434980252.222.236.120192.168.2.4
                                                                          Aug 24, 2024 01:11:33.220638037 CEST49802443192.168.2.452.222.236.120
                                                                          Aug 24, 2024 01:11:33.475419998 CEST4434980535.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.475509882 CEST49805443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.478122950 CEST49805443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.478133917 CEST4434980535.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.478358984 CEST4434980535.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.485738039 CEST4434980735.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.485888004 CEST49807443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.488043070 CEST49807443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.488051891 CEST4434980735.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.488281012 CEST4434980735.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.489666939 CEST49805443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.489763021 CEST49805443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.489836931 CEST4434980535.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.491389990 CEST49807443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.491458893 CEST49807443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.491544008 CEST4434980735.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.491600990 CEST49805443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.491605997 CEST49807443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.493510008 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:33.494577885 CEST4434980635.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.494678020 CEST49806443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.497194052 CEST49806443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.497198105 CEST4434980635.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.497392893 CEST4434980635.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.498382092 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:33.499839067 CEST49806443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.499913931 CEST49806443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.499974012 CEST4434980635.244.181.201192.168.2.4
                                                                          Aug 24, 2024 01:11:33.500461102 CEST49806443192.168.2.435.244.181.201
                                                                          Aug 24, 2024 01:11:33.588020086 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:33.588598967 CEST4980880192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:33.590980053 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:33.593647957 CEST804980834.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:33.593699932 CEST4980880192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:33.596014023 CEST804981034.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:33.596071005 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:33.596209049 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:33.601057053 CEST804981034.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:33.628295898 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:34.063868046 CEST804981034.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:34.110102892 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:35.920499086 CEST44349795172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:35.920572996 CEST44349795172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:35.920871973 CEST49795443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:35.921577930 CEST44349796172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:35.921648026 CEST44349796172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:35.923877954 CEST49796443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:43.606708050 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:43.611753941 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:44.075115919 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:44.080116987 CEST804981034.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:51.666011095 CEST49811443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:51.666080952 CEST4434981152.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:51.669092894 CEST49811443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:51.669583082 CEST49811443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:51.669625044 CEST4434981152.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:52.340615034 CEST4434981152.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:52.340861082 CEST49811443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:52.344372988 CEST49811443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:52.344402075 CEST4434981152.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:52.344625950 CEST4434981152.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:52.352027893 CEST49811443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:52.396498919 CEST4434981152.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:52.602307081 CEST4434981152.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:52.602328062 CEST4434981152.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:52.602343082 CEST4434981152.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:52.602417946 CEST49811443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:52.602447033 CEST4434981152.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:52.602642059 CEST4434981152.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:52.602684021 CEST4434981152.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:52.603848934 CEST4434981152.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:52.604763985 CEST49811443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:52.604799986 CEST49811443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:52.606869936 CEST49811443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:52.606884956 CEST4434981152.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:52.606897116 CEST49811443192.168.2.452.165.165.26
                                                                          Aug 24, 2024 01:11:52.606901884 CEST4434981152.165.165.26192.168.2.4
                                                                          Aug 24, 2024 01:11:52.625910044 CEST49785443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:52.625933886 CEST44349785142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:52.641537905 CEST49784443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:52.641551018 CEST44349784142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:53.613514900 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:53.618288994 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:54.081299067 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:11:54.086189032 CEST804981034.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:11:58.240917921 CEST49795443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:58.240962982 CEST44349795172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:58.240967989 CEST49796443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:58.241003036 CEST44349796172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:12:00.591324091 CEST49771443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:00.591347933 CEST44349771162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:00.591370106 CEST49770443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:00.591387987 CEST44349770162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:01.407783985 CEST49813443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:01.407818079 CEST4434981323.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:01.407890081 CEST49813443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:01.408107996 CEST49813443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:01.408119917 CEST4434981323.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:01.883050919 CEST4434981323.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:01.883335114 CEST49813443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:01.883343935 CEST4434981323.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:01.884453058 CEST4434981323.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:01.884748936 CEST49813443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:01.884882927 CEST49813443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:01.884918928 CEST4434981323.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:01.930402040 CEST49813443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:02.123451948 CEST4434981323.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:02.124147892 CEST4434981323.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:02.131031990 CEST49813443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:02.131417036 CEST49813443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:02.131433964 CEST4434981323.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:02.131922007 CEST49814443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:02.131942034 CEST4434981423.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:02.146661997 CEST49814443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:02.146876097 CEST49814443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:02.146886110 CEST4434981423.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:02.637430906 CEST4434981423.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:02.637758017 CEST49814443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:02.637777090 CEST4434981423.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:02.638902903 CEST4434981423.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:02.639517069 CEST49814443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:02.639662027 CEST49814443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:02.639667034 CEST4434981423.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:02.639697075 CEST4434981423.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:02.686115026 CEST49814443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:02.867710114 CEST4434981423.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:02.867969990 CEST4434981423.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:02.868014097 CEST49814443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:02.868027925 CEST4434981423.44.133.38192.168.2.4
                                                                          Aug 24, 2024 01:12:02.868037939 CEST49814443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:02.868037939 CEST49814443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:02.868068933 CEST49814443192.168.2.423.44.133.38
                                                                          Aug 24, 2024 01:12:03.541846991 CEST49815443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:03.541873932 CEST4434981534.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:03.542068005 CEST49816443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:03.542074919 CEST4434981634.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:03.542216063 CEST49817443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:03.542246103 CEST4434981734.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:03.543632984 CEST49815443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:03.543632984 CEST49816443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:03.543642044 CEST49817443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:03.543792009 CEST49815443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:03.543808937 CEST4434981534.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:03.543908119 CEST49816443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:03.543915987 CEST4434981634.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:03.543975115 CEST49817443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:03.543987989 CEST4434981734.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:03.628256083 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:03.633189917 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:04.006925106 CEST4434981634.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.006954908 CEST4434981534.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.007040024 CEST49816443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.007070065 CEST4434981734.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.007097006 CEST49815443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.007127047 CEST49817443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.010251045 CEST49816443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.010257959 CEST4434981634.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.010468006 CEST4434981634.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.012682915 CEST49815443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.012687922 CEST4434981534.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.013067007 CEST4434981534.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.014872074 CEST49817443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.014878988 CEST4434981734.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.015858889 CEST4434981734.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.018513918 CEST49816443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.018654108 CEST4434981634.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.018753052 CEST49816443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.018759012 CEST4434981634.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.018832922 CEST49815443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.018897057 CEST49815443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.019043922 CEST4434981534.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.019234896 CEST49817443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.019296885 CEST49817443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.019385099 CEST4434981734.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.019587040 CEST49815443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.019591093 CEST49817443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.091907024 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:04.097220898 CEST804981034.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:04.224504948 CEST4434981634.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.224566936 CEST49816443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.231713057 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:04.236499071 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:04.243772030 CEST49818443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.243792057 CEST4434981834.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.243860960 CEST49818443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.244148016 CEST49818443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.244158983 CEST4434981834.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.262959957 CEST49819443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.262974024 CEST4434981934.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.263144970 CEST49820443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.263165951 CEST4434982034.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.263436079 CEST49819443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.263436079 CEST49820443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.263569117 CEST49819443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.263581038 CEST4434981934.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.263684034 CEST49820443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.263698101 CEST4434982034.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.265136957 CEST49821443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.265144110 CEST4434982134.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.265207052 CEST49821443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.265320063 CEST49821443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.265331030 CEST4434982134.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.326105118 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:04.328402996 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:04.334197044 CEST804981034.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:04.377203941 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:04.438535929 CEST804981034.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:04.493069887 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:04.712999105 CEST4434981834.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.717528105 CEST49818443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.719405890 CEST4434982034.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.719470024 CEST49820443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.721447945 CEST49818443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.721461058 CEST4434981834.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.723973989 CEST4434981834.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.723988056 CEST49820443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.723992109 CEST4434982034.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.724154949 CEST4434982034.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.725794077 CEST4434981934.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.726506948 CEST49818443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.726618052 CEST49818443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.726653099 CEST4434981834.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.726807117 CEST49820443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.726856947 CEST49820443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.726924896 CEST4434982034.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.729103088 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:04.731168032 CEST49818443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.731194019 CEST49820443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.731194019 CEST49819443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.733753920 CEST49819443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.733766079 CEST4434981934.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.733972073 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:04.734440088 CEST4434981934.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.735534906 CEST49819443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.735627890 CEST49819443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.735950947 CEST4434981934.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.735976934 CEST49819443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.736134052 CEST49819443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.739037991 CEST4434982134.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.739115000 CEST49821443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.742082119 CEST49821443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.742086887 CEST4434982134.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.742290974 CEST4434982134.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.744232893 CEST49821443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.744338036 CEST49821443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.744350910 CEST4434982134.120.208.123192.168.2.4
                                                                          Aug 24, 2024 01:12:04.748307943 CEST49821443192.168.2.434.120.208.123
                                                                          Aug 24, 2024 01:12:04.823498011 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:04.877701998 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:05.105400085 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:05.110193968 CEST804981034.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:05.204741955 CEST804981034.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:05.248281002 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:05.935619116 CEST4972380192.168.2.493.184.221.240
                                                                          Aug 24, 2024 01:12:05.935679913 CEST4972480192.168.2.493.184.221.240
                                                                          Aug 24, 2024 01:12:05.940860033 CEST804972393.184.221.240192.168.2.4
                                                                          Aug 24, 2024 01:12:05.941344976 CEST804972493.184.221.240192.168.2.4
                                                                          Aug 24, 2024 01:12:05.941538095 CEST4972380192.168.2.493.184.221.240
                                                                          Aug 24, 2024 01:12:05.941550970 CEST4972480192.168.2.493.184.221.240
                                                                          Aug 24, 2024 01:12:14.837447882 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:14.842484951 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:15.207380056 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:15.212415934 CEST804981034.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:24.849667072 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:24.854619026 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:25.219762087 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:25.224788904 CEST804981034.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:34.859390974 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:34.864303112 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:35.224986076 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:35.230277061 CEST804981034.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:37.634893894 CEST49785443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:12:37.634915113 CEST44349785142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:12:37.650521040 CEST49784443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:12:37.650542021 CEST44349784142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:12:44.869343996 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:44.874300003 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:45.245732069 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:45.254565954 CEST804981034.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:54.887399912 CEST4980380192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:54.892247915 CEST804980334.107.221.82192.168.2.4
                                                                          Aug 24, 2024 01:12:55.272324085 CEST4981080192.168.2.434.107.221.82
                                                                          Aug 24, 2024 01:12:55.277142048 CEST804981034.107.221.82192.168.2.4

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Aug 24, 2024 01:10:59.392693996 CEST53610471.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:00.588740110 CEST6543653192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:00.589128017 CEST5110253192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:00.882112980 CEST6299953192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:00.882262945 CEST5171453192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:00.888797998 CEST53629991.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:00.889350891 CEST53517141.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:01.903717995 CEST53503161.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:02.370704889 CEST53644491.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:03.513205051 CEST6510153192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:03.520791054 CEST53651011.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:03.522897959 CEST6393253192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:03.531562090 CEST53639321.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:04.094000101 CEST5604253192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:04.094141960 CEST6469453192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:04.094424963 CEST4945753192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:04.094563007 CEST6528553192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:04.100791931 CEST53560421.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:04.100801945 CEST53646941.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:04.101654053 CEST53494571.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:04.102546930 CEST53652851.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:04.432929039 CEST5848353192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:04.433115959 CEST5943953192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:04.439901114 CEST53584831.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:04.440272093 CEST53594391.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:05.118501902 CEST5860653192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:05.132910013 CEST6258453192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:05.142520905 CEST53625841.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:05.144377947 CEST6411853192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:05.153096914 CEST53641181.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:05.233918905 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.541342020 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.613706112 CEST6316053192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:05.620605946 CEST53631601.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:05.625474930 CEST6126153192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:05.626055956 CEST5886253192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:05.632081985 CEST53612611.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:05.703669071 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.703855991 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.703967094 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.704099894 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.704111099 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.707210064 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.708570004 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.708913088 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.709012032 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.709481955 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.709692001 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.709871054 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.710026026 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.802735090 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.802756071 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.802766085 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.802773952 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.803838968 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.803937912 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.804594040 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.805927038 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.806235075 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.806399107 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.806634903 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.806721926 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.807895899 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.898539066 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.898869991 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.898964882 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.934351921 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:05.995249033 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.995701075 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:05.995883942 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:06.005919933 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:06.353984118 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:06.354114056 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:06.449538946 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:06.451522112 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:06.451738119 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:06.453294039 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:06.611016035 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:06.923379898 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.069205999 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.069423914 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.070142031 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.075470924 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.075483084 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.075493097 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.075505972 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.076772928 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.077089071 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.082632065 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.082772970 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.083118916 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.083132982 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.088684082 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.200552940 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.201021910 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.201220036 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.210161924 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.214978933 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.215066910 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.215692043 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.342164993 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:07.469748020 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.469825983 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.469948053 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.470087051 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.470196009 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.470240116 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:07.563945055 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:09.049187899 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:09.049367905 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:09.148596048 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:09.148611069 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:09.148621082 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:09.151500940 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:14.986057043 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:15.104830980 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:15.121938944 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:15.122004032 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:15.122205973 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:15.152070045 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:15.244050026 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:17.528650999 CEST138138192.168.2.4192.168.2.255
                                                                          Aug 24, 2024 01:11:19.483603954 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:19.483704090 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:19.578931093 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:19.580250978 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:19.601190090 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:19.601386070 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:19.601479053 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:19.695732117 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.510828018 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:20.511239052 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:20.512305975 CEST51923443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.606990099 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.609456062 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.609920979 CEST44349905162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.611915112 CEST49905443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:11:20.824331045 CEST51923443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.959688902 CEST44351923172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.959839106 CEST44351923172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.959850073 CEST44351923172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.959860086 CEST44351923172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.959939957 CEST44351923172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:20.960161924 CEST51923443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.961904049 CEST51923443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.962044001 CEST51923443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.962291956 CEST51923443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:20.962362051 CEST51923443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:21.240012884 CEST44351923172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:21.240026951 CEST44351923172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:21.240036011 CEST44351923172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:21.240048885 CEST44351923172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:21.240057945 CEST44351923172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:21.240068913 CEST44351923172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:21.247828007 CEST51923443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:21.247904062 CEST51923443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:21.248035908 CEST51923443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:21.334156990 CEST44351923172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:21.345350981 CEST44351923172.64.41.3192.168.2.4
                                                                          Aug 24, 2024 01:11:21.377044916 CEST51923443192.168.2.4172.64.41.3
                                                                          Aug 24, 2024 01:11:31.682030916 CEST5535053192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:31.689037085 CEST53553501.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:31.690591097 CEST6372853192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:31.691091061 CEST5801653192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:31.697293043 CEST53637281.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:31.697851896 CEST5177353192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:31.698343992 CEST53580161.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:31.698975086 CEST4956753192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:31.704663038 CEST53517731.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:31.705521107 CEST53495671.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:31.947474003 CEST5580353192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:31.954556942 CEST53558031.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:32.241698027 CEST4987953192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:32.248939991 CEST53498791.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:32.252254009 CEST5400453192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:11:32.260071993 CEST53540041.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:11:36.113179922 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:36.312690973 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:36.313122034 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:36.621695995 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:36.671355963 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:36.755225897 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:36.782813072 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:36.783133984 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:36.783406973 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:36.822529078 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:36.863938093 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:36.864295959 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:36.864388943 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:36.903317928 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:11:36.903613091 CEST57805443192.168.2.4142.251.41.14
                                                                          Aug 24, 2024 01:11:36.983932972 CEST44357805142.251.41.14192.168.2.4
                                                                          Aug 24, 2024 01:12:00.592448950 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:00.592585087 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:00.592787981 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:00.592875004 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:00.965698957 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:01.212984085 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:01.213002920 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:01.213098049 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:01.213110924 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:01.213123083 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:01.214082003 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:01.214169979 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:01.214246035 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:01.214314938 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:01.310252905 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:01.310267925 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:01.310616970 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:01.406409979 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:01.406861067 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:01.406987906 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:01.407402992 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:01.932626009 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:01.932739973 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:02.028157949 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:02.029464006 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:02.029764891 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:02.030121088 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:02.031277895 CEST64251443192.168.2.423.219.82.58
                                                                          Aug 24, 2024 01:12:02.347383976 CEST64251443192.168.2.423.219.82.58
                                                                          Aug 24, 2024 01:12:02.491942883 CEST4436425123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:12:02.494389057 CEST4436425123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:12:02.494519949 CEST4436425123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:12:02.494532108 CEST4436425123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:12:02.494540930 CEST4436425123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:12:02.506756067 CEST64251443192.168.2.423.219.82.58
                                                                          Aug 24, 2024 01:12:02.508465052 CEST64251443192.168.2.423.219.82.58
                                                                          Aug 24, 2024 01:12:02.508569002 CEST64251443192.168.2.423.219.82.58
                                                                          Aug 24, 2024 01:12:02.606448889 CEST4436425123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:12:02.606643915 CEST4436425123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:12:02.606673956 CEST4436425123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:12:02.606729984 CEST4436425123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:12:02.606739044 CEST4436425123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:12:02.606822968 CEST64251443192.168.2.423.219.82.58
                                                                          Aug 24, 2024 01:12:02.607168913 CEST64251443192.168.2.423.219.82.58
                                                                          Aug 24, 2024 01:12:02.704844952 CEST4436425123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:12:03.542278051 CEST5082653192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:12:03.549462080 CEST53508261.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:12:03.550017118 CEST5620053192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:12:03.556946993 CEST53562001.1.1.1192.168.2.4
                                                                          Aug 24, 2024 01:12:04.231622934 CEST5502853192.168.2.41.1.1.1
                                                                          Aug 24, 2024 01:12:08.005557060 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:08.005657911 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:08.100894928 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:08.102071047 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:08.102138042 CEST44361196162.159.61.3192.168.2.4
                                                                          Aug 24, 2024 01:12:08.102650881 CEST61196443192.168.2.4162.159.61.3
                                                                          Aug 24, 2024 01:12:08.103282928 CEST51567443192.168.2.4172.253.122.84
                                                                          Aug 24, 2024 01:12:08.103416920 CEST51567443192.168.2.4172.253.122.84
                                                                          Aug 24, 2024 01:12:08.580943108 CEST44351567172.253.122.84192.168.2.4
                                                                          Aug 24, 2024 01:12:08.581509113 CEST44351567172.253.122.84192.168.2.4
                                                                          Aug 24, 2024 01:12:08.581542969 CEST44351567172.253.122.84192.168.2.4
                                                                          Aug 24, 2024 01:12:08.581553936 CEST44351567172.253.122.84192.168.2.4
                                                                          Aug 24, 2024 01:12:08.581563950 CEST44351567172.253.122.84192.168.2.4
                                                                          Aug 24, 2024 01:12:08.582169056 CEST51567443192.168.2.4172.253.122.84
                                                                          Aug 24, 2024 01:12:08.582770109 CEST51567443192.168.2.4172.253.122.84
                                                                          Aug 24, 2024 01:12:08.583034992 CEST51567443192.168.2.4172.253.122.84
                                                                          Aug 24, 2024 01:12:08.682624102 CEST44351567172.253.122.84192.168.2.4
                                                                          Aug 24, 2024 01:12:08.682647943 CEST44351567172.253.122.84192.168.2.4
                                                                          Aug 24, 2024 01:12:08.682987928 CEST51567443192.168.2.4172.253.122.84
                                                                          Aug 24, 2024 01:12:08.683120966 CEST44351567172.253.122.84192.168.2.4
                                                                          Aug 24, 2024 01:12:08.722843885 CEST51567443192.168.2.4172.253.122.84
                                                                          Aug 24, 2024 01:12:08.730221033 CEST44351567172.253.122.84192.168.2.4
                                                                          Aug 24, 2024 01:12:08.730237007 CEST44351567172.253.122.84192.168.2.4
                                                                          Aug 24, 2024 01:12:08.730516911 CEST51567443192.168.2.4172.253.122.84
                                                                          Aug 24, 2024 01:12:08.768594027 CEST51567443192.168.2.4172.253.122.84
                                                                          Aug 24, 2024 01:12:08.856462955 CEST44351567172.253.122.84192.168.2.4
                                                                          Aug 24, 2024 01:12:22.605890036 CEST4436425123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:12:22.642613888 CEST64251443192.168.2.423.219.82.58
                                                                          Aug 24, 2024 01:12:23.172501087 CEST4436425123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:12:23.200753927 CEST64251443192.168.2.423.219.82.58
                                                                          Aug 24, 2024 01:12:32.605443001 CEST4436425123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:13:01.993882895 CEST63741443192.168.2.423.219.82.58
                                                                          Aug 24, 2024 01:13:02.464648962 CEST4436374123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:13:02.464664936 CEST4436374123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:13:02.465332031 CEST63741443192.168.2.423.219.82.58
                                                                          Aug 24, 2024 01:13:02.569628954 CEST4436374123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:13:02.569652081 CEST4436374123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:13:02.569726944 CEST4436374123.219.82.58192.168.2.4
                                                                          Aug 24, 2024 01:13:02.569890976 CEST63741443192.168.2.423.219.82.58
                                                                          Aug 24, 2024 01:13:02.597870111 CEST63741443192.168.2.423.219.82.58
                                                                          Aug 24, 2024 01:13:02.667835951 CEST4436374123.219.82.58192.168.2.4

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Aug 24, 2024 01:11:00.588740110 CEST192.168.2.41.1.1.10x5a9fStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:00.589128017 CEST192.168.2.41.1.1.10xf1abStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                          Aug 24, 2024 01:11:00.882112980 CEST192.168.2.41.1.1.10xf6b8Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:00.882262945 CEST192.168.2.41.1.1.10xc020Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                          Aug 24, 2024 01:11:03.513205051 CEST192.168.2.41.1.1.10xeb72Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:03.522897959 CEST192.168.2.41.1.1.10x5777Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                          Aug 24, 2024 01:11:04.094000101 CEST192.168.2.41.1.1.10x2232Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:04.094141960 CEST192.168.2.41.1.1.10x38bcStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Aug 24, 2024 01:11:04.094424963 CEST192.168.2.41.1.1.10x3651Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:04.094563007 CEST192.168.2.41.1.1.10xcc7eStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Aug 24, 2024 01:11:04.432929039 CEST192.168.2.41.1.1.10x22c1Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:04.433115959 CEST192.168.2.41.1.1.10x371Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.118501902 CEST192.168.2.41.1.1.10xb51bStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.132910013 CEST192.168.2.41.1.1.10x307cStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.144377947 CEST192.168.2.41.1.1.10xa2edStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.613706112 CEST192.168.2.41.1.1.10x65b3Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.625474930 CEST192.168.2.41.1.1.10xcb83Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.626055956 CEST192.168.2.41.1.1.10x862dStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.682030916 CEST192.168.2.41.1.1.10xb425Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.690591097 CEST192.168.2.41.1.1.10x741bStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.691091061 CEST192.168.2.41.1.1.10xb42dStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.697851896 CEST192.168.2.41.1.1.10x5e00Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.698975086 CEST192.168.2.41.1.1.10x5750Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.947474003 CEST192.168.2.41.1.1.10x8752Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:32.241698027 CEST192.168.2.41.1.1.10x890fStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:32.252254009 CEST192.168.2.41.1.1.10xa54cStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                          Aug 24, 2024 01:12:03.542278051 CEST192.168.2.41.1.1.10x131cStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:12:03.550017118 CEST192.168.2.41.1.1.10x4a6eStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                          Aug 24, 2024 01:12:04.231622934 CEST192.168.2.41.1.1.10x2164Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Aug 24, 2024 01:11:00.595880985 CEST1.1.1.1192.168.2.40xf1abNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:00.596308947 CEST1.1.1.1192.168.2.40x5a9fNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:00.888797998 CEST1.1.1.1192.168.2.40xf6b8No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:00.888797998 CEST1.1.1.1192.168.2.40xf6b8No error (0)googlehosted.l.googleusercontent.com142.250.186.33A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:00.889350891 CEST1.1.1.1192.168.2.40xc020No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:02.246573925 CEST1.1.1.1192.168.2.40x4376No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:02.253918886 CEST1.1.1.1192.168.2.40xd3b3No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:02.253918886 CEST1.1.1.1192.168.2.40xd3b3No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:03.258395910 CEST1.1.1.1192.168.2.40x4a0cNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:03.258395910 CEST1.1.1.1192.168.2.40x4a0cNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:03.258636951 CEST1.1.1.1192.168.2.40x703fNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:03.508822918 CEST1.1.1.1192.168.2.40xc08bNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:03.520791054 CEST1.1.1.1192.168.2.40xeb72No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:03.798290014 CEST1.1.1.1192.168.2.40x193dNo error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:03.798290014 CEST1.1.1.1192.168.2.40x193dNo error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:04.100791931 CEST1.1.1.1192.168.2.40x2232No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:04.100791931 CEST1.1.1.1192.168.2.40x2232No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:04.100801945 CEST1.1.1.1192.168.2.40x38bcNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Aug 24, 2024 01:11:04.101654053 CEST1.1.1.1192.168.2.40x3651No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:04.101654053 CEST1.1.1.1192.168.2.40x3651No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:04.102546930 CEST1.1.1.1192.168.2.40xcc7eNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Aug 24, 2024 01:11:04.439901114 CEST1.1.1.1192.168.2.40x22c1No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:04.439901114 CEST1.1.1.1192.168.2.40x22c1No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:04.440272093 CEST1.1.1.1192.168.2.40x371No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.125489950 CEST1.1.1.1192.168.2.40xb51bNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.125489950 CEST1.1.1.1192.168.2.40xb51bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.142520905 CEST1.1.1.1192.168.2.40x307cNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.153096914 CEST1.1.1.1192.168.2.40xa2edNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.297447920 CEST1.1.1.1192.168.2.40x3d24No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.297447920 CEST1.1.1.1192.168.2.40x3d24No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.620605946 CEST1.1.1.1192.168.2.40x65b3No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.632081985 CEST1.1.1.1192.168.2.40xcb83No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.632081985 CEST1.1.1.1192.168.2.40xcb83No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.632587910 CEST1.1.1.1192.168.2.40x862dNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:05.632587910 CEST1.1.1.1192.168.2.40x862dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:06.322009087 CEST1.1.1.1192.168.2.40x3d24No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:06.322009087 CEST1.1.1.1192.168.2.40x3d24No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:07.485343933 CEST1.1.1.1192.168.2.40x3d24No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:07.485343933 CEST1.1.1.1192.168.2.40x3d24No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:09.631171942 CEST1.1.1.1192.168.2.40x3d24No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:09.631171942 CEST1.1.1.1192.168.2.40x3d24No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:13.488326073 CEST1.1.1.1192.168.2.40x3d24No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:13.488326073 CEST1.1.1.1192.168.2.40x3d24No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.689009905 CEST1.1.1.1192.168.2.40x5e91No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.689009905 CEST1.1.1.1192.168.2.40x5e91No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.689037085 CEST1.1.1.1192.168.2.40xb425No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.689037085 CEST1.1.1.1192.168.2.40xb425No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.697293043 CEST1.1.1.1192.168.2.40x741bNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.698343992 CEST1.1.1.1192.168.2.40xb42dNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.954556942 CEST1.1.1.1192.168.2.40x8752No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.954556942 CEST1.1.1.1192.168.2.40x8752No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.954556942 CEST1.1.1.1192.168.2.40x8752No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:31.954556942 CEST1.1.1.1192.168.2.40x8752No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:32.248939991 CEST1.1.1.1192.168.2.40x890fNo error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:32.248939991 CEST1.1.1.1192.168.2.40x890fNo error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:32.248939991 CEST1.1.1.1192.168.2.40x890fNo error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:32.248939991 CEST1.1.1.1192.168.2.40x890fNo error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:33.030059099 CEST1.1.1.1192.168.2.40xc091No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:33.030059099 CEST1.1.1.1192.168.2.40xc091No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:33.504369020 CEST1.1.1.1192.168.2.40x9b68No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:11:33.504369020 CEST1.1.1.1192.168.2.40x9b68No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:12:03.539282084 CEST1.1.1.1192.168.2.40x883No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:12:03.549462080 CEST1.1.1.1192.168.2.40x131cNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:12:04.238450050 CEST1.1.1.1192.168.2.40x2164No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                          Aug 24, 2024 01:12:04.238450050 CEST1.1.1.1192.168.2.40x2164No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                          Aug 24, 2024 01:12:04.240400076 CEST1.1.1.1192.168.2.40x1bcbNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false

                                                                          HTTP Request Dependency Graph

                                                                          • clients2.googleusercontent.com
                                                                          • edgeassetservice.azureedge.net
                                                                          • chrome.cloudflare-dns.com
                                                                          • https:
                                                                            • www.google.com
                                                                          • fs.microsoft.com
                                                                          • www.googleapis.com
                                                                          • slscr.update.microsoft.com
                                                                          • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                          • bzib.nelreports.net
                                                                          • detectportal.firefox.com

                                                                          HTTP Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.44976934.107.221.82807612C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Aug 24, 2024 01:11:05.142304897 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Aug 24, 2024 01:11:05.612273932 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Fri, 23 Aug 2024 15:03:14 GMT
                                                                          Age: 29271
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Aug 24, 2024 01:11:15.622116089 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:11:25.641560078 CEST6OUTData Raw: 00
                                                                          Data Ascii:


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.2.44977234.107.221.82807612C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Aug 24, 2024 01:11:05.653856039 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Aug 24, 2024 01:11:06.109152079 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Fri, 23 Aug 2024 03:35:39 GMT
                                                                          Age: 70527
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Aug 24, 2024 01:11:16.110404968 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:11:26.127743006 CEST6OUTData Raw: 00
                                                                          Data Ascii:


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.2.44980334.107.221.82807612C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Aug 24, 2024 01:11:32.275322914 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Aug 24, 2024 01:11:32.730799913 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Fri, 23 Aug 2024 16:11:10 GMT
                                                                          Age: 25222
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Aug 24, 2024 01:11:33.026226997 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Aug 24, 2024 01:11:33.120879889 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Fri, 23 Aug 2024 16:11:10 GMT
                                                                          Age: 25223
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Aug 24, 2024 01:11:33.493510008 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Aug 24, 2024 01:11:33.588020086 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Fri, 23 Aug 2024 16:11:10 GMT
                                                                          Age: 25223
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Aug 24, 2024 01:11:43.606708050 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:11:53.613514900 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:12:03.628256083 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:12:04.231713057 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Aug 24, 2024 01:12:04.326105118 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Fri, 23 Aug 2024 16:11:10 GMT
                                                                          Age: 25254
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Aug 24, 2024 01:12:04.729103088 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Aug 24, 2024 01:12:04.823498011 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Fri, 23 Aug 2024 16:11:10 GMT
                                                                          Age: 25254
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Aug 24, 2024 01:12:14.837447882 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:12:24.849667072 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:12:34.859390974 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:12:44.869343996 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:12:54.887399912 CEST6OUTData Raw: 00
                                                                          Data Ascii:


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          3192.168.2.44980434.107.221.82807612C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Aug 24, 2024 01:11:32.739782095 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          4192.168.2.44980834.107.221.82807612C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Aug 24, 2024 01:11:33.131445885 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          5192.168.2.44981034.107.221.82807612C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Aug 24, 2024 01:11:33.596209049 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Aug 24, 2024 01:11:34.063868046 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Fri, 23 Aug 2024 03:35:39 GMT
                                                                          Age: 70555
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Aug 24, 2024 01:11:44.075115919 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:11:54.081299067 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:12:04.091907024 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:12:04.328402996 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Aug 24, 2024 01:12:04.438535929 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Fri, 23 Aug 2024 03:35:39 GMT
                                                                          Age: 70585
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Aug 24, 2024 01:12:05.105400085 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Aug 24, 2024 01:12:05.204741955 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Fri, 23 Aug 2024 03:35:39 GMT
                                                                          Age: 70586
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Aug 24, 2024 01:12:15.207380056 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:12:25.219762087 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:12:35.224986076 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:12:45.245732069 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Aug 24, 2024 01:12:55.272324085 CEST6OUTData Raw: 00
                                                                          Data Ascii:


                                                                          HTTPS Proxied Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.449741142.250.186.334438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:01 UTC594OUTGET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                                          Host: clients2.googleusercontent.com
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:01 UTC573INHTTP/1.1 200 OK
                                                                          Accept-Ranges: bytes
                                                                          Content-Length: 135751
                                                                          X-GUploader-UploadID: AHxI1nP4Uq7ym029o9g0gC5fDAtfw-xCJjGzKz6hI_6xke6av19xRBqcyBfTQc29euaGs8wt0r_5tgeeow
                                                                          X-Goog-Hash: crc32c=IDdmTg==
                                                                          Server: UploadServer
                                                                          Date: Fri, 23 Aug 2024 14:27:46 GMT
                                                                          Expires: Sat, 23 Aug 2025 14:27:46 GMT
                                                                          Cache-Control: public, max-age=31536000
                                                                          Age: 31395
                                                                          Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                                          ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                                          Content-Type: application/x-chrome-extension
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close
                                                                          2024-08-23 23:11:01 UTC817INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                          Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                          2024-08-23 23:11:01 UTC1390INData Raw: fd c7 0f 59 dd ca cf cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d
                                                                          Data Ascii: Y0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>
                                                                          2024-08-23 23:11:01 UTC1390INData Raw: b0 78 c3 9a 50 64 5d fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad
                                                                          Data Ascii: xPd]DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewW
                                                                          2024-08-23 23:11:01 UTC1390INData Raw: d9 73 4a e4 91 70 9d a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d
                                                                          Data Ascii: sJp:fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~
                                                                          2024-08-23 23:11:01 UTC1390INData Raw: 58 f0 77 67 86 f4 73 f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb
                                                                          Data Ascii: Xwgs9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:
                                                                          2024-08-23 23:11:01 UTC1390INData Raw: 4d 15 00 a4 81 86 68 ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a
                                                                          Data Ascii: Mh3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:
                                                                          2024-08-23 23:11:01 UTC1390INData Raw: a0 8e 2c ba 65 e8 66 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82
                                                                          Data Ascii: ,ef4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$
                                                                          2024-08-23 23:11:01 UTC1390INData Raw: 3f ec fa 62 d7 ae 70 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12
                                                                          Data Ascii: ?bpnh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u
                                                                          2024-08-23 23:11:01 UTC1390INData Raw: f9 d6 22 50 e1 7c 45 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39
                                                                          Data Ascii: "P|E'3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9
                                                                          2024-08-23 23:11:01 UTC1390INData Raw: 4e 57 c1 ef e1 60 9a 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f
                                                                          Data Ascii: NW`^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gOD


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.2.44976213.107.246.604438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:04 UTC486OUTGET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Edge-Asset-Group: ArbitrationService
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:04 UTC538INHTTP/1.1 200 OK
                                                                          Date: Fri, 23 Aug 2024 23:11:04 GMT
                                                                          Content-Type: application/octet-stream
                                                                          Content-Length: 11989
                                                                          Connection: close
                                                                          Last-Modified: Fri, 23 Aug 2024 00:10:35 GMT
                                                                          ETag: 0x8DCC30802EF150E
                                                                          x-ms-request-id: 9d463e20-501e-0019-7d06-f5446f000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240823T231104Z-15c77d89844khrfk6f44dseews0000000930000000003b50
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-08-23 23:11:04 UTC11989INData Raw: 7b 0d 0a 20 20 22 63 6f 6e 66 69 67 56 65 72 73 69 6f 6e 22 3a 20 33 32 2c 0d 0a 20 20 22 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 73 22 3a 20 5b 0d 0a 20 20 20 20 22 53 68 6f 72 65 6c 69 6e 65 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 49 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 43 4f 55 50 4f 4e 53 5f 43 48 45 43 4b 4f 55 54 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 4c 4f 57 45 52 5f 50 52 49 43 45 5f 46 4f 55 4e 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 42 49 4e 47 5f 53 45 41 52 43 48 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 52 45 42 41 54 45
                                                                          Data Ascii: { "configVersion": 32, "PrivilegedExperiences": [ "ShorelinePrivilegedExperienceID", "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT", "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND", "SHOPPING_AUTO_SHOW_BING_SEARCH", "SHOPPING_AUTO_SHOW_REBATE


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.2.44976113.107.246.604438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:04 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Edge-Asset-Group: Shoreline
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:04 UTC584INHTTP/1.1 200 OK
                                                                          Date: Fri, 23 Aug 2024 23:11:04 GMT
                                                                          Content-Type: application/octet-stream
                                                                          Content-Length: 306698
                                                                          Connection: close
                                                                          Content-Encoding: gzip
                                                                          Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                                          ETag: 0x8DBC9B5C40EBFF4
                                                                          x-ms-request-id: 996e2297-301e-0064-6384-f5d8a7000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240823T231104Z-15c77d89844j2tjq56kca6f6zs0000000a7g000000006s6k
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-08-23 23:11:04 UTC15800INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                                          Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                                          2024-08-23 23:11:04 UTC16384INData Raw: a5 38 7d a8 02 c7 0a 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61
                                                                          Data Ascii: 8}u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5Qa
                                                                          2024-08-23 23:11:04 UTC16384INData Raw: 56 c6 75 11 82 12 e0 b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2
                                                                          Data Ascii: Vu,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35Q
                                                                          2024-08-23 23:11:04 UTC16384INData Raw: 15 3e 36 a4 6a 67 7e 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8
                                                                          Data Ascii: >6jg~*B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M
                                                                          2024-08-23 23:11:04 UTC16384INData Raw: e5 2e b7 93 a4 b3 90 c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43
                                                                          Data Ascii: .kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~C
                                                                          2024-08-23 23:11:04 UTC16384INData Raw: df 26 b7 09 e8 f5 8c 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c
                                                                          Data Ascii: &{M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l
                                                                          2024-08-23 23:11:04 UTC16384INData Raw: c0 77 d7 f0 0b 75 ef b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e
                                                                          Data Ascii: wuO n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>
                                                                          2024-08-23 23:11:04 UTC16384INData Raw: 8f 67 d5 e8 e4 34 eb e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3
                                                                          Data Ascii: g4,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                                                          2024-08-23 23:11:04 UTC16384INData Raw: c8 b1 0e c3 45 a4 cf 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48
                                                                          Data Ascii: E4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vH
                                                                          2024-08-23 23:11:04 UTC16384INData Raw: 94 22 1e 7d b0 6a 95 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25
                                                                          Data Ascii: "}jVG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          3192.168.2.449765162.159.61.34438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:04 UTC245OUTPOST /dns-query HTTP/1.1
                                                                          Host: chrome.cloudflare-dns.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 128
                                                                          Accept: application/dns-message
                                                                          Accept-Language: *
                                                                          User-Agent: Chrome
                                                                          Accept-Encoding: identity
                                                                          Content-Type: application/dns-message
                                                                          2024-08-23 23:11:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom)TP
                                                                          2024-08-23 23:11:04 UTC247INHTTP/1.1 200 OK
                                                                          Server: cloudflare
                                                                          Date: Fri, 23 Aug 2024 23:11:04 GMT
                                                                          Content-Type: application/dns-message
                                                                          Connection: close
                                                                          Access-Control-Allow-Origin: *
                                                                          Content-Length: 468
                                                                          CF-RAY: 8b7ec795ffdb0f85-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          2024-08-23 23:11:04 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 12 00 04 8e fa 40 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom@c)


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          4192.168.2.449764172.64.41.34438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:04 UTC245OUTPOST /dns-query HTTP/1.1
                                                                          Host: chrome.cloudflare-dns.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 128
                                                                          Accept: application/dns-message
                                                                          Accept-Language: *
                                                                          User-Agent: Chrome
                                                                          Accept-Encoding: identity
                                                                          Content-Type: application/dns-message
                                                                          2024-08-23 23:11:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom)TP
                                                                          2024-08-23 23:11:04 UTC247INHTTP/1.1 200 OK
                                                                          Server: cloudflare
                                                                          Date: Fri, 23 Aug 2024 23:11:04 GMT
                                                                          Content-Type: application/dns-message
                                                                          Connection: close
                                                                          Access-Control-Allow-Origin: *
                                                                          Content-Length: 468
                                                                          CF-RAY: 8b7ec7961f958ca5-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          2024-08-23 23:11:04 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 09 00 04 8e fa 51 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcomQ)


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          5192.168.2.449767172.64.41.34438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:04 UTC245OUTPOST /dns-query HTTP/1.1
                                                                          Host: chrome.cloudflare-dns.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 128
                                                                          Accept: application/dns-message
                                                                          Accept-Language: *
                                                                          User-Agent: Chrome
                                                                          Accept-Encoding: identity
                                                                          Content-Type: application/dns-message
                                                                          2024-08-23 23:11:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom)TP
                                                                          2024-08-23 23:11:05 UTC247INHTTP/1.1 200 OK
                                                                          Server: cloudflare
                                                                          Date: Fri, 23 Aug 2024 23:11:04 GMT
                                                                          Content-Type: application/dns-message
                                                                          Connection: close
                                                                          Access-Control-Allow-Origin: *
                                                                          Content-Length: 468
                                                                          CF-RAY: 8b7ec7982cb40cc8-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          2024-08-23 23:11:05 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 7a 00 04 8e fa 41 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcomzA)


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          6192.168.2.44976613.107.246.604438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:05 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Edge-Asset-Group: EntityExtractionDomainsConfig
                                                                          Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                                          Sec-Mesh-Client-Edge-Channel: stable
                                                                          Sec-Mesh-Client-OS: Windows
                                                                          Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                          Sec-Mesh-Client-Arch: x86_64
                                                                          Sec-Mesh-Client-WebView: 0
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:05 UTC583INHTTP/1.1 200 OK
                                                                          Date: Fri, 23 Aug 2024 23:11:05 GMT
                                                                          Content-Type: application/octet-stream
                                                                          Content-Length: 70207
                                                                          Connection: close
                                                                          Content-Encoding: gzip
                                                                          Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                                          ETag: 0x8DCB31E67C22927
                                                                          x-ms-request-id: ea88565b-f01e-003d-6c06-f5dd21000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240823T231105Z-15c77d89844fb9g8ewy8k6m5cc0000000d4000000000ggrq
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-08-23 23:11:05 UTC15801INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                                          Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                                          2024-08-23 23:11:05 UTC16384INData Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31
                                                                          Data Ascii: JEq*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
                                                                          2024-08-23 23:11:05 UTC16384INData Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63
                                                                          Data Ascii: /M5?Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|c
                                                                          2024-08-23 23:11:05 UTC16384INData Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81
                                                                          Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
                                                                          2024-08-23 23:11:05 UTC5254INData Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83
                                                                          Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          7192.168.2.449768172.64.41.34438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:05 UTC245OUTPOST /dns-query HTTP/1.1
                                                                          Host: chrome.cloudflare-dns.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 128
                                                                          Accept: application/dns-message
                                                                          Accept-Language: *
                                                                          User-Agent: Chrome
                                                                          Accept-Encoding: identity
                                                                          Content-Type: application/dns-message
                                                                          2024-08-23 23:11:05 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom)TP
                                                                          2024-08-23 23:11:05 UTC247INHTTP/1.1 200 OK
                                                                          Server: cloudflare
                                                                          Date: Fri, 23 Aug 2024 23:11:05 GMT
                                                                          Content-Type: application/dns-message
                                                                          Connection: close
                                                                          Access-Control-Allow-Origin: *
                                                                          Content-Length: 468
                                                                          CF-RAY: 8b7ec79bcc4c42ea-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          2024-08-23 23:11:05 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 ad 00 04 8e fa 41 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcomA)


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          8192.168.2.44977613.107.246.404438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:06 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:06 UTC543INHTTP/1.1 200 OK
                                                                          Date: Fri, 23 Aug 2024 23:11:06 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1966
                                                                          Connection: close
                                                                          Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                                          ETag: 0x8DBDCB5EC122A94
                                                                          x-ms-request-id: 34f43450-901e-0062-3e89-f52fdf000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240823T231106Z-15c77d898449fl4tarb4zsefrg0000000cy0000000006z6w
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-08-23 23:11:06 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          9192.168.2.44977313.107.246.404438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:06 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:06 UTC543INHTTP/1.1 200 OK
                                                                          Date: Fri, 23 Aug 2024 23:11:06 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1751
                                                                          Connection: close
                                                                          Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                                          ETag: 0x8DBCEA8D5AACC85
                                                                          x-ms-request-id: c5621c3e-101e-001e-7a6a-f5b2ea000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240823T231106Z-15c77d89844n8m75vqkmf3rwqs0000000cqg00000000gbnk
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-08-23 23:11:06 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          10192.168.2.44977413.107.246.404438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:06 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:06 UTC543INHTTP/1.1 200 OK
                                                                          Date: Fri, 23 Aug 2024 23:11:06 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1427
                                                                          Connection: close
                                                                          Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                                          ETag: 0x8DBDCB5EF021F8E
                                                                          x-ms-request-id: c872ec7e-501e-0056-326a-f58077000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240823T231106Z-15c77d89844zfzwvumakpphgy00000000cq0000000004vyw
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-08-23 23:11:06 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          11192.168.2.44977813.107.246.404438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:06 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:06 UTC543INHTTP/1.1 200 OK
                                                                          Date: Fri, 23 Aug 2024 23:11:06 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 2008
                                                                          Connection: close
                                                                          Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                                          ETag: 0x8DBC9B5C0C17219
                                                                          x-ms-request-id: 9d4d0421-d01e-0003-5e8f-f56b00000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240823T231106Z-15c77d89844kbl6srprq9z8xz000000000s00000000016am
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-08-23 23:11:06 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          12192.168.2.44977713.107.246.404438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:06 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:06 UTC543INHTTP/1.1 200 OK
                                                                          Date: Fri, 23 Aug 2024 23:11:06 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 2229
                                                                          Connection: close
                                                                          Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                                          ETag: 0x8DBD59359A9E77B
                                                                          x-ms-request-id: 91564f5f-a01e-0048-7d5f-f55a9a000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240823T231106Z-15c77d89844j2tjq56kca6f6zs0000000a90000000004cmc
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-08-23 23:11:06 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          13192.168.2.44977513.107.246.404438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:06 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:06 UTC543INHTTP/1.1 200 OK
                                                                          Date: Fri, 23 Aug 2024 23:11:06 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1154
                                                                          Connection: close
                                                                          Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                                          ETag: 0x8DBD5935D5B3965
                                                                          x-ms-request-id: 3757ef32-a01e-0007-2b5f-f59e82000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240823T231106Z-15c77d89844zfzwvumakpphgy00000000ch000000000tddb
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-08-23 23:11:06 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          14192.168.2.449779142.251.41.144438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:06 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                          Host: play.google.com
                                                                          Connection: keep-alive
                                                                          Accept: */*
                                                                          Access-Control-Request-Method: POST
                                                                          Access-Control-Request-Headers: x-goog-authuser
                                                                          Origin: https://accounts.google.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Sec-Fetch-Mode: cors
                                                                          Sec-Fetch-Site: same-site
                                                                          Sec-Fetch-Dest: empty
                                                                          Referer: https://accounts.google.com/
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:06 UTC520INHTTP/1.1 200 OK
                                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                          Access-Control-Max-Age: 86400
                                                                          Access-Control-Allow-Credentials: true
                                                                          Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                          Content-Type: text/plain; charset=UTF-8
                                                                          Date: Fri, 23 Aug 2024 23:11:06 GMT
                                                                          Server: Playlog
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          15192.168.2.449780142.251.41.144438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:06 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                          Host: play.google.com
                                                                          Connection: keep-alive
                                                                          Accept: */*
                                                                          Access-Control-Request-Method: POST
                                                                          Access-Control-Request-Headers: x-goog-authuser
                                                                          Origin: https://accounts.google.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Sec-Fetch-Mode: cors
                                                                          Sec-Fetch-Site: same-site
                                                                          Sec-Fetch-Dest: empty
                                                                          Referer: https://accounts.google.com/
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:06 UTC520INHTTP/1.1 200 OK
                                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                          Access-Control-Max-Age: 86400
                                                                          Access-Control-Allow-Credentials: true
                                                                          Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                          Content-Type: text/plain; charset=UTF-8
                                                                          Date: Fri, 23 Aug 2024 23:11:06 GMT
                                                                          Server: Playlog
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          16192.168.2.449781184.28.90.27443
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:06 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          Accept-Encoding: identity
                                                                          User-Agent: Microsoft BITS/7.8
                                                                          Host: fs.microsoft.com
                                                                          2024-08-23 23:11:07 UTC467INHTTP/1.1 200 OK
                                                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                          Content-Type: application/octet-stream
                                                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                          Server: ECAcc (lpl/EF70)
                                                                          X-CID: 11
                                                                          X-Ms-ApiVersion: Distribute 1.2
                                                                          X-Ms-Region: prod-weu-z1
                                                                          Cache-Control: public, max-age=149673
                                                                          Date: Fri, 23 Aug 2024 23:11:07 GMT
                                                                          Connection: close
                                                                          X-CID: 2


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          17192.168.2.449782142.250.80.364438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:06 UTC899OUTGET /favicon.ico HTTP/1.1
                                                                          Host: www.google.com
                                                                          Connection: keep-alive
                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                          sec-ch-ua-mobile: ?0
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          sec-ch-ua-arch: "x86"
                                                                          sec-ch-ua-full-version: "117.0.2045.47"
                                                                          sec-ch-ua-platform-version: "10.0.0"
                                                                          sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                                          sec-ch-ua-bitness: "64"
                                                                          sec-ch-ua-model: ""
                                                                          sec-ch-ua-wow64: ?0
                                                                          sec-ch-ua-platform: "Windows"
                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                          Sec-Fetch-Site: same-site
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: image
                                                                          Referer: https://accounts.google.com/
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:07 UTC706INHTTP/1.1 200 OK
                                                                          Accept-Ranges: bytes
                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                          Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                          Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                          Content-Length: 5430
                                                                          X-Content-Type-Options: nosniff
                                                                          Server: sffe
                                                                          X-XSS-Protection: 0
                                                                          Date: Fri, 23 Aug 2024 19:36:50 GMT
                                                                          Expires: Sat, 31 Aug 2024 19:36:50 GMT
                                                                          Cache-Control: public, max-age=691200
                                                                          Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                          Content-Type: image/x-icon
                                                                          Vary: Accept-Encoding
                                                                          Age: 12857
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close
                                                                          2024-08-23 23:11:07 UTC684INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                          Data Ascii: h& ( 0.v]X:X:rY
                                                                          2024-08-23 23:11:07 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c
                                                                          Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<
                                                                          2024-08-23 23:11:07 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42
                                                                          Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                          2024-08-23 23:11:07 UTC1390INData Raw: 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                          Data Ascii: BBBBBBBF!4I
                                                                          2024-08-23 23:11:07 UTC576INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                          Data Ascii: $'


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          18192.168.2.44978313.107.246.404438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:07 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:07 UTC543INHTTP/1.1 200 OK
                                                                          Date: Fri, 23 Aug 2024 23:11:07 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1468
                                                                          Connection: close
                                                                          Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                                          ETag: 0x8DBDCB5E23DFC43
                                                                          x-ms-request-id: 1502b88b-c01e-0058-5c77-f56c7c000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240823T231107Z-15c77d89844bhmk535uzmhuz380000000ch0000000004k52
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-08-23 23:11:07 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          19192.168.2.449786184.28.90.27443
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:08 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          Accept-Encoding: identity
                                                                          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                          Range: bytes=0-2147483646
                                                                          User-Agent: Microsoft BITS/7.8
                                                                          Host: fs.microsoft.com
                                                                          2024-08-23 23:11:08 UTC515INHTTP/1.1 200 OK
                                                                          ApiVersion: Distribute 1.1
                                                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                          Content-Type: application/octet-stream
                                                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                          Server: ECAcc (lpl/EF06)
                                                                          X-CID: 11
                                                                          X-Ms-ApiVersion: Distribute 1.2
                                                                          X-Ms-Region: prod-weu-z1
                                                                          Cache-Control: public, max-age=149647
                                                                          Date: Fri, 23 Aug 2024 23:11:08 GMT
                                                                          Content-Length: 55
                                                                          Connection: close
                                                                          X-CID: 2
                                                                          2024-08-23 23:11:08 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          20192.168.2.449787142.250.65.2024438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:09 UTC448OUTPOST /chromewebstore/v1.1/items/verify HTTP/1.1
                                                                          Host: www.googleapis.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 119
                                                                          Content-Type: application/json
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:09 UTC119OUTData Raw: 7b 22 68 61 73 68 22 3a 22 4f 36 7a 53 63 4c 4c 64 42 71 64 79 49 4d 7a 38 66 34 62 69 5a 53 74 31 62 78 6a 78 6d 66 4a 4c 71 4e 4f 4f 4c 64 4a 78 6e 69 4d 3d 22 2c 22 69 64 73 22 3a 5b 22 67 68 62 6d 6e 6e 6a 6f 6f 65 6b 70 6d 6f 65 63 6e 6e 6e 69 6c 6e 6e 62 64 6c 6f 6c 68 6b 68 69 22 5d 2c 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 31 7d
                                                                          Data Ascii: {"hash":"O6zScLLdBqdyIMz8f4biZSt1bxjxmfJLqNOOLdJxniM=","ids":["ghbmnnjooekpmoecnnnilnnbdlolhkhi"],"protocol_version":1}
                                                                          2024-08-23 23:11:09 UTC341INHTTP/1.1 200 OK
                                                                          Content-Type: application/json; charset=UTF-8
                                                                          Vary: Origin
                                                                          Vary: X-Origin
                                                                          Vary: Referer
                                                                          Date: Fri, 23 Aug 2024 23:11:09 GMT
                                                                          Server: ESF
                                                                          Content-Length: 483
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close
                                                                          2024-08-23 23:11:09 UTC483INData Raw: 7b 0a 20 20 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 20 31 2c 0a 20 20 22 73 69 67 6e 61 74 75 72 65 22 3a 20 22 4d 45 44 5a 4a 49 4e 4b 4b 63 4a 37 63 51 2b 4c 78 6f 62 38 67 6d 54 74 75 41 45 74 79 6d 54 52 78 39 4d 55 43 73 68 65 34 75 67 6f 7a 2f 37 4c 32 5a 79 2f 78 77 54 6e 33 64 53 49 52 6a 52 73 6c 4a 73 6c 61 38 61 2b 36 6f 53 66 5a 58 31 4f 7a 64 2f 4c 30 71 62 4b 4d 74 6b 4f 45 4c 72 46 78 2b 4c 6d 55 35 48 4c 44 55 44 5a 68 44 65 41 35 49 45 33 4d 39 55 31 49 7a 69 71 74 63 77 4d 39 51 75 2b 72 31 66 41 62 66 6b 35 53 43 57 6c 48 66 63 32 2f 6f 64 4d 46 67 43 71 6a 75 6e 62 71 6d 31 6f 66 34 49 6d 77 47 74 52 63 6a 42 38 44 75 76 4a 52 6d 36 46 67 73 46 68 70 62 46 38 6c 4c 7a 67 79 53 66 56 78 69 4e 33 71 77 77 47 62 69 53 37
                                                                          Data Ascii: { "protocol_version": 1, "signature": "MEDZJINKKcJ7cQ+Lxob8gmTtuAEtymTRx9MUCshe4ugoz/7L2Zy/xwTn3dSIRjRslJsla8a+6oSfZX1Ozd/L0qbKMtkOELrFx+LmU5HLDUDZhDeA5IE3M9U1IziqtcwM9Qu+r1fAbfk5SCWlHfc2/odMFgCqjunbqm1of4ImwGtRcjB8DuvJRm6FgsFhpbF8lLzgySfVxiN3qwwGbiS7


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          21192.168.2.44978852.165.165.26443
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:13 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=y9Rw3h3GTccr6XW&MD=FvrnXA78 HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                          Host: slscr.update.microsoft.com
                                                                          2024-08-23 23:11:13 UTC560INHTTP/1.1 200 OK
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Content-Type: application/octet-stream
                                                                          Expires: -1
                                                                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                          ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                          MS-CorrelationId: 20e007ab-afd2-4ae8-b9c8-927e0a37cfbb
                                                                          MS-RequestId: e0014b85-e2aa-4acc-9085-3c4a9bc7037c
                                                                          MS-CV: x5IZdLznCEaS3eqe.0
                                                                          X-Microsoft-SLSClientCache: 2880
                                                                          Content-Disposition: attachment; filename=environment.cab
                                                                          X-Content-Type-Options: nosniff
                                                                          Date: Fri, 23 Aug 2024 23:11:13 GMT
                                                                          Connection: close
                                                                          Content-Length: 24490
                                                                          2024-08-23 23:11:13 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                          Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                          2024-08-23 23:11:13 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                          Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          22192.168.2.449794152.195.19.974438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:20 UTC620OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725059462&P2=404&P3=2&P4=WU3JEXLWB4VqS5mS6%2bD%2fzcy%2bCleU2PlRBEk0d0Mc7FBvOPnGLoGuwCA%2fs2sUqZKoYsZHTPAcx9IZHRsozz9OkQ%3d%3d HTTP/1.1
                                                                          Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                          Connection: keep-alive
                                                                          MS-CV: kIl/qufiou9+44FtzgvkuF
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:11:20 UTC632INHTTP/1.1 200 OK
                                                                          Accept-Ranges: bytes
                                                                          Age: 4381211
                                                                          Cache-Control: public, max-age=17280000
                                                                          Content-Type: application/x-chrome-extension
                                                                          Date: Fri, 23 Aug 2024 23:11:20 GMT
                                                                          Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                          Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                          MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                          MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                          MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                          Server: ECAcc (nyd/D11E)
                                                                          X-AspNet-Version: 4.0.30319
                                                                          X-AspNetMvc-Version: 5.3
                                                                          X-Cache: HIT
                                                                          X-CCC: US
                                                                          X-CID: 11
                                                                          X-Powered-By: ASP.NET
                                                                          X-Powered-By: ARR/3.0
                                                                          X-Powered-By: ASP.NET
                                                                          Content-Length: 11185
                                                                          Connection: close
                                                                          2024-08-23 23:11:20 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                          Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          23192.168.2.44981152.165.165.26443
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:11:52 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=y9Rw3h3GTccr6XW&MD=FvrnXA78 HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                          Host: slscr.update.microsoft.com
                                                                          2024-08-23 23:11:52 UTC560INHTTP/1.1 200 OK
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Content-Type: application/octet-stream
                                                                          Expires: -1
                                                                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                          ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                          MS-CorrelationId: 7d54eaf8-78d4-4dd1-8f9a-f820cdee98d1
                                                                          MS-RequestId: d4539992-2d04-4862-b179-49fc1ae96812
                                                                          MS-CV: qoBEq7iSP0u2wUD1.0
                                                                          X-Microsoft-SLSClientCache: 1440
                                                                          Content-Disposition: attachment; filename=environment.cab
                                                                          X-Content-Type-Options: nosniff
                                                                          Date: Fri, 23 Aug 2024 23:11:52 GMT
                                                                          Connection: close
                                                                          Content-Length: 30005
                                                                          2024-08-23 23:11:52 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                          Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                          2024-08-23 23:11:52 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                          Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          24192.168.2.44981323.44.133.384438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:12:01 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                                          Host: bzib.nelreports.net
                                                                          Connection: keep-alive
                                                                          Origin: https://business.bing.com
                                                                          Access-Control-Request-Method: POST
                                                                          Access-Control-Request-Headers: content-type
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:12:02 UTC361INHTTP/1.1 200 OK
                                                                          Content-Length: 0
                                                                          Access-Control-Allow-Headers: content-type
                                                                          Date: Fri, 23 Aug 2024 23:12:02 GMT
                                                                          Connection: close
                                                                          PMUSER_FORMAT_QS:
                                                                          X-CDN-TraceId: 0.26862c17.1724454721.2bf73904
                                                                          Access-Control-Allow-Credentials: false
                                                                          Access-Control-Allow-Methods: *
                                                                          Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                          Access-Control-Allow-Origin: *


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          25192.168.2.44981423.44.133.384438168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-08-23 23:12:02 UTC382OUTPOST /api/report?cat=bingbusiness HTTP/1.1
                                                                          Host: bzib.nelreports.net
                                                                          Connection: keep-alive
                                                                          Content-Length: 465
                                                                          Content-Type: application/reports+json
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-08-23 23:12:02 UTC465OUTData Raw: 5b 7b 22 61 67 65 22 3a 36 30 30 30 35 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 38 35 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 33 2e 31 30 37 2e 36 2e 31 35 38 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 31 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 75 73 69 6e 65 73 73 2e 62 69 6e 67
                                                                          Data Ascii: [{"age":60005,"body":{"elapsed_time":853,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"13.107.6.158","status_code":401,"type":"http.error"},"type":"network-error","url":"https://business.bing
                                                                          2024-08-23 23:12:02 UTC359INHTTP/1.1 200 OK
                                                                          Content-Length: 21
                                                                          Content-Type: text/plain; charset=utf-8
                                                                          Date: Fri, 23 Aug 2024 23:12:02 GMT
                                                                          Connection: close
                                                                          PMUSER_FORMAT_QS:
                                                                          X-CDN-TraceId: 0.26862c17.1724454722.2bf73b82
                                                                          Access-Control-Allow-Credentials: false
                                                                          Access-Control-Allow-Methods: *
                                                                          Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                          Access-Control-Allow-Origin: *
                                                                          2024-08-23 23:12:02 UTC21INData Raw: 50 72 6f 63 65 73 73 65 64 20 74 68 65 20 72 65 71 75 65 73 74
                                                                          Data Ascii: Processed the request


                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:0
                                                                          Start time:19:10:54
                                                                          Start date:23/08/2024
                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                                          Imagebase:0x7b0000
                                                                          File size:917'504 bytes
                                                                          MD5 hash:A073A6E8E7C3AD781692B1605F258FD1
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:1
                                                                          Start time:19:10:54
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:2
                                                                          Start time:19:10:54
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff6bf500000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:4
                                                                          Start time:19:10:54
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                                          Imagebase:0x7ff6bf500000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:5
                                                                          Start time:19:10:55
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff6bf500000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:6
                                                                          Start time:19:10:55
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2076,i,17669347106605234999,9910388337433710884,262144 /prefetch:3
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:7
                                                                          Start time:19:10:55
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:8
                                                                          Start time:19:10:56
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:3
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:10
                                                                          Start time:19:11:00
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6412 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:11
                                                                          Start time:19:11:00
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6644 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:12
                                                                          Start time:19:11:00
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2264 -parentBuildID 20230927232528 -prefsHandle 2196 -prefMapHandle 2188 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e11ac20-5cb0-448c-aa87-ee7ce181ca52} 7612 "\\.\pipe\gecko-crash-server-pipe.7612" 2c88596ef10 socket
                                                                          Imagebase:0x7ff6bf500000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:15
                                                                          Start time:19:11:03
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8
                                                                          Imagebase:0x7ff664460000
                                                                          File size:1'255'976 bytes
                                                                          MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:16
                                                                          Start time:19:11:03
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8
                                                                          Imagebase:0x7ff664460000
                                                                          File size:1'255'976 bytes
                                                                          MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:17
                                                                          Start time:19:11:04
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4232 -parentBuildID 20230927232528 -prefsHandle 4224 -prefMapHandle 4220 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6289b82-366a-4274-8261-e0b21f364452} 7612 "\\.\pipe\gecko-crash-server-pipe.7612" 2c89790c510 rdd
                                                                          Imagebase:0x7ff6bf500000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:19
                                                                          Start time:19:11:13
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:20
                                                                          Start time:19:11:14
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2036,i,5757746019126546193,13556498926841986703,262144 /prefetch:3
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:23
                                                                          Start time:19:11:21
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:24
                                                                          Start time:19:11:22
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2068,i,6384063103562577227,12944840705359721373,262144 /prefetch:3
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:25
                                                                          Start time:19:11:56
                                                                          Start date:23/08/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6704 --field-trial-handle=2352,i,5663111200801044148,2503407765449471288,262144 /prefetch:8
                                                                          Imagebase:0x7ff67dcd0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:false

                                                                          Disassembly

                                                                          Reset < >

                                                                            Execution Graph

                                                                            Execution Coverage:1.9%
                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                            Signature Coverage:5.1%
                                                                            Total number of Nodes:1404
                                                                            Total number of Limit Nodes:47
                                                                            execution_graph 94811 7b105b 94816 7b344d 94811->94816 94813 7b106a 94847 7d00a3 29 API calls __onexit 94813->94847 94815 7b1074 94817 7b345d __wsopen_s 94816->94817 94848 7ba961 94817->94848 94821 7b351c 94860 7b3357 94821->94860 94828 7ba961 22 API calls 94829 7b354d 94828->94829 94881 7ba6c3 94829->94881 94832 7f3176 RegQueryValueExW 94833 7f320c RegCloseKey 94832->94833 94834 7f3193 94832->94834 94838 7b3578 94833->94838 94845 7f321e _wcslen 94833->94845 94887 7cfe0b 94834->94887 94836 7f31ac 94897 7b5722 94836->94897 94838->94813 94840 7f31d4 94900 7b6b57 94840->94900 94842 7f31ee messages 94842->94833 94844 7b515f 22 API calls 94844->94845 94845->94838 94845->94844 94846 7b4c6d 22 API calls 94845->94846 94912 7b9cb3 94845->94912 94846->94845 94847->94815 94849 7cfe0b 22 API calls 94848->94849 94850 7ba976 94849->94850 94918 7cfddb 94850->94918 94852 7b3513 94853 7b3a5a 94852->94853 94940 7f1f50 94853->94940 94856 7b9cb3 22 API calls 94857 7b3a8d 94856->94857 94942 7b3aa2 94857->94942 94859 7b3a97 94859->94821 94861 7f1f50 __wsopen_s 94860->94861 94862 7b3364 GetFullPathNameW 94861->94862 94863 7b3386 94862->94863 94864 7b6b57 22 API calls 94863->94864 94865 7b33a4 94864->94865 94866 7b33c6 94865->94866 94867 7f30bb 94866->94867 94868 7b33dd 94866->94868 94870 7cfddb 22 API calls 94867->94870 94966 7b33ee 94868->94966 94872 7f30c5 _wcslen 94870->94872 94871 7b33e8 94875 7b515f 94871->94875 94873 7cfe0b 22 API calls 94872->94873 94874 7f30fe __fread_nolock 94873->94874 94876 7b516e 94875->94876 94880 7b518f __fread_nolock 94875->94880 94879 7cfe0b 22 API calls 94876->94879 94877 7cfddb 22 API calls 94878 7b3544 94877->94878 94878->94828 94879->94880 94880->94877 94882 7ba6dd 94881->94882 94883 7b3556 RegOpenKeyExW 94881->94883 94884 7cfddb 22 API calls 94882->94884 94883->94832 94883->94838 94885 7ba6e7 94884->94885 94886 7cfe0b 22 API calls 94885->94886 94886->94883 94890 7cfddb 94887->94890 94888 7dea0c ___std_exception_copy 21 API calls 94888->94890 94889 7cfdfa 94889->94836 94890->94888 94890->94889 94893 7cfdfc 94890->94893 94981 7d4ead 7 API calls 2 library calls 94890->94981 94892 7d066d 94983 7d32a4 RaiseException 94892->94983 94893->94892 94982 7d32a4 RaiseException 94893->94982 94896 7d068a 94896->94836 94898 7cfddb 22 API calls 94897->94898 94899 7b5734 RegQueryValueExW 94898->94899 94899->94840 94899->94842 94901 7f4ba1 94900->94901 94902 7b6b67 _wcslen 94900->94902 94903 7b93b2 22 API calls 94901->94903 94905 7b6b7d 94902->94905 94906 7b6ba2 94902->94906 94904 7f4baa 94903->94904 94904->94904 94984 7b6f34 22 API calls 94905->94984 94908 7cfddb 22 API calls 94906->94908 94910 7b6bae 94908->94910 94909 7b6b85 __fread_nolock 94909->94842 94911 7cfe0b 22 API calls 94910->94911 94911->94909 94913 7b9cc2 _wcslen 94912->94913 94914 7cfe0b 22 API calls 94913->94914 94915 7b9cea __fread_nolock 94914->94915 94916 7cfddb 22 API calls 94915->94916 94917 7b9d00 94916->94917 94917->94845 94921 7cfde0 94918->94921 94920 7cfdfa 94920->94852 94921->94920 94924 7cfdfc 94921->94924 94928 7dea0c 94921->94928 94935 7d4ead 7 API calls 2 library calls 94921->94935 94923 7d066d 94937 7d32a4 RaiseException 94923->94937 94924->94923 94936 7d32a4 RaiseException 94924->94936 94927 7d068a 94927->94852 94933 7e3820 pre_c_initialization 94928->94933 94929 7e385e 94939 7df2d9 20 API calls __dosmaperr 94929->94939 94930 7e3849 RtlAllocateHeap 94932 7e385c 94930->94932 94930->94933 94932->94921 94933->94929 94933->94930 94938 7d4ead 7 API calls 2 library calls 94933->94938 94935->94921 94936->94923 94937->94927 94938->94933 94939->94932 94941 7b3a67 GetModuleFileNameW 94940->94941 94941->94856 94943 7f1f50 __wsopen_s 94942->94943 94944 7b3aaf GetFullPathNameW 94943->94944 94945 7b3ae9 94944->94945 94946 7b3ace 94944->94946 94948 7ba6c3 22 API calls 94945->94948 94947 7b6b57 22 API calls 94946->94947 94949 7b3ada 94947->94949 94948->94949 94952 7b37a0 94949->94952 94953 7b37ae 94952->94953 94956 7b93b2 94953->94956 94955 7b37c2 94955->94859 94957 7b93c9 __fread_nolock 94956->94957 94958 7b93c0 94956->94958 94957->94955 94958->94957 94960 7baec9 94958->94960 94961 7baedc 94960->94961 94965 7baed9 __fread_nolock 94960->94965 94962 7cfddb 22 API calls 94961->94962 94963 7baee7 94962->94963 94964 7cfe0b 22 API calls 94963->94964 94964->94965 94965->94957 94967 7b33fe _wcslen 94966->94967 94968 7f311d 94967->94968 94969 7b3411 94967->94969 94971 7cfddb 22 API calls 94968->94971 94976 7ba587 94969->94976 94973 7f3127 94971->94973 94972 7b341e __fread_nolock 94972->94871 94974 7cfe0b 22 API calls 94973->94974 94975 7f3157 __fread_nolock 94974->94975 94977 7ba59d 94976->94977 94980 7ba598 __fread_nolock 94976->94980 94978 7ff80f 94977->94978 94979 7cfe0b 22 API calls 94977->94979 94979->94980 94980->94972 94981->94890 94982->94892 94983->94896 94984->94909 94985 802a00 94999 7bd7b0 messages 94985->94999 94986 7bdb11 PeekMessageW 94986->94999 94987 7bd807 GetInputState 94987->94986 94987->94999 94989 801cbe TranslateAcceleratorW 94989->94999 94990 7bdb8f PeekMessageW 94990->94999 94991 7bdb73 TranslateMessage DispatchMessageW 94991->94990 94992 7bda04 timeGetTime 94992->94999 94993 7bdbaf Sleep 95007 7bdbc0 94993->95007 94994 802b74 Sleep 94994->95007 94995 801dda timeGetTime 95138 7ce300 23 API calls 94995->95138 94996 7ce551 timeGetTime 94996->95007 94999->94986 94999->94987 94999->94989 94999->94990 94999->94991 94999->94992 94999->94993 94999->94994 94999->94995 95002 7bd9d5 94999->95002 95017 7bdd50 94999->95017 95024 7c1310 94999->95024 95078 7bdfd0 185 API calls 3 library calls 94999->95078 95079 7bbf40 94999->95079 95137 7cedf6 IsDialogMessageW GetClassLongW 94999->95137 95139 823a2a 23 API calls 94999->95139 95140 7bec40 94999->95140 95164 82359c 82 API calls __wsopen_s 94999->95164 95000 802c0b GetExitCodeProcess 95003 802c21 WaitForSingleObject 95000->95003 95004 802c37 CloseHandle 95000->95004 95003->94999 95003->95004 95004->95007 95005 802a31 95005->95002 95006 8429bf GetForegroundWindow 95006->95007 95007->94996 95007->94999 95007->95000 95007->95002 95007->95005 95007->95006 95008 802ca9 Sleep 95007->95008 95165 835658 23 API calls 95007->95165 95166 81e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95007->95166 95167 81d4dc CreateToolhelp32Snapshot Process32FirstW 95007->95167 95008->94999 95018 7bdd6f 95017->95018 95019 7bdd83 95017->95019 95177 7bd260 95018->95177 95209 82359c 82 API calls __wsopen_s 95019->95209 95021 7bdd7a 95021->94999 95023 802f75 95023->95023 95025 7c1376 95024->95025 95026 7c17b0 95024->95026 95027 806331 95025->95027 95028 7c1390 95025->95028 95241 7d0242 5 API calls __Init_thread_wait 95026->95241 95246 83709c 185 API calls 95027->95246 95217 7c1940 95028->95217 95032 7c17ba 95035 7c17fb 95032->95035 95037 7b9cb3 22 API calls 95032->95037 95034 80633d 95034->94999 95039 806346 95035->95039 95041 7c182c 95035->95041 95036 7c1940 9 API calls 95038 7c13b6 95036->95038 95044 7c17d4 95037->95044 95038->95035 95040 7c13ec 95038->95040 95247 82359c 82 API calls __wsopen_s 95039->95247 95040->95039 95064 7c1408 __fread_nolock 95040->95064 95243 7baceb 23 API calls messages 95041->95243 95242 7d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95044->95242 95045 7c1839 95244 7cd217 185 API calls 95045->95244 95048 80636e 95248 82359c 82 API calls __wsopen_s 95048->95248 95049 7c152f 95051 7c153c 95049->95051 95052 8063d1 95049->95052 95054 7c1940 9 API calls 95051->95054 95250 835745 54 API calls _wcslen 95052->95250 95055 7c1549 95054->95055 95059 8064fa 95055->95059 95061 7c1940 9 API calls 95055->95061 95056 7cfddb 22 API calls 95056->95064 95057 7c1872 95245 7cfaeb 23 API calls 95057->95245 95058 7cfe0b 22 API calls 95058->95064 95068 806369 95059->95068 95252 82359c 82 API calls __wsopen_s 95059->95252 95066 7c1563 95061->95066 95063 7bec40 185 API calls 95063->95064 95064->95045 95064->95048 95064->95049 95064->95056 95064->95058 95064->95063 95065 8063b2 95064->95065 95064->95068 95249 82359c 82 API calls __wsopen_s 95065->95249 95066->95059 95071 7c15c7 messages 95066->95071 95251 7ba8c7 22 API calls __fread_nolock 95066->95251 95068->94999 95070 7c1940 9 API calls 95070->95071 95071->95057 95071->95059 95071->95068 95071->95070 95073 7c167b messages 95071->95073 95227 83a2ea 95071->95227 95232 825c5a 95071->95232 95237 83ac5b 95071->95237 95072 7c171d 95072->94999 95073->95072 95240 7cce17 22 API calls messages 95073->95240 95078->94999 95321 7badf0 95079->95321 95081 7bbf9d 95082 7bbfa9 95081->95082 95083 8004b6 95081->95083 95085 7bc01e 95082->95085 95086 8004c6 95082->95086 95340 82359c 82 API calls __wsopen_s 95083->95340 95326 7bac91 95085->95326 95341 82359c 82 API calls __wsopen_s 95086->95341 95090 817120 22 API calls 95124 7bc039 __fread_nolock messages 95090->95124 95091 7bc7da 95094 7cfe0b 22 API calls 95091->95094 95099 7bc808 __fread_nolock 95094->95099 95096 8004f5 95100 80055a 95096->95100 95342 7cd217 185 API calls 95096->95342 95103 7cfe0b 22 API calls 95099->95103 95136 7bc603 95100->95136 95343 82359c 82 API calls __wsopen_s 95100->95343 95101 7bec40 185 API calls 95101->95124 95102 7cfddb 22 API calls 95102->95124 95121 7bc350 __fread_nolock messages 95103->95121 95104 7baf8a 22 API calls 95104->95124 95105 80091a 95353 823209 23 API calls 95105->95353 95108 8008a5 95109 7bec40 185 API calls 95108->95109 95110 8008cf 95109->95110 95110->95136 95351 7ba81b 41 API calls 95110->95351 95112 800591 95344 82359c 82 API calls __wsopen_s 95112->95344 95116 8008f6 95352 82359c 82 API calls __wsopen_s 95116->95352 95118 7bbbe0 40 API calls 95118->95124 95119 7bc3ac 95119->94999 95121->95119 95339 7cce17 22 API calls messages 95121->95339 95122 7bc237 95123 7bc253 95122->95123 95354 7ba8c7 22 API calls __fread_nolock 95122->95354 95127 800976 95123->95127 95130 7bc297 messages 95123->95130 95124->95090 95124->95091 95124->95096 95124->95099 95124->95100 95124->95101 95124->95102 95124->95104 95124->95105 95124->95108 95124->95112 95124->95116 95124->95118 95124->95122 95126 7cfe0b 22 API calls 95124->95126 95132 8009bf 95124->95132 95124->95136 95330 7bad81 95124->95330 95345 817099 22 API calls __fread_nolock 95124->95345 95346 835745 54 API calls _wcslen 95124->95346 95347 7caa42 22 API calls messages 95124->95347 95348 81f05c 40 API calls 95124->95348 95349 7ba993 41 API calls 95124->95349 95350 7baceb 23 API calls messages 95124->95350 95126->95124 95355 7baceb 23 API calls messages 95127->95355 95130->95132 95337 7baceb 23 API calls messages 95130->95337 95132->95136 95356 82359c 82 API calls __wsopen_s 95132->95356 95133 7bc335 95133->95132 95134 7bc342 95133->95134 95338 7ba704 22 API calls messages 95134->95338 95136->94999 95137->94999 95138->94999 95139->94999 95161 7bec76 messages 95140->95161 95141 7d00a3 29 API calls pre_c_initialization 95141->95161 95142 7bfef7 95157 7bed9d messages 95142->95157 95369 7ba8c7 22 API calls __fread_nolock 95142->95369 95144 7cfddb 22 API calls 95144->95161 95146 804b0b 95371 82359c 82 API calls __wsopen_s 95146->95371 95147 804600 95147->95157 95368 7ba8c7 22 API calls __fread_nolock 95147->95368 95151 7ba8c7 22 API calls 95151->95161 95154 7d0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95154->95161 95155 7bfbe3 95155->95157 95158 804bdc 95155->95158 95163 7bf3ae messages 95155->95163 95156 7ba961 22 API calls 95156->95161 95157->94999 95372 82359c 82 API calls __wsopen_s 95158->95372 95160 804beb 95373 82359c 82 API calls __wsopen_s 95160->95373 95161->95141 95161->95142 95161->95144 95161->95146 95161->95147 95161->95151 95161->95154 95161->95155 95161->95156 95161->95157 95161->95160 95162 7d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95161->95162 95161->95163 95366 7c01e0 185 API calls 2 library calls 95161->95366 95367 7c06a0 41 API calls messages 95161->95367 95162->95161 95163->95157 95370 82359c 82 API calls __wsopen_s 95163->95370 95164->94999 95165->95007 95166->95007 95374 81def7 95167->95374 95169 81d522 95170 81d529 Process32NextW 95169->95170 95171 81d5db FindCloseChangeNotification 95169->95171 95172 7ba961 22 API calls 95169->95172 95173 7b9cb3 22 API calls 95169->95173 95380 7b525f 22 API calls 95169->95380 95381 7b6350 22 API calls 95169->95381 95382 7cce60 41 API calls 95169->95382 95170->95169 95170->95171 95171->95007 95172->95169 95173->95169 95178 7bec40 185 API calls 95177->95178 95199 7bd29d 95178->95199 95179 801bc4 95216 82359c 82 API calls __wsopen_s 95179->95216 95181 7bd30b messages 95181->95021 95182 7bd3c3 95184 7bd3ce 95182->95184 95185 7bd6d5 95182->95185 95183 7bd5ff 95186 801bb5 95183->95186 95187 7bd614 95183->95187 95189 7cfddb 22 API calls 95184->95189 95185->95181 95194 7cfe0b 22 API calls 95185->95194 95215 835705 23 API calls 95186->95215 95192 7cfddb 22 API calls 95187->95192 95188 7bd4b8 95195 7cfe0b 22 API calls 95188->95195 95190 7bd3d5 __fread_nolock 95189->95190 95197 7cfddb 22 API calls 95190->95197 95198 7bd3f6 95190->95198 95202 7bd46a 95192->95202 95193 7cfddb 22 API calls 95193->95199 95194->95190 95196 7bd429 __fread_nolock messages 95195->95196 95196->95183 95201 801ba4 95196->95201 95196->95202 95205 801b7f 95196->95205 95207 801b5d 95196->95207 95211 7b1f6f 185 API calls 95196->95211 95197->95198 95198->95196 95210 7bbec0 185 API calls 95198->95210 95199->95179 95199->95181 95199->95182 95199->95185 95199->95188 95199->95193 95199->95196 95214 82359c 82 API calls __wsopen_s 95201->95214 95202->95021 95213 82359c 82 API calls __wsopen_s 95205->95213 95212 82359c 82 API calls __wsopen_s 95207->95212 95209->95023 95210->95196 95211->95196 95212->95202 95213->95202 95214->95202 95215->95179 95216->95181 95218 7c1981 95217->95218 95224 7c195d 95217->95224 95253 7d0242 5 API calls __Init_thread_wait 95218->95253 95220 7c198b 95220->95224 95254 7d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95220->95254 95222 7c8727 95226 7c13a0 95222->95226 95256 7d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95222->95256 95224->95226 95255 7d0242 5 API calls __Init_thread_wait 95224->95255 95226->95036 95257 7b7510 95227->95257 95230 81d4dc 47 API calls 95231 83a315 95230->95231 95231->95071 95233 7b7510 53 API calls 95232->95233 95234 825c6d 95233->95234 95284 81dbbe lstrlenW 95234->95284 95236 825c77 95236->95071 95289 83ad64 95237->95289 95239 83ac6f 95239->95071 95240->95073 95241->95032 95242->95035 95243->95045 95244->95057 95245->95057 95246->95034 95247->95068 95248->95068 95249->95068 95250->95066 95251->95071 95252->95068 95253->95220 95254->95224 95255->95222 95256->95226 95258 7b7522 95257->95258 95259 7b7525 95257->95259 95258->95230 95260 7b755b 95259->95260 95261 7b752d 95259->95261 95263 7f50f6 95260->95263 95266 7b756d 95260->95266 95271 7f500f 95260->95271 95280 7d51c6 26 API calls 95261->95280 95283 7d5183 26 API calls 95263->95283 95264 7b753d 95270 7cfddb 22 API calls 95264->95270 95281 7cfb21 51 API calls 95266->95281 95267 7f510e 95267->95267 95272 7b7547 95270->95272 95274 7cfe0b 22 API calls 95271->95274 95279 7f5088 95271->95279 95273 7b9cb3 22 API calls 95272->95273 95273->95258 95275 7f5058 95274->95275 95276 7cfddb 22 API calls 95275->95276 95277 7f507f 95276->95277 95278 7b9cb3 22 API calls 95277->95278 95278->95279 95282 7cfb21 51 API calls 95279->95282 95280->95264 95281->95264 95282->95263 95283->95267 95285 81dc06 95284->95285 95286 81dbdc GetFileAttributesW 95284->95286 95285->95236 95286->95285 95287 81dbe8 FindFirstFileW 95286->95287 95287->95285 95288 81dbf9 FindClose 95287->95288 95288->95285 95290 7ba961 22 API calls 95289->95290 95292 83ad77 ___scrt_fastfail 95290->95292 95291 83adce 95293 83adee 95291->95293 95295 7b7510 53 API calls 95291->95295 95292->95291 95294 7b7510 53 API calls 95292->95294 95296 83ae3a 95293->95296 95299 7b7510 53 API calls 95293->95299 95297 83adab 95294->95297 95298 83ade4 95295->95298 95302 83ae4d ___scrt_fastfail 95296->95302 95320 7bb567 39 API calls 95296->95320 95297->95291 95300 7b7510 53 API calls 95297->95300 95318 7b7620 22 API calls _wcslen 95298->95318 95308 83ae04 95299->95308 95303 83adc4 95300->95303 95306 7b7510 53 API calls 95302->95306 95317 7b7620 22 API calls _wcslen 95303->95317 95307 83ae85 ShellExecuteExW 95306->95307 95313 83aeb0 95307->95313 95308->95296 95309 7b7510 53 API calls 95308->95309 95310 83ae28 95309->95310 95310->95296 95319 7ba8c7 22 API calls __fread_nolock 95310->95319 95312 83aec8 95312->95239 95313->95312 95314 83af35 GetProcessId 95313->95314 95315 83af48 95314->95315 95316 83af58 CloseHandle 95315->95316 95316->95312 95317->95291 95318->95293 95319->95296 95320->95302 95322 7bae01 95321->95322 95325 7bae1c messages 95321->95325 95323 7baec9 22 API calls 95322->95323 95324 7bae09 CharUpperBuffW 95323->95324 95324->95325 95325->95081 95327 7bacae 95326->95327 95329 7bacd1 95327->95329 95357 82359c 82 API calls __wsopen_s 95327->95357 95329->95124 95331 7ffadb 95330->95331 95332 7bad92 95330->95332 95333 7cfddb 22 API calls 95332->95333 95334 7bad99 95333->95334 95358 7badcd 95334->95358 95337->95133 95338->95121 95339->95121 95340->95086 95341->95136 95342->95100 95343->95136 95344->95136 95345->95124 95346->95124 95347->95124 95348->95124 95349->95124 95350->95124 95351->95116 95352->95136 95353->95122 95354->95123 95355->95132 95356->95136 95357->95329 95364 7baddd 95358->95364 95359 7badb6 95359->95124 95360 7cfddb 22 API calls 95360->95364 95361 7ba961 22 API calls 95361->95364 95362 7badcd 22 API calls 95362->95364 95364->95359 95364->95360 95364->95361 95364->95362 95365 7ba8c7 22 API calls __fread_nolock 95364->95365 95365->95364 95366->95161 95367->95161 95368->95157 95369->95157 95370->95157 95371->95157 95372->95160 95373->95157 95375 81df02 95374->95375 95376 81df19 95375->95376 95379 81df1f 95375->95379 95383 7d63b2 GetStringTypeW _strftime 95375->95383 95384 7d62fb 39 API calls 95376->95384 95379->95169 95380->95169 95381->95169 95382->95169 95383->95375 95384->95379 95385 7b1098 95390 7b42de 95385->95390 95389 7b10a7 95391 7ba961 22 API calls 95390->95391 95392 7b42f5 GetVersionExW 95391->95392 95393 7b6b57 22 API calls 95392->95393 95394 7b4342 95393->95394 95395 7b93b2 22 API calls 95394->95395 95404 7b4378 95394->95404 95396 7b436c 95395->95396 95398 7b37a0 22 API calls 95396->95398 95397 7b441b GetCurrentProcess IsWow64Process 95399 7b4437 95397->95399 95398->95404 95400 7b444f LoadLibraryA 95399->95400 95401 7f3824 GetSystemInfo 95399->95401 95402 7b449c GetSystemInfo 95400->95402 95403 7b4460 GetProcAddress 95400->95403 95407 7b4476 95402->95407 95403->95402 95406 7b4470 GetNativeSystemInfo 95403->95406 95404->95397 95405 7f37df 95404->95405 95406->95407 95408 7b447a FreeLibrary 95407->95408 95409 7b109d 95407->95409 95408->95409 95410 7d00a3 29 API calls __onexit 95409->95410 95410->95389 95411 7bf7bf 95412 7bf7d3 95411->95412 95413 7bfcb6 95411->95413 95415 7bfcc2 95412->95415 95416 7cfddb 22 API calls 95412->95416 95448 7baceb 23 API calls messages 95413->95448 95449 7baceb 23 API calls messages 95415->95449 95418 7bf7e5 95416->95418 95418->95415 95419 7bfd3d 95418->95419 95420 7bf83e 95418->95420 95450 821155 22 API calls 95419->95450 95422 7c1310 185 API calls 95420->95422 95436 7bed9d messages 95420->95436 95428 7bec76 messages 95422->95428 95423 804beb 95456 82359c 82 API calls __wsopen_s 95423->95456 95424 7bfef7 95424->95436 95452 7ba8c7 22 API calls __fread_nolock 95424->95452 95426 7cfddb 22 API calls 95426->95428 95428->95423 95428->95424 95428->95426 95429 804b0b 95428->95429 95430 7bf3ae messages 95428->95430 95431 804600 95428->95431 95428->95436 95437 7ba8c7 22 API calls 95428->95437 95439 7bfbe3 95428->95439 95440 7ba961 22 API calls 95428->95440 95442 7d0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95428->95442 95444 7d00a3 29 API calls pre_c_initialization 95428->95444 95445 7d01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95428->95445 95446 7c01e0 185 API calls 2 library calls 95428->95446 95447 7c06a0 41 API calls messages 95428->95447 95454 82359c 82 API calls __wsopen_s 95429->95454 95430->95436 95453 82359c 82 API calls __wsopen_s 95430->95453 95431->95436 95451 7ba8c7 22 API calls __fread_nolock 95431->95451 95437->95428 95439->95430 95439->95436 95441 804bdc 95439->95441 95440->95428 95455 82359c 82 API calls __wsopen_s 95441->95455 95442->95428 95444->95428 95445->95428 95446->95428 95447->95428 95448->95415 95449->95419 95450->95436 95451->95436 95452->95436 95453->95436 95454->95436 95455->95423 95456->95436 95457 7d03fb 95458 7d0407 ___DestructExceptionObject 95457->95458 95486 7cfeb1 95458->95486 95460 7d040e 95461 7d0561 95460->95461 95464 7d0438 95460->95464 95516 7d083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95461->95516 95463 7d0568 95509 7d4e52 95463->95509 95475 7d0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95464->95475 95497 7e247d 95464->95497 95471 7d0457 95473 7d04d8 95505 7d0959 95473->95505 95475->95473 95512 7d4e1a 38 API calls 3 library calls 95475->95512 95477 7d04de 95478 7d04f3 95477->95478 95513 7d0992 GetModuleHandleW 95478->95513 95480 7d04fa 95480->95463 95481 7d04fe 95480->95481 95482 7d0507 95481->95482 95514 7d4df5 28 API calls _abort 95481->95514 95515 7d0040 13 API calls 2 library calls 95482->95515 95485 7d050f 95485->95471 95487 7cfeba 95486->95487 95518 7d0698 IsProcessorFeaturePresent 95487->95518 95489 7cfec6 95519 7d2c94 10 API calls 3 library calls 95489->95519 95491 7cfecb 95492 7cfecf 95491->95492 95520 7e2317 95491->95520 95492->95460 95495 7cfee6 95495->95460 95498 7e2494 95497->95498 95499 7d0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 95498->95499 95500 7d0451 95499->95500 95500->95471 95501 7e2421 95500->95501 95502 7e2450 95501->95502 95503 7d0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 95502->95503 95504 7e2479 95503->95504 95504->95475 95595 7d2340 95505->95595 95508 7d097f 95508->95477 95597 7d4bcf 95509->95597 95512->95473 95513->95480 95514->95482 95515->95485 95516->95463 95518->95489 95519->95491 95524 7ed1f6 95520->95524 95523 7d2cbd 8 API calls 3 library calls 95523->95492 95527 7ed213 95524->95527 95528 7ed20f 95524->95528 95526 7cfed8 95526->95495 95526->95523 95527->95528 95530 7e4bfb 95527->95530 95542 7d0a8c 95528->95542 95531 7e4c07 ___DestructExceptionObject 95530->95531 95549 7e2f5e EnterCriticalSection 95531->95549 95533 7e4c0e 95550 7e50af 95533->95550 95535 7e4c1d 95536 7e4c2c 95535->95536 95563 7e4a8f 29 API calls 95535->95563 95565 7e4c48 LeaveCriticalSection _abort 95536->95565 95539 7e4c3d __fread_nolock 95539->95527 95540 7e4c27 95564 7e4b45 GetStdHandle GetFileType 95540->95564 95543 7d0a95 95542->95543 95544 7d0a97 IsProcessorFeaturePresent 95542->95544 95543->95526 95546 7d0c5d 95544->95546 95594 7d0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95546->95594 95548 7d0d40 95548->95526 95549->95533 95551 7e50bb ___DestructExceptionObject 95550->95551 95552 7e50df 95551->95552 95553 7e50c8 95551->95553 95566 7e2f5e EnterCriticalSection 95552->95566 95574 7df2d9 20 API calls __dosmaperr 95553->95574 95556 7e50cd 95575 7e27ec 26 API calls pre_c_initialization 95556->95575 95558 7e5117 95576 7e513e LeaveCriticalSection _abort 95558->95576 95559 7e50d7 __fread_nolock 95559->95535 95560 7e50eb 95560->95558 95567 7e5000 95560->95567 95563->95540 95564->95536 95565->95539 95566->95560 95577 7e4c7d 95567->95577 95569 7e501f 95585 7e29c8 95569->95585 95571 7e5012 95571->95569 95584 7e3405 11 API calls 2 library calls 95571->95584 95572 7e5071 95572->95560 95574->95556 95575->95559 95576->95559 95583 7e4c8a pre_c_initialization 95577->95583 95578 7e4cca 95592 7df2d9 20 API calls __dosmaperr 95578->95592 95579 7e4cb5 RtlAllocateHeap 95581 7e4cc8 95579->95581 95579->95583 95581->95571 95583->95578 95583->95579 95591 7d4ead 7 API calls 2 library calls 95583->95591 95584->95571 95586 7e29d3 RtlFreeHeap 95585->95586 95587 7e29fc __dosmaperr 95585->95587 95586->95587 95588 7e29e8 95586->95588 95587->95572 95593 7df2d9 20 API calls __dosmaperr 95588->95593 95590 7e29ee GetLastError 95590->95587 95591->95583 95592->95581 95593->95590 95594->95548 95596 7d096c GetStartupInfoW 95595->95596 95596->95508 95598 7d4bdb FindHandler 95597->95598 95599 7d4bf4 95598->95599 95600 7d4be2 95598->95600 95621 7e2f5e EnterCriticalSection 95599->95621 95636 7d4d29 GetModuleHandleW 95600->95636 95603 7d4be7 95603->95599 95637 7d4d6d GetModuleHandleExW 95603->95637 95604 7d4c99 95625 7d4cd9 95604->95625 95607 7d4c70 95612 7d4c88 95607->95612 95616 7e2421 _abort 5 API calls 95607->95616 95610 7d4cb6 95628 7d4ce8 95610->95628 95611 7d4ce2 95645 7f1d29 5 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 95611->95645 95617 7e2421 _abort 5 API calls 95612->95617 95616->95612 95617->95604 95618 7d4bfb 95618->95604 95618->95607 95622 7e21a8 95618->95622 95621->95618 95646 7e1ee1 95622->95646 95665 7e2fa6 LeaveCriticalSection 95625->95665 95627 7d4cb2 95627->95610 95627->95611 95666 7e360c 95628->95666 95631 7d4d16 95634 7d4d6d _abort 8 API calls 95631->95634 95632 7d4cf6 GetPEB 95632->95631 95633 7d4d06 GetCurrentProcess TerminateProcess 95632->95633 95633->95631 95635 7d4d1e ExitProcess 95634->95635 95636->95603 95638 7d4dba 95637->95638 95639 7d4d97 GetProcAddress 95637->95639 95640 7d4dc9 95638->95640 95641 7d4dc0 FreeLibrary 95638->95641 95643 7d4dac 95639->95643 95642 7d0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 95640->95642 95641->95640 95644 7d4bf3 95642->95644 95643->95638 95644->95599 95649 7e1e90 95646->95649 95648 7e1f05 95648->95607 95650 7e1e9c ___DestructExceptionObject 95649->95650 95657 7e2f5e EnterCriticalSection 95650->95657 95652 7e1eaa 95658 7e1f31 95652->95658 95656 7e1ec8 __fread_nolock 95656->95648 95657->95652 95659 7e1f59 95658->95659 95660 7e1f51 95658->95660 95659->95660 95663 7e29c8 _free 20 API calls 95659->95663 95661 7d0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 95660->95661 95662 7e1eb7 95661->95662 95664 7e1ed5 LeaveCriticalSection _abort 95662->95664 95663->95660 95664->95656 95665->95627 95667 7e3627 95666->95667 95668 7e3631 95666->95668 95670 7d0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 95667->95670 95673 7e2fd7 5 API calls 2 library calls 95668->95673 95672 7d4cf2 95670->95672 95671 7e3648 95671->95667 95672->95631 95672->95632 95673->95671 95674 7b1033 95679 7b4c91 95674->95679 95678 7b1042 95680 7ba961 22 API calls 95679->95680 95681 7b4cff 95680->95681 95687 7b3af0 95681->95687 95683 7b4d9c 95685 7b1038 95683->95685 95690 7b51f7 22 API calls __fread_nolock 95683->95690 95686 7d00a3 29 API calls __onexit 95685->95686 95686->95678 95691 7b3b1c 95687->95691 95690->95683 95692 7b3b0f 95691->95692 95693 7b3b29 95691->95693 95692->95683 95693->95692 95694 7b3b30 RegOpenKeyExW 95693->95694 95694->95692 95695 7b3b4a RegQueryValueExW 95694->95695 95696 7b3b6b 95695->95696 95697 7b3b80 RegCloseKey 95695->95697 95696->95697 95697->95692 95698 7b2e37 95699 7ba961 22 API calls 95698->95699 95700 7b2e4d 95699->95700 95777 7b4ae3 95700->95777 95702 7b2e6b 95703 7b3a5a 24 API calls 95702->95703 95704 7b2e7f 95703->95704 95705 7b9cb3 22 API calls 95704->95705 95706 7b2e8c 95705->95706 95791 7b4ecb 95706->95791 95709 7b2ead 95813 7ba8c7 22 API calls __fread_nolock 95709->95813 95710 7f2cb0 95831 822cf9 95710->95831 95712 7f2cc3 95713 7f2ccf 95712->95713 95857 7b4f39 95712->95857 95719 7b4f39 68 API calls 95713->95719 95716 7b2ec3 95814 7b6f88 22 API calls 95716->95814 95718 7b2ecf 95720 7b9cb3 22 API calls 95718->95720 95721 7f2ce5 95719->95721 95722 7b2edc 95720->95722 95863 7b3084 22 API calls 95721->95863 95815 7ba81b 41 API calls 95722->95815 95724 7b2eec 95727 7b9cb3 22 API calls 95724->95727 95726 7f2d02 95864 7b3084 22 API calls 95726->95864 95729 7b2f12 95727->95729 95816 7ba81b 41 API calls 95729->95816 95730 7f2d1e 95732 7b3a5a 24 API calls 95730->95732 95734 7f2d44 95732->95734 95733 7b2f21 95737 7ba961 22 API calls 95733->95737 95865 7b3084 22 API calls 95734->95865 95736 7f2d50 95866 7ba8c7 22 API calls __fread_nolock 95736->95866 95738 7b2f3f 95737->95738 95817 7b3084 22 API calls 95738->95817 95741 7f2d5e 95867 7b3084 22 API calls 95741->95867 95742 7b2f4b 95818 7d4a28 40 API calls 3 library calls 95742->95818 95745 7f2d6d 95868 7ba8c7 22 API calls __fread_nolock 95745->95868 95746 7b2f59 95746->95721 95747 7b2f63 95746->95747 95819 7d4a28 40 API calls 3 library calls 95747->95819 95750 7f2d83 95869 7b3084 22 API calls 95750->95869 95751 7b2f6e 95751->95726 95753 7b2f78 95751->95753 95820 7d4a28 40 API calls 3 library calls 95753->95820 95754 7f2d90 95756 7b2f83 95756->95730 95757 7b2f8d 95756->95757 95821 7d4a28 40 API calls 3 library calls 95757->95821 95759 7b2f98 95760 7b2fdc 95759->95760 95822 7b3084 22 API calls 95759->95822 95760->95745 95761 7b2fe8 95760->95761 95761->95754 95825 7b63eb 22 API calls 95761->95825 95763 7b2fbf 95823 7ba8c7 22 API calls __fread_nolock 95763->95823 95766 7b2ff8 95826 7b6a50 22 API calls 95766->95826 95767 7b2fcd 95824 7b3084 22 API calls 95767->95824 95770 7b3006 95827 7b70b0 23 API calls 95770->95827 95774 7b3021 95775 7b3065 95774->95775 95828 7b6f88 22 API calls 95774->95828 95829 7b70b0 23 API calls 95774->95829 95830 7b3084 22 API calls 95774->95830 95778 7b4af0 __wsopen_s 95777->95778 95779 7b6b57 22 API calls 95778->95779 95780 7b4b22 95778->95780 95779->95780 95786 7b4b58 95780->95786 95870 7b4c6d 95780->95870 95782 7b4c29 95783 7b9cb3 22 API calls 95782->95783 95790 7b4c5e 95782->95790 95785 7b4c52 95783->95785 95784 7b9cb3 22 API calls 95784->95786 95787 7b515f 22 API calls 95785->95787 95786->95782 95786->95784 95788 7b4c6d 22 API calls 95786->95788 95789 7b515f 22 API calls 95786->95789 95787->95790 95788->95786 95789->95786 95790->95702 95873 7b4e90 LoadLibraryA 95791->95873 95796 7f3ccf 95798 7b4f39 68 API calls 95796->95798 95797 7b4ef6 LoadLibraryExW 95881 7b4e59 LoadLibraryA 95797->95881 95800 7f3cd6 95798->95800 95802 7b4e59 3 API calls 95800->95802 95804 7f3cde 95802->95804 95903 7b50f5 95804->95903 95805 7b4f20 95805->95804 95806 7b4f2c 95805->95806 95808 7b4f39 68 API calls 95806->95808 95810 7b2ea5 95808->95810 95810->95709 95810->95710 95812 7f3d05 95813->95716 95814->95718 95815->95724 95816->95733 95817->95742 95818->95746 95819->95751 95820->95756 95821->95759 95822->95763 95823->95767 95824->95760 95825->95766 95826->95770 95827->95774 95828->95774 95829->95774 95830->95774 95832 822d15 95831->95832 95833 7b511f 64 API calls 95832->95833 95834 822d29 95833->95834 96034 822e66 95834->96034 95837 822d3f 95837->95712 95838 7b50f5 40 API calls 95839 822d56 95838->95839 95840 7b50f5 40 API calls 95839->95840 95841 822d66 95840->95841 95842 7b50f5 40 API calls 95841->95842 95843 822d81 95842->95843 95844 7b50f5 40 API calls 95843->95844 95845 822d9c 95844->95845 95846 7b511f 64 API calls 95845->95846 95847 822db3 95846->95847 95848 7dea0c ___std_exception_copy 21 API calls 95847->95848 95849 822dba 95848->95849 95850 7dea0c ___std_exception_copy 21 API calls 95849->95850 95851 822dc4 95850->95851 95852 7b50f5 40 API calls 95851->95852 95853 822dd8 95852->95853 95854 8228fe 27 API calls 95853->95854 95855 822dee 95854->95855 95855->95837 96040 8222ce 79 API calls 95855->96040 95858 7b4f43 95857->95858 95860 7b4f4a 95857->95860 96041 7de678 95858->96041 95861 7b4f6a FreeLibrary 95860->95861 95862 7b4f59 95860->95862 95861->95862 95862->95713 95863->95726 95864->95730 95865->95736 95866->95741 95867->95745 95868->95750 95869->95754 95871 7baec9 22 API calls 95870->95871 95872 7b4c78 95871->95872 95872->95780 95874 7b4ea8 GetProcAddress 95873->95874 95875 7b4ec6 95873->95875 95876 7b4eb8 95874->95876 95878 7de5eb 95875->95878 95876->95875 95877 7b4ebf FreeLibrary 95876->95877 95877->95875 95911 7de52a 95878->95911 95880 7b4eea 95880->95796 95880->95797 95882 7b4e6e GetProcAddress 95881->95882 95883 7b4e8d 95881->95883 95884 7b4e7e 95882->95884 95886 7b4f80 95883->95886 95884->95883 95885 7b4e86 FreeLibrary 95884->95885 95885->95883 95887 7cfe0b 22 API calls 95886->95887 95888 7b4f95 95887->95888 95889 7b5722 22 API calls 95888->95889 95890 7b4fa1 __fread_nolock 95889->95890 95891 7f3d1d 95890->95891 95892 7b50a5 95890->95892 95902 7b4fdc 95890->95902 95974 82304d 74 API calls 95891->95974 95963 7b42a2 CreateStreamOnHGlobal 95892->95963 95895 7f3d22 95897 7b511f 64 API calls 95895->95897 95896 7b50f5 40 API calls 95896->95902 95898 7f3d45 95897->95898 95899 7b50f5 40 API calls 95898->95899 95901 7b506e messages 95899->95901 95901->95805 95902->95895 95902->95896 95902->95901 95969 7b511f 95902->95969 95904 7b5107 95903->95904 95907 7f3d70 95903->95907 95996 7de8c4 95904->95996 95908 8228fe 96017 82274e 95908->96017 95910 822919 95910->95812 95912 7de536 ___DestructExceptionObject 95911->95912 95913 7de544 95912->95913 95916 7de574 95912->95916 95936 7df2d9 20 API calls __dosmaperr 95913->95936 95915 7de549 95937 7e27ec 26 API calls pre_c_initialization 95915->95937 95918 7de579 95916->95918 95919 7de586 95916->95919 95938 7df2d9 20 API calls __dosmaperr 95918->95938 95928 7e8061 95919->95928 95922 7de58f 95923 7de595 95922->95923 95924 7de5a2 95922->95924 95939 7df2d9 20 API calls __dosmaperr 95923->95939 95940 7de5d4 LeaveCriticalSection __fread_nolock 95924->95940 95926 7de554 __fread_nolock 95926->95880 95929 7e806d ___DestructExceptionObject 95928->95929 95941 7e2f5e EnterCriticalSection 95929->95941 95931 7e807b 95942 7e80fb 95931->95942 95935 7e80ac __fread_nolock 95935->95922 95936->95915 95937->95926 95938->95926 95939->95926 95940->95926 95941->95931 95945 7e811e 95942->95945 95943 7e8177 95944 7e4c7d pre_c_initialization 20 API calls 95943->95944 95946 7e8180 95944->95946 95945->95943 95951 7e8088 95945->95951 95958 7d918d EnterCriticalSection 95945->95958 95959 7d91a1 LeaveCriticalSection 95945->95959 95948 7e29c8 _free 20 API calls 95946->95948 95949 7e8189 95948->95949 95949->95951 95960 7e3405 11 API calls 2 library calls 95949->95960 95955 7e80b7 95951->95955 95952 7e81a8 95961 7d918d EnterCriticalSection 95952->95961 95962 7e2fa6 LeaveCriticalSection 95955->95962 95957 7e80be 95957->95935 95958->95945 95959->95945 95960->95952 95961->95951 95962->95957 95964 7b42bc FindResourceExW 95963->95964 95968 7b42d9 95963->95968 95965 7f35ba LoadResource 95964->95965 95964->95968 95966 7f35cf SizeofResource 95965->95966 95965->95968 95967 7f35e3 LockResource 95966->95967 95966->95968 95967->95968 95968->95902 95970 7b512e 95969->95970 95971 7f3d90 95969->95971 95975 7dece3 95970->95975 95974->95895 95978 7deaaa 95975->95978 95977 7b513c 95977->95902 95981 7deab6 ___DestructExceptionObject 95978->95981 95979 7deac2 95991 7df2d9 20 API calls __dosmaperr 95979->95991 95981->95979 95982 7deae8 95981->95982 95993 7d918d EnterCriticalSection 95982->95993 95984 7deac7 95992 7e27ec 26 API calls pre_c_initialization 95984->95992 95985 7deaf4 95994 7dec0a 62 API calls 2 library calls 95985->95994 95988 7deb08 95995 7deb27 LeaveCriticalSection __fread_nolock 95988->95995 95990 7dead2 __fread_nolock 95990->95977 95991->95984 95992->95990 95993->95985 95994->95988 95995->95990 95999 7de8e1 95996->95999 95998 7b5118 95998->95908 96000 7de8ed ___DestructExceptionObject 95999->96000 96001 7de92d 96000->96001 96002 7de900 ___scrt_fastfail 96000->96002 96003 7de925 __fread_nolock 96000->96003 96014 7d918d EnterCriticalSection 96001->96014 96012 7df2d9 20 API calls __dosmaperr 96002->96012 96003->95998 96006 7de937 96015 7de6f8 38 API calls 4 library calls 96006->96015 96008 7de91a 96013 7e27ec 26 API calls pre_c_initialization 96008->96013 96009 7de94e 96016 7de96c LeaveCriticalSection __fread_nolock 96009->96016 96012->96008 96013->96003 96014->96006 96015->96009 96016->96003 96020 7de4e8 96017->96020 96019 82275d 96019->95910 96023 7de469 96020->96023 96022 7de505 96022->96019 96024 7de48c 96023->96024 96025 7de478 96023->96025 96029 7de488 __alldvrm 96024->96029 96033 7e333f 11 API calls 2 library calls 96024->96033 96031 7df2d9 20 API calls __dosmaperr 96025->96031 96028 7de47d 96032 7e27ec 26 API calls pre_c_initialization 96028->96032 96029->96022 96031->96028 96032->96029 96033->96029 96035 822e7a 96034->96035 96036 7b50f5 40 API calls 96035->96036 96037 822d3b 96035->96037 96038 8228fe 27 API calls 96035->96038 96039 7b511f 64 API calls 96035->96039 96036->96035 96037->95837 96037->95838 96038->96035 96039->96035 96040->95837 96042 7de684 ___DestructExceptionObject 96041->96042 96043 7de6aa 96042->96043 96044 7de695 96042->96044 96045 7de6a5 __fread_nolock 96043->96045 96054 7d918d EnterCriticalSection 96043->96054 96071 7df2d9 20 API calls __dosmaperr 96044->96071 96045->95860 96048 7de69a 96072 7e27ec 26 API calls pre_c_initialization 96048->96072 96049 7de6c6 96055 7de602 96049->96055 96052 7de6d1 96073 7de6ee LeaveCriticalSection __fread_nolock 96052->96073 96054->96049 96056 7de60f 96055->96056 96058 7de624 96055->96058 96106 7df2d9 20 API calls __dosmaperr 96056->96106 96063 7de61f 96058->96063 96074 7ddc0b 96058->96074 96059 7de614 96107 7e27ec 26 API calls pre_c_initialization 96059->96107 96063->96052 96067 7de646 96091 7e862f 96067->96091 96070 7e29c8 _free 20 API calls 96070->96063 96071->96048 96072->96045 96073->96045 96075 7ddc23 96074->96075 96079 7ddc1f 96074->96079 96076 7dd955 __fread_nolock 26 API calls 96075->96076 96075->96079 96077 7ddc43 96076->96077 96108 7e59be 62 API calls 5 library calls 96077->96108 96080 7e4d7a 96079->96080 96081 7de640 96080->96081 96082 7e4d90 96080->96082 96084 7dd955 96081->96084 96082->96081 96083 7e29c8 _free 20 API calls 96082->96083 96083->96081 96085 7dd976 96084->96085 96086 7dd961 96084->96086 96085->96067 96109 7df2d9 20 API calls __dosmaperr 96086->96109 96088 7dd966 96110 7e27ec 26 API calls pre_c_initialization 96088->96110 96090 7dd971 96090->96067 96092 7e863e 96091->96092 96093 7e8653 96091->96093 96114 7df2c6 20 API calls __dosmaperr 96092->96114 96095 7e868e 96093->96095 96100 7e867a 96093->96100 96116 7df2c6 20 API calls __dosmaperr 96095->96116 96096 7e8643 96115 7df2d9 20 API calls __dosmaperr 96096->96115 96098 7e8693 96117 7df2d9 20 API calls __dosmaperr 96098->96117 96111 7e8607 96100->96111 96103 7e869b 96118 7e27ec 26 API calls pre_c_initialization 96103->96118 96104 7de64c 96104->96063 96104->96070 96106->96059 96107->96063 96108->96079 96109->96088 96110->96090 96119 7e8585 96111->96119 96113 7e862b 96113->96104 96114->96096 96115->96104 96116->96098 96117->96103 96118->96104 96120 7e8591 ___DestructExceptionObject 96119->96120 96130 7e5147 EnterCriticalSection 96120->96130 96122 7e859f 96123 7e85c6 96122->96123 96124 7e85d1 96122->96124 96131 7e86ae 96123->96131 96146 7df2d9 20 API calls __dosmaperr 96124->96146 96127 7e85cc 96147 7e85fb LeaveCriticalSection __wsopen_s 96127->96147 96129 7e85ee __fread_nolock 96129->96113 96130->96122 96148 7e53c4 96131->96148 96133 7e86c4 96161 7e5333 21 API calls 2 library calls 96133->96161 96134 7e86be 96134->96133 96136 7e86f6 96134->96136 96139 7e53c4 __wsopen_s 26 API calls 96134->96139 96136->96133 96137 7e53c4 __wsopen_s 26 API calls 96136->96137 96140 7e8702 FindCloseChangeNotification 96137->96140 96138 7e871c 96141 7e873e 96138->96141 96162 7df2a3 20 API calls __dosmaperr 96138->96162 96142 7e86ed 96139->96142 96140->96133 96144 7e870e GetLastError 96140->96144 96141->96127 96143 7e53c4 __wsopen_s 26 API calls 96142->96143 96143->96136 96144->96133 96146->96127 96147->96129 96149 7e53e6 96148->96149 96150 7e53d1 96148->96150 96156 7e540b 96149->96156 96165 7df2c6 20 API calls __dosmaperr 96149->96165 96163 7df2c6 20 API calls __dosmaperr 96150->96163 96153 7e53d6 96164 7df2d9 20 API calls __dosmaperr 96153->96164 96154 7e5416 96166 7df2d9 20 API calls __dosmaperr 96154->96166 96156->96134 96158 7e53de 96158->96134 96159 7e541e 96167 7e27ec 26 API calls pre_c_initialization 96159->96167 96161->96138 96162->96141 96163->96153 96164->96158 96165->96154 96166->96159 96167->96158 96168 7b3156 96171 7b3170 96168->96171 96172 7b3187 96171->96172 96173 7b31eb 96172->96173 96174 7b318c 96172->96174 96215 7b31e9 96172->96215 96178 7f2dfb 96173->96178 96179 7b31f1 96173->96179 96175 7b3199 96174->96175 96176 7b3265 PostQuitMessage 96174->96176 96181 7f2e7c 96175->96181 96182 7b31a4 96175->96182 96211 7b316a 96176->96211 96177 7b31d0 DefWindowProcW 96177->96211 96223 7b18e2 10 API calls 96178->96223 96183 7b31f8 96179->96183 96184 7b321d SetTimer RegisterWindowMessageW 96179->96184 96237 81bf30 34 API calls ___scrt_fastfail 96181->96237 96188 7b31ae 96182->96188 96189 7f2e68 96182->96189 96185 7f2d9c 96183->96185 96186 7b3201 KillTimer 96183->96186 96190 7b3246 CreatePopupMenu 96184->96190 96184->96211 96198 7f2dd7 MoveWindow 96185->96198 96199 7f2da1 96185->96199 96216 7b30f2 96186->96216 96187 7f2e1c 96224 7ce499 42 API calls 96187->96224 96195 7f2e4d 96188->96195 96196 7b31b9 96188->96196 96236 81c161 27 API calls ___scrt_fastfail 96189->96236 96190->96211 96195->96177 96235 810ad7 22 API calls 96195->96235 96201 7b3253 96196->96201 96209 7b31c4 96196->96209 96197 7f2e8e 96197->96177 96197->96211 96198->96211 96202 7f2da7 96199->96202 96203 7f2dc6 SetFocus 96199->96203 96221 7b326f 44 API calls ___scrt_fastfail 96201->96221 96207 7f2db0 96202->96207 96202->96209 96203->96211 96222 7b18e2 10 API calls 96207->96222 96208 7b3263 96208->96211 96209->96177 96212 7b30f2 Shell_NotifyIconW 96209->96212 96213 7f2e41 96212->96213 96225 7b3837 96213->96225 96215->96177 96217 7b3154 96216->96217 96218 7b3104 ___scrt_fastfail 96216->96218 96220 7b3c50 DeleteObject DestroyWindow 96217->96220 96219 7b3123 Shell_NotifyIconW 96218->96219 96219->96217 96220->96211 96221->96208 96222->96211 96223->96187 96224->96209 96226 7b3862 ___scrt_fastfail 96225->96226 96238 7b4212 96226->96238 96229 7b38e8 96231 7f3386 Shell_NotifyIconW 96229->96231 96232 7b3906 Shell_NotifyIconW 96229->96232 96242 7b3923 96232->96242 96234 7b391c 96234->96215 96235->96215 96236->96208 96237->96197 96239 7f35a4 96238->96239 96240 7b38b7 96238->96240 96239->96240 96241 7f35ad DestroyIcon 96239->96241 96240->96229 96264 81c874 42 API calls _strftime 96240->96264 96241->96240 96243 7b393f 96242->96243 96261 7b3a13 96242->96261 96265 7b6270 96243->96265 96246 7b395a 96248 7b6b57 22 API calls 96246->96248 96247 7f3393 LoadStringW 96249 7f33ad 96247->96249 96250 7b396f 96248->96250 96263 7b3994 ___scrt_fastfail 96249->96263 96271 7ba8c7 22 API calls __fread_nolock 96249->96271 96251 7f33c9 96250->96251 96252 7b397c 96250->96252 96272 7b6350 22 API calls 96251->96272 96252->96249 96254 7b3986 96252->96254 96270 7b6350 22 API calls 96254->96270 96257 7f33d7 96258 7b33c6 22 API calls 96257->96258 96257->96263 96260 7f33f9 96258->96260 96259 7b39f9 Shell_NotifyIconW 96259->96261 96262 7b33c6 22 API calls 96260->96262 96261->96234 96262->96263 96263->96259 96264->96229 96266 7cfe0b 22 API calls 96265->96266 96267 7b6295 96266->96267 96268 7cfddb 22 API calls 96267->96268 96269 7b394d 96268->96269 96269->96246 96269->96247 96270->96263 96271->96263 96272->96257 96273 803f75 96284 7cceb1 96273->96284 96275 803f8b 96277 804006 96275->96277 96293 7ce300 23 API calls 96275->96293 96278 7bbf40 185 API calls 96277->96278 96280 804052 96278->96280 96282 804a88 96280->96282 96295 82359c 82 API calls __wsopen_s 96280->96295 96281 803fe6 96281->96280 96294 821abf 22 API calls 96281->96294 96285 7ccebf 96284->96285 96286 7cced2 96284->96286 96296 7baceb 23 API calls messages 96285->96296 96288 7ccf05 96286->96288 96289 7cced7 96286->96289 96297 7baceb 23 API calls messages 96288->96297 96290 7cfddb 22 API calls 96289->96290 96292 7ccec9 96290->96292 96292->96275 96293->96281 96294->96277 96295->96282 96296->96292 96297->96292 96298 7b1cad SystemParametersInfoW 96299 7b2de3 96300 7b2df0 __wsopen_s 96299->96300 96301 7b2e09 96300->96301 96302 7f2c2b ___scrt_fastfail 96300->96302 96303 7b3aa2 23 API calls 96301->96303 96304 7f2c47 GetOpenFileNameW 96302->96304 96305 7b2e12 96303->96305 96306 7f2c96 96304->96306 96315 7b2da5 96305->96315 96308 7b6b57 22 API calls 96306->96308 96310 7f2cab 96308->96310 96310->96310 96312 7b2e27 96333 7b44a8 96312->96333 96316 7f1f50 __wsopen_s 96315->96316 96317 7b2db2 GetLongPathNameW 96316->96317 96318 7b6b57 22 API calls 96317->96318 96319 7b2dda 96318->96319 96320 7b3598 96319->96320 96321 7ba961 22 API calls 96320->96321 96322 7b35aa 96321->96322 96323 7b3aa2 23 API calls 96322->96323 96324 7b35b5 96323->96324 96325 7f32eb 96324->96325 96326 7b35c0 96324->96326 96330 7f330d 96325->96330 96368 7cce60 41 API calls 96325->96368 96328 7b515f 22 API calls 96326->96328 96329 7b35cc 96328->96329 96362 7b35f3 96329->96362 96332 7b35df 96332->96312 96334 7b4ecb 94 API calls 96333->96334 96335 7b44cd 96334->96335 96336 7f3833 96335->96336 96337 7b4ecb 94 API calls 96335->96337 96338 822cf9 80 API calls 96336->96338 96339 7b44e1 96337->96339 96340 7f3848 96338->96340 96339->96336 96341 7b44e9 96339->96341 96342 7f384c 96340->96342 96343 7f3869 96340->96343 96346 7f3854 96341->96346 96347 7b44f5 96341->96347 96344 7b4f39 68 API calls 96342->96344 96345 7cfe0b 22 API calls 96343->96345 96344->96346 96353 7f38ae 96345->96353 96370 81da5a 82 API calls 96346->96370 96369 7b940c 136 API calls 2 library calls 96347->96369 96350 7f3862 96350->96343 96351 7b2e31 96352 7b4f39 68 API calls 96355 7f3a5f 96352->96355 96353->96355 96359 7b9cb3 22 API calls 96353->96359 96371 81967e 22 API calls __fread_nolock 96353->96371 96372 8195ad 42 API calls _wcslen 96353->96372 96373 820b5a 22 API calls 96353->96373 96374 7ba4a1 22 API calls __fread_nolock 96353->96374 96375 7b3ff7 22 API calls 96353->96375 96355->96352 96376 81989b 82 API calls __wsopen_s 96355->96376 96359->96353 96363 7b3605 96362->96363 96367 7b3624 __fread_nolock 96362->96367 96365 7cfe0b 22 API calls 96363->96365 96364 7cfddb 22 API calls 96366 7b363b 96364->96366 96365->96367 96366->96332 96367->96364 96368->96325 96369->96351 96370->96350 96371->96353 96372->96353 96373->96353 96374->96353 96375->96353 96376->96355 96377 7f2ba5 96378 7f2baf 96377->96378 96379 7b2b25 96377->96379 96381 7b3a5a 24 API calls 96378->96381 96405 7b2b83 7 API calls 96379->96405 96383 7f2bb8 96381->96383 96385 7b9cb3 22 API calls 96383->96385 96387 7f2bc6 96385->96387 96386 7b2b2f 96392 7b3837 49 API calls 96386->96392 96394 7b2b44 96386->96394 96388 7f2bce 96387->96388 96389 7f2bf5 96387->96389 96391 7b33c6 22 API calls 96388->96391 96390 7b33c6 22 API calls 96389->96390 96404 7f2bf1 GetForegroundWindow ShellExecuteW 96390->96404 96393 7f2bd9 96391->96393 96392->96394 96409 7b6350 22 API calls 96393->96409 96395 7b2b5f 96394->96395 96398 7b30f2 Shell_NotifyIconW 96394->96398 96401 7b2b66 SetCurrentDirectoryW 96395->96401 96398->96395 96399 7f2c26 96399->96395 96400 7f2be7 96402 7b33c6 22 API calls 96400->96402 96403 7b2b7a 96401->96403 96402->96404 96404->96399 96410 7b2cd4 7 API calls 96405->96410 96407 7b2b2a 96408 7b2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96407->96408 96408->96386 96409->96400 96410->96407 96411 7e8402 96416 7e81be 96411->96416 96414 7e842a 96421 7e81ef try_get_first_available_module 96416->96421 96418 7e83ee 96435 7e27ec 26 API calls pre_c_initialization 96418->96435 96420 7e8343 96420->96414 96428 7f0984 96420->96428 96421->96421 96424 7e8338 96421->96424 96431 7d8e0b 40 API calls 2 library calls 96421->96431 96423 7e838c 96423->96424 96432 7d8e0b 40 API calls 2 library calls 96423->96432 96424->96420 96434 7df2d9 20 API calls __dosmaperr 96424->96434 96426 7e83ab 96426->96424 96433 7d8e0b 40 API calls 2 library calls 96426->96433 96436 7f0081 96428->96436 96430 7f099f 96430->96414 96431->96423 96432->96426 96433->96424 96434->96418 96435->96420 96438 7f008d ___DestructExceptionObject 96436->96438 96437 7f009b 96493 7df2d9 20 API calls __dosmaperr 96437->96493 96438->96437 96440 7f00d4 96438->96440 96447 7f065b 96440->96447 96441 7f00a0 96494 7e27ec 26 API calls pre_c_initialization 96441->96494 96445 7f00aa __fread_nolock 96445->96430 96448 7f0678 96447->96448 96449 7f068d 96448->96449 96450 7f06a6 96448->96450 96510 7df2c6 20 API calls __dosmaperr 96449->96510 96496 7e5221 96450->96496 96453 7f06ab 96455 7f06cb 96453->96455 96456 7f06b4 96453->96456 96454 7f0692 96511 7df2d9 20 API calls __dosmaperr 96454->96511 96509 7f039a CreateFileW 96455->96509 96512 7df2c6 20 API calls __dosmaperr 96456->96512 96460 7f06b9 96513 7df2d9 20 API calls __dosmaperr 96460->96513 96461 7f00f8 96495 7f0121 LeaveCriticalSection __wsopen_s 96461->96495 96463 7f0781 GetFileType 96464 7f078c GetLastError 96463->96464 96465 7f07d3 96463->96465 96516 7df2a3 20 API calls __dosmaperr 96464->96516 96518 7e516a 21 API calls 2 library calls 96465->96518 96466 7f0756 GetLastError 96515 7df2a3 20 API calls __dosmaperr 96466->96515 96469 7f0704 96469->96463 96469->96466 96514 7f039a CreateFileW 96469->96514 96470 7f079a CloseHandle 96470->96454 96472 7f07c3 96470->96472 96517 7df2d9 20 API calls __dosmaperr 96472->96517 96474 7f0749 96474->96463 96474->96466 96476 7f07f4 96477 7f0840 96476->96477 96519 7f05ab 72 API calls 3 library calls 96476->96519 96482 7f086d 96477->96482 96520 7f014d 72 API calls 4 library calls 96477->96520 96478 7f07c8 96478->96454 96481 7f0866 96481->96482 96483 7f087e 96481->96483 96484 7e86ae __wsopen_s 29 API calls 96482->96484 96483->96461 96485 7f08fc CloseHandle 96483->96485 96484->96461 96521 7f039a CreateFileW 96485->96521 96487 7f0927 96488 7f095d 96487->96488 96489 7f0931 GetLastError 96487->96489 96488->96461 96522 7df2a3 20 API calls __dosmaperr 96489->96522 96491 7f093d 96523 7e5333 21 API calls 2 library calls 96491->96523 96493->96441 96494->96445 96495->96445 96497 7e522d ___DestructExceptionObject 96496->96497 96524 7e2f5e EnterCriticalSection 96497->96524 96499 7e5234 96500 7e5259 96499->96500 96505 7e52c7 EnterCriticalSection 96499->96505 96507 7e527b 96499->96507 96502 7e5000 __wsopen_s 21 API calls 96500->96502 96504 7e525e 96502->96504 96503 7e52a4 __fread_nolock 96503->96453 96504->96507 96528 7e5147 EnterCriticalSection 96504->96528 96506 7e52d4 LeaveCriticalSection 96505->96506 96505->96507 96506->96499 96525 7e532a 96507->96525 96509->96469 96510->96454 96511->96461 96512->96460 96513->96454 96514->96474 96515->96454 96516->96470 96517->96478 96518->96476 96519->96477 96520->96481 96521->96487 96522->96491 96523->96488 96524->96499 96529 7e2fa6 LeaveCriticalSection 96525->96529 96527 7e5331 96527->96503 96528->96507 96529->96527 96530 7f2402 96533 7b1410 96530->96533 96534 7b144f mciSendStringW 96533->96534 96535 7f24b8 DestroyWindow 96533->96535 96536 7b146b 96534->96536 96537 7b16c6 96534->96537 96548 7f24c4 96535->96548 96539 7b1479 96536->96539 96536->96548 96537->96536 96538 7b16d5 UnregisterHotKey 96537->96538 96538->96537 96566 7b182e 96539->96566 96542 7f2509 96547 7f252d 96542->96547 96549 7f251c FreeLibrary 96542->96549 96543 7f24d8 96543->96548 96572 7b6246 CloseHandle 96543->96572 96544 7f24e2 FindClose 96544->96548 96545 7b148e 96545->96547 96554 7b149c 96545->96554 96550 7f2541 VirtualFree 96547->96550 96557 7b1509 96547->96557 96548->96542 96548->96543 96548->96544 96549->96542 96550->96547 96551 7b14f8 OleUninitialize 96551->96557 96552 7f2589 96559 7f2598 messages 96552->96559 96573 8232eb 6 API calls messages 96552->96573 96553 7b1514 96556 7b1524 96553->96556 96554->96551 96570 7b1944 VirtualFreeEx CloseHandle 96556->96570 96557->96552 96557->96553 96563 7f2627 96559->96563 96574 8164d4 22 API calls messages 96559->96574 96561 7b153a 96561->96559 96562 7b161f 96561->96562 96562->96563 96571 7b1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96562->96571 96563->96563 96565 7b16c1 96568 7b183b 96566->96568 96567 7b1480 96567->96542 96567->96545 96568->96567 96575 81702a 22 API calls 96568->96575 96570->96561 96571->96565 96572->96543 96573->96552 96574->96559 96575->96568 96576 7b1044 96581 7b10f3 96576->96581 96578 7b104a 96617 7d00a3 29 API calls __onexit 96578->96617 96580 7b1054 96618 7b1398 96581->96618 96585 7b116a 96586 7ba961 22 API calls 96585->96586 96587 7b1174 96586->96587 96588 7ba961 22 API calls 96587->96588 96589 7b117e 96588->96589 96590 7ba961 22 API calls 96589->96590 96591 7b1188 96590->96591 96592 7ba961 22 API calls 96591->96592 96593 7b11c6 96592->96593 96594 7ba961 22 API calls 96593->96594 96595 7b1292 96594->96595 96628 7b171c 96595->96628 96599 7b12c4 96600 7ba961 22 API calls 96599->96600 96601 7b12ce 96600->96601 96602 7c1940 9 API calls 96601->96602 96603 7b12f9 96602->96603 96649 7b1aab 96603->96649 96605 7b1315 96606 7b1325 GetStdHandle 96605->96606 96607 7b137a 96606->96607 96608 7f2485 96606->96608 96611 7b1387 OleInitialize 96607->96611 96608->96607 96609 7f248e 96608->96609 96610 7cfddb 22 API calls 96609->96610 96612 7f2495 96610->96612 96611->96578 96656 82011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96612->96656 96614 7f249e 96657 820944 CreateThread 96614->96657 96616 7f24aa CloseHandle 96616->96607 96617->96580 96658 7b13f1 96618->96658 96621 7b13f1 22 API calls 96622 7b13d0 96621->96622 96623 7ba961 22 API calls 96622->96623 96624 7b13dc 96623->96624 96625 7b6b57 22 API calls 96624->96625 96626 7b1129 96625->96626 96627 7b1bc3 6 API calls 96626->96627 96627->96585 96629 7ba961 22 API calls 96628->96629 96630 7b172c 96629->96630 96631 7ba961 22 API calls 96630->96631 96632 7b1734 96631->96632 96633 7ba961 22 API calls 96632->96633 96634 7b174f 96633->96634 96635 7cfddb 22 API calls 96634->96635 96636 7b129c 96635->96636 96637 7b1b4a 96636->96637 96638 7b1b58 96637->96638 96639 7ba961 22 API calls 96638->96639 96640 7b1b63 96639->96640 96641 7ba961 22 API calls 96640->96641 96642 7b1b6e 96641->96642 96643 7ba961 22 API calls 96642->96643 96644 7b1b79 96643->96644 96645 7ba961 22 API calls 96644->96645 96646 7b1b84 96645->96646 96647 7cfddb 22 API calls 96646->96647 96648 7b1b96 RegisterWindowMessageW 96647->96648 96648->96599 96650 7b1abb 96649->96650 96651 7f272d 96649->96651 96653 7cfddb 22 API calls 96650->96653 96665 823209 23 API calls 96651->96665 96655 7b1ac3 96653->96655 96654 7f2738 96655->96605 96656->96614 96657->96616 96666 82092a 28 API calls 96657->96666 96659 7ba961 22 API calls 96658->96659 96660 7b13fc 96659->96660 96661 7ba961 22 API calls 96660->96661 96662 7b1404 96661->96662 96663 7ba961 22 API calls 96662->96663 96664 7b13c6 96663->96664 96664->96621 96665->96654

                                                                            Executed Functions

                                                                            Function 007B42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 239 7b42de-7b434d call 7ba961 GetVersionExW call 7b6b57 244 7f3617-7f362a 239->244 245 7b4353 239->245 247 7f362b-7f362f 244->247 246 7b4355-7b4357 245->246 248 7b435d-7b43bc call 7b93b2 call 7b37a0 246->248 249 7f3656 246->249 250 7f3632-7f363e 247->250 251 7f3631 247->251 268 7f37df-7f37e6 248->268 269 7b43c2-7b43c4 248->269 254 7f365d-7f3660 249->254 250->247 253 7f3640-7f3642 250->253 251->250 253->246 256 7f3648-7f364f 253->256 258 7b441b-7b4435 GetCurrentProcess IsWow64Process 254->258 259 7f3666-7f36a8 254->259 256->244 257 7f3651 256->257 257->249 261 7b4437 258->261 262 7b4494-7b449a 258->262 259->258 263 7f36ae-7f36b1 259->263 265 7b443d-7b4449 261->265 262->265 266 7f36db-7f36e5 263->266 267 7f36b3-7f36bd 263->267 270 7b444f-7b445e LoadLibraryA 265->270 271 7f3824-7f3828 GetSystemInfo 265->271 275 7f36f8-7f3702 266->275 276 7f36e7-7f36f3 266->276 272 7f36bf-7f36c5 267->272 273 7f36ca-7f36d6 267->273 277 7f37e8 268->277 278 7f3806-7f3809 268->278 269->254 274 7b43ca-7b43dd 269->274 281 7b449c-7b44a6 GetSystemInfo 270->281 282 7b4460-7b446e GetProcAddress 270->282 272->258 273->258 283 7b43e3-7b43e5 274->283 284 7f3726-7f372f 274->284 286 7f3715-7f3721 275->286 287 7f3704-7f3710 275->287 276->258 285 7f37ee 277->285 279 7f380b-7f381a 278->279 280 7f37f4-7f37fc 278->280 279->285 290 7f381c-7f3822 279->290 280->278 292 7b4476-7b4478 281->292 282->281 291 7b4470-7b4474 GetNativeSystemInfo 282->291 293 7b43eb-7b43ee 283->293 294 7f374d-7f3762 283->294 288 7f373c-7f3748 284->288 289 7f3731-7f3737 284->289 285->280 286->258 287->258 288->258 289->258 290->280 291->292 297 7b447a-7b447b FreeLibrary 292->297 298 7b4481-7b4493 292->298 299 7f3791-7f3794 293->299 300 7b43f4-7b440f 293->300 295 7f376f-7f377b 294->295 296 7f3764-7f376a 294->296 295->258 296->258 297->298 299->258 301 7f379a-7f37c1 299->301 302 7b4415 300->302 303 7f3780-7f378c 300->303 304 7f37ce-7f37da 301->304 305 7f37c3-7f37c9 301->305 302->258 303->258 304->258 305->258
                                                                            APIs
                                                                            • GetVersionExW.KERNEL32(?), ref: 007B430D
                                                                              • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                            • GetCurrentProcess.KERNEL32(?,0084CB64,00000000,?,?), ref: 007B4422
                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 007B4429
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 007B4454
                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 007B4466
                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 007B4474
                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 007B447B
                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 007B44A0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                            • API String ID: 3290436268-3101561225
                                                                            • Opcode ID: 31c10f58583c204bf89f278d7d2773f985706a9e11b57451ca549c14679100e9
                                                                            • Instruction ID: 61ec2583f1aaf40ba2d2d5b8f74cc5127ade140d97c6b80256baa2f274d974ae
                                                                            • Opcode Fuzzy Hash: 31c10f58583c204bf89f278d7d2773f985706a9e11b57451ca549c14679100e9
                                                                            • Instruction Fuzzy Hash: A7A1737690A2C4DFCF12D76D7C8D6E67FAC7B26740B184899D18193B23DE6C460ACB21
                                                                            Function 007B42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 643 7b42a2-7b42ba CreateStreamOnHGlobal 644 7b42da-7b42dd 643->644 645 7b42bc-7b42d3 FindResourceExW 643->645 646 7b42d9 645->646 647 7f35ba-7f35c9 LoadResource 645->647 646->644 647->646 648 7f35cf-7f35dd SizeofResource 647->648 648->646 649 7f35e3-7f35ee LockResource 648->649 649->646 650 7f35f4-7f3612 649->650 650->646
                                                                            APIs
                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,007B50AA,?,?,00000000,00000000), ref: 007B42B2
                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,007B50AA,?,?,00000000,00000000), ref: 007B42C9
                                                                            • LoadResource.KERNEL32(?,00000000,?,?,007B50AA,?,?,00000000,00000000,?,?,?,?,?,?,007B4F20), ref: 007F35BE
                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,007B50AA,?,?,00000000,00000000,?,?,?,?,?,?,007B4F20), ref: 007F35D3
                                                                            • LockResource.KERNEL32(007B50AA,?,?,007B50AA,?,?,00000000,00000000,?,?,?,?,?,?,007B4F20,?), ref: 007F35E6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                            • String ID: SCRIPT
                                                                            • API String ID: 3051347437-3967369404
                                                                            • Opcode ID: cf4bbba20324b258387833fd08b62981aea744ae5bb7e1d5baaf0f0c933de58b
                                                                            • Instruction ID: 9dc274f03fe5e6c1ad48d25770722103672931bd6b9fee83b357adfcf5360853
                                                                            • Opcode Fuzzy Hash: cf4bbba20324b258387833fd08b62981aea744ae5bb7e1d5baaf0f0c933de58b
                                                                            • Instruction Fuzzy Hash: 41117C75201700BFEB218FA5DC49FA77BBDFBC6B51F104169B412D6260DBB1D800D620
                                                                            Function 007F2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 007B2B6B
                                                                              • Part of subcall function 007B3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00881418,?,007B2E7F,?,?,?,00000000), ref: 007B3A78
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,00872224), ref: 007F2C10
                                                                            • ShellExecuteW.SHELL32(00000000,?,?,00872224), ref: 007F2C17
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                            • String ID: runas
                                                                            • API String ID: 448630720-4000483414
                                                                            • Opcode ID: 2694e82f5ba4045dbc9d9f64798f5717c707d6bab01aa909cc4224f7c2f580bd
                                                                            • Instruction ID: 7ac80b73e449079be8b94949505e84ee727149f2b9ca01b8cbae699e9eb4802c
                                                                            • Opcode Fuzzy Hash: 2694e82f5ba4045dbc9d9f64798f5717c707d6bab01aa909cc4224f7c2f580bd
                                                                            • Instruction Fuzzy Hash: 1611D571209305EAC704FF60D859BEEBBA9AB91700F44042DF256431A3DF2C898AC712
                                                                            Function 0081D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0081D501
                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0081D50F
                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 0081D52F
                                                                            • FindCloseChangeNotification.KERNEL32(00000000), ref: 0081D5DC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                            • String ID:
                                                                            • API String ID: 3243318325-0
                                                                            • Opcode ID: a1ccf2014cc592bab459987a593b026a3ea143ba6fd07ef37e8f8eeb29746ffd
                                                                            • Instruction ID: 3aeea90104eb74051dd1f5db9c70921e7c62b55fc94638c7c2f57f4c9a66b9a1
                                                                            • Opcode Fuzzy Hash: a1ccf2014cc592bab459987a593b026a3ea143ba6fd07ef37e8f8eeb29746ffd
                                                                            • Instruction Fuzzy Hash: B1314D711083009FD301EF54C889BEABBE9FF99354F14092DF685861A1EB719985CB92
                                                                            Function 0081DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 912 81dbbe-81dbda lstrlenW 913 81dc06 912->913 914 81dbdc-81dbe6 GetFileAttributesW 912->914 915 81dc09-81dc0d 913->915 914->915 916 81dbe8-81dbf7 FindFirstFileW 914->916 916->913 917 81dbf9-81dc04 FindClose 916->917 917->915
                                                                            APIs
                                                                            • lstrlenW.KERNEL32(?,007F5222), ref: 0081DBCE
                                                                            • GetFileAttributesW.KERNEL32(?), ref: 0081DBDD
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0081DBEE
                                                                            • FindClose.KERNEL32(00000000), ref: 0081DBFA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                            • String ID:
                                                                            • API String ID: 2695905019-0
                                                                            • Opcode ID: 3d48c97496f11d05d3582c45ee4bc749237b0d9ad5c021e5b7f5f790f585a59f
                                                                            • Instruction ID: 36c2b104dfb7976c156c182724837bb5210a72e3bfd13ab95c398a7b0f847fa2
                                                                            • Opcode Fuzzy Hash: 3d48c97496f11d05d3582c45ee4bc749237b0d9ad5c021e5b7f5f790f585a59f
                                                                            • Instruction Fuzzy Hash: BAF0A038811A245782206B78AC0D9EA376CFF02334B104B02F936C22E0FBF05994C6D5
                                                                            Function 007D4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32(007E28E9,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002,00000000,?,007E28E9), ref: 007D4D09
                                                                            • TerminateProcess.KERNEL32(00000000,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002,00000000,?,007E28E9), ref: 007D4D10
                                                                            • ExitProcess.KERNEL32 ref: 007D4D22
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$CurrentExitTerminate
                                                                            • String ID:
                                                                            • API String ID: 1703294689-0
                                                                            • Opcode ID: dce429a0df2e16f58f25ba3119464e8b76d42070d0f0f1a3e67919aedbaa87bb
                                                                            • Instruction ID: a2c2ab1ec915e69465f933999e2f24e945c0cb0d0ed57f2f6f8fe7142d9bc3c6
                                                                            • Opcode Fuzzy Hash: dce429a0df2e16f58f25ba3119464e8b76d42070d0f0f1a3e67919aedbaa87bb
                                                                            • Instruction Fuzzy Hash: 8CE0B635101588ABCF61AF64DD0DA583B7EFB46785B144015FD058B222CB39DD42CA90
                                                                            Function 007BD730 Relevance: 21.6, APIs: 14, Instructions: 625sleeptimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Sleep$InputStateTimetime
                                                                            • String ID:
                                                                            • API String ID: 2764417729-0
                                                                            • Opcode ID: 58bf6a96e75a9165dc85c8be1797783ea78fc11a0ea763f8a4b1db3aab8fa4d0
                                                                            • Instruction ID: 4125d85a3dc46137871eff63ddfb2b394bf8149a8ea515fa9fc83bf85e5de62c
                                                                            • Opcode Fuzzy Hash: 58bf6a96e75a9165dc85c8be1797783ea78fc11a0ea763f8a4b1db3aab8fa4d0
                                                                            • Instruction Fuzzy Hash: 6342F170608241DFDB78CF28C898BAABBA5FF45314F14855DE456C7291EBB8EC44CB92
                                                                            Function 007B2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 007B2D07
                                                                            • RegisterClassExW.USER32(00000030), ref: 007B2D31
                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007B2D42
                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 007B2D5F
                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007B2D6F
                                                                            • LoadIconW.USER32(000000A9), ref: 007B2D85
                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007B2D94
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                            • API String ID: 2914291525-1005189915
                                                                            • Opcode ID: 5c9c7066c3ee1da42398b0de6f60ee8415a81a220b1ad89d780fe10640f7be95
                                                                            • Instruction ID: 8879d03ee50ffe2237a71d7ec4411db2416d1c514cb5eaa59a6f2174bf05b97b
                                                                            • Opcode Fuzzy Hash: 5c9c7066c3ee1da42398b0de6f60ee8415a81a220b1ad89d780fe10640f7be95
                                                                            • Instruction Fuzzy Hash: F421BFB5912318AFDF40DFA8EC89BDDBFB8FB09700F00811AE611A62A0DBB55545CF91
                                                                            Function 007F065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 307 7f065b-7f068b call 7f042f 310 7f068d-7f0698 call 7df2c6 307->310 311 7f06a6-7f06b2 call 7e5221 307->311 318 7f069a-7f06a1 call 7df2d9 310->318 316 7f06cb-7f0714 call 7f039a 311->316 317 7f06b4-7f06c9 call 7df2c6 call 7df2d9 311->317 326 7f0716-7f071f 316->326 327 7f0781-7f078a GetFileType 316->327 317->318 328 7f097d-7f0983 318->328 332 7f0756-7f077c GetLastError call 7df2a3 326->332 333 7f0721-7f0725 326->333 329 7f078c-7f07bd GetLastError call 7df2a3 CloseHandle 327->329 330 7f07d3-7f07d6 327->330 329->318 344 7f07c3-7f07ce call 7df2d9 329->344 336 7f07df-7f07e5 330->336 337 7f07d8-7f07dd 330->337 332->318 333->332 338 7f0727-7f0754 call 7f039a 333->338 341 7f07e9-7f0837 call 7e516a 336->341 342 7f07e7 336->342 337->341 338->327 338->332 349 7f0839-7f0845 call 7f05ab 341->349 350 7f0847-7f086b call 7f014d 341->350 342->341 344->318 349->350 356 7f086f-7f0879 call 7e86ae 349->356 357 7f087e-7f08c1 350->357 358 7f086d 350->358 356->328 360 7f08c3-7f08c7 357->360 361 7f08e2-7f08f0 357->361 358->356 360->361 363 7f08c9-7f08dd 360->363 364 7f097b 361->364 365 7f08f6-7f08fa 361->365 363->361 364->328 365->364 366 7f08fc-7f092f CloseHandle call 7f039a 365->366 369 7f0963-7f0977 366->369 370 7f0931-7f095d GetLastError call 7df2a3 call 7e5333 366->370 369->364 370->369
                                                                            APIs
                                                                              • Part of subcall function 007F039A: CreateFileW.KERNEL32(00000000,00000000,?,007F0704,?,?,00000000,?,007F0704,00000000,0000000C), ref: 007F03B7
                                                                            • GetLastError.KERNEL32 ref: 007F076F
                                                                            • __dosmaperr.LIBCMT ref: 007F0776
                                                                            • GetFileType.KERNEL32(00000000), ref: 007F0782
                                                                            • GetLastError.KERNEL32 ref: 007F078C
                                                                            • __dosmaperr.LIBCMT ref: 007F0795
                                                                            • CloseHandle.KERNEL32(00000000), ref: 007F07B5
                                                                            • CloseHandle.KERNEL32(?), ref: 007F08FF
                                                                            • GetLastError.KERNEL32 ref: 007F0931
                                                                            • __dosmaperr.LIBCMT ref: 007F0938
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                            • String ID: H
                                                                            • API String ID: 4237864984-2852464175
                                                                            • Opcode ID: d4680d2a229a141b0ed13f6f578cfc159a766640b16e3c78f19a6708fe1e7274
                                                                            • Instruction ID: 8a588d23177dece8688b7e48c3c2da8e2802d26e9bc10e0f19c3715b25a87639
                                                                            • Opcode Fuzzy Hash: d4680d2a229a141b0ed13f6f578cfc159a766640b16e3c78f19a6708fe1e7274
                                                                            • Instruction Fuzzy Hash: 00A12136A001088FDF19EF68D855BBE7BA0AB06320F14419EF9159F3D2DB399912CB91
                                                                            Function 007B344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                              • Part of subcall function 007B3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00881418,?,007B2E7F,?,?,?,00000000), ref: 007B3A78
                                                                              • Part of subcall function 007B3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 007B3379
                                                                            • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 007B356A
                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 007F318D
                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 007F31CE
                                                                            • RegCloseKey.ADVAPI32(?), ref: 007F3210
                                                                            • _wcslen.LIBCMT ref: 007F3277
                                                                            • _wcslen.LIBCMT ref: 007F3286
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                            • API String ID: 98802146-2727554177
                                                                            • Opcode ID: 9a636b756947fba5c2e75dd64258a8ce1ba7e49f0183d785d84f2727e2b5991d
                                                                            • Instruction ID: 1236ad3a734e0ee10517d16f7ea4996bb8f5b3dd570e88656f6d5a9256f23afd
                                                                            • Opcode Fuzzy Hash: 9a636b756947fba5c2e75dd64258a8ce1ba7e49f0183d785d84f2727e2b5991d
                                                                            • Instruction Fuzzy Hash: FD716A71405305EEC314EF69EC95AABBBE8FF85740B40042EF655C3271EB389A48CB62
                                                                            Function 007B2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 007B2B8E
                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 007B2B9D
                                                                            • LoadIconW.USER32(00000063), ref: 007B2BB3
                                                                            • LoadIconW.USER32(000000A4), ref: 007B2BC5
                                                                            • LoadIconW.USER32(000000A2), ref: 007B2BD7
                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 007B2BEF
                                                                            • RegisterClassExW.USER32(?), ref: 007B2C40
                                                                              • Part of subcall function 007B2CD4: GetSysColorBrush.USER32(0000000F), ref: 007B2D07
                                                                              • Part of subcall function 007B2CD4: RegisterClassExW.USER32(00000030), ref: 007B2D31
                                                                              • Part of subcall function 007B2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007B2D42
                                                                              • Part of subcall function 007B2CD4: InitCommonControlsEx.COMCTL32(?), ref: 007B2D5F
                                                                              • Part of subcall function 007B2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007B2D6F
                                                                              • Part of subcall function 007B2CD4: LoadIconW.USER32(000000A9), ref: 007B2D85
                                                                              • Part of subcall function 007B2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007B2D94
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                            • String ID: #$0$AutoIt v3
                                                                            • API String ID: 423443420-4155596026
                                                                            • Opcode ID: d36d145775cf70a54cd6a93cdd3c0554e2b37fddffb127c3d916665bce99116b
                                                                            • Instruction ID: e1a53c659e09ba698b868a48229e5b1025f05cc04d19d0575434c9adc7912632
                                                                            • Opcode Fuzzy Hash: d36d145775cf70a54cd6a93cdd3c0554e2b37fddffb127c3d916665bce99116b
                                                                            • Instruction Fuzzy Hash: 03211874E01318ABDF109FA9EC59BA97FB8FB48B50F00402AE600A67A0DBB90541CF90
                                                                            Function 007B3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 448 7b3170-7b3185 449 7b3187-7b318a 448->449 450 7b31e5-7b31e7 448->450 451 7b31eb 449->451 452 7b318c-7b3193 449->452 450->449 453 7b31e9 450->453 457 7f2dfb-7f2e23 call 7b18e2 call 7ce499 451->457 458 7b31f1-7b31f6 451->458 454 7b3199-7b319e 452->454 455 7b3265-7b326d PostQuitMessage 452->455 456 7b31d0-7b31d8 DefWindowProcW 453->456 460 7f2e7c-7f2e90 call 81bf30 454->460 461 7b31a4-7b31a8 454->461 463 7b3219-7b321b 455->463 462 7b31de-7b31e4 456->462 493 7f2e28-7f2e2f 457->493 464 7b31f8-7b31fb 458->464 465 7b321d-7b3244 SetTimer RegisterWindowMessageW 458->465 460->463 487 7f2e96 460->487 469 7b31ae-7b31b3 461->469 470 7f2e68-7f2e77 call 81c161 461->470 463->462 466 7f2d9c-7f2d9f 464->466 467 7b3201-7b320f KillTimer call 7b30f2 464->467 465->463 471 7b3246-7b3251 CreatePopupMenu 465->471 479 7f2dd7-7f2df6 MoveWindow 466->479 480 7f2da1-7f2da5 466->480 482 7b3214 call 7b3c50 467->482 476 7f2e4d-7f2e54 469->476 477 7b31b9-7b31be 469->477 470->463 471->463 476->456 481 7f2e5a-7f2e63 call 810ad7 476->481 485 7b3253-7b3263 call 7b326f 477->485 486 7b31c4-7b31ca 477->486 479->463 488 7f2da7-7f2daa 480->488 489 7f2dc6-7f2dd2 SetFocus 480->489 481->456 482->463 485->463 486->456 486->493 487->456 488->486 494 7f2db0-7f2dc1 call 7b18e2 488->494 489->463 493->456 497 7f2e35-7f2e48 call 7b30f2 call 7b3837 493->497 494->463 497->456
                                                                            APIs
                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,007B316A,?,?), ref: 007B31D8
                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,007B316A,?,?), ref: 007B3204
                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 007B3227
                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,007B316A,?,?), ref: 007B3232
                                                                            • CreatePopupMenu.USER32 ref: 007B3246
                                                                            • PostQuitMessage.USER32(00000000), ref: 007B3267
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                            • String ID: TaskbarCreated
                                                                            • API String ID: 129472671-2362178303
                                                                            • Opcode ID: a1a4c71ee0722f567cd34752e52bdb26851a2a3aa3aa1d5a377b66494ff70a89
                                                                            • Instruction ID: 5be5e475e4282f107cdbd0c368ab8e9007d225c3a477824adee4ca5d5b6b3240
                                                                            • Opcode Fuzzy Hash: a1a4c71ee0722f567cd34752e52bdb26851a2a3aa3aa1d5a377b66494ff70a89
                                                                            • Instruction Fuzzy Hash: C541DF3524060CABDF146BACDC1EBF93A5DFB06340F040125FA02C62A2DF7D9E8297A1
                                                                            Function 007B1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 504 7b1410-7b1449 505 7b144f-7b1465 mciSendStringW 504->505 506 7f24b8-7f24b9 DestroyWindow 504->506 507 7b146b-7b1473 505->507 508 7b16c6-7b16d3 505->508 511 7f24c4-7f24d1 506->511 507->511 512 7b1479-7b1488 call 7b182e 507->512 509 7b16f8-7b16ff 508->509 510 7b16d5-7b16f0 UnregisterHotKey 508->510 509->507 514 7b1705 509->514 510->509 513 7b16f2-7b16f3 call 7b10d0 510->513 515 7f24d3-7f24d6 511->515 516 7f2500-7f2507 511->516 523 7f250e-7f251a 512->523 524 7b148e-7b1496 512->524 513->509 514->508 521 7f24d8-7f24e0 call 7b6246 515->521 522 7f24e2-7f24e5 FindClose 515->522 516->511 520 7f2509 516->520 520->523 525 7f24eb-7f24f8 521->525 522->525 530 7f251c-7f251e FreeLibrary 523->530 531 7f2524-7f252b 523->531 527 7b149c-7b14c1 call 7bcfa0 524->527 528 7f2532-7f253f 524->528 525->516 529 7f24fa-7f24fb call 8232b1 525->529 541 7b14f8-7b1503 OleUninitialize 527->541 542 7b14c3 527->542 536 7f2566-7f256d 528->536 537 7f2541-7f255e VirtualFree 528->537 529->516 530->531 531->523 535 7f252d 531->535 535->528 536->528 538 7f256f 536->538 537->536 540 7f2560-7f2561 call 823317 537->540 544 7f2574-7f2578 538->544 540->536 541->544 546 7b1509-7b150e 541->546 545 7b14c6-7b14f6 call 7b1a05 call 7b19ae 542->545 544->546 547 7f257e-7f2584 544->547 545->541 549 7f2589-7f2596 call 8232eb 546->549 550 7b1514-7b151e 546->550 547->546 563 7f2598 549->563 553 7b1707-7b1714 call 7cf80e 550->553 554 7b1524-7b15a5 call 7b988f call 7b1944 call 7b17d5 call 7cfe14 call 7b177c call 7b988f call 7bcfa0 call 7b17fe call 7cfe14 550->554 553->554 565 7b171a 553->565 567 7f259d-7f25bf call 7cfdcd 554->567 593 7b15ab-7b15cf call 7cfe14 554->593 563->567 565->553 573 7f25c1 567->573 575 7f25c6-7f25e8 call 7cfdcd 573->575 581 7f25ea 575->581 584 7f25ef-7f2611 call 7cfdcd 581->584 590 7f2613 584->590 594 7f2618-7f2625 call 8164d4 590->594 593->575 599 7b15d5-7b15f9 call 7cfe14 593->599 600 7f2627 594->600 599->584 605 7b15ff-7b1619 call 7cfe14 599->605 602 7f262c-7f2639 call 7cac64 600->602 608 7f263b 602->608 605->594 610 7b161f-7b1643 call 7b17d5 call 7cfe14 605->610 611 7f2640-7f264d call 823245 608->611 610->602 619 7b1649-7b1651 610->619 617 7f264f 611->617 621 7f2654-7f2661 call 8232cc 617->621 619->611 620 7b1657-7b1675 call 7b988f call 7b190a 619->620 620->621 629 7b167b-7b1689 620->629 627 7f2663 621->627 630 7f2668-7f2675 call 8232cc 627->630 629->630 632 7b168f-7b16c5 call 7b988f * 3 call 7b1876 629->632 635 7f2677 630->635 635->635
                                                                            APIs
                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 007B1459
                                                                            • OleUninitialize.OLE32(?,00000000), ref: 007B14F8
                                                                            • UnregisterHotKey.USER32(?), ref: 007B16DD
                                                                            • DestroyWindow.USER32(?), ref: 007F24B9
                                                                            • FreeLibrary.KERNEL32(?), ref: 007F251E
                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 007F254B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                            • String ID: close all
                                                                            • API String ID: 469580280-3243417748
                                                                            • Opcode ID: 127190c25ec09b04c43add0718a6203979f3e6f4831d690662f3734253f1fce6
                                                                            • Instruction ID: cc7d8b2197844ac0e58605ec304b2ea3c3872b41510639b8d0aa08ce5ba6b43c
                                                                            • Opcode Fuzzy Hash: 127190c25ec09b04c43add0718a6203979f3e6f4831d690662f3734253f1fce6
                                                                            • Instruction Fuzzy Hash: C8D15E31702212DFCB29DF14C4A9B69F7A5BF05700F9441ADE54AAB352DB38AD22CF51
                                                                            Function 007B2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 653 7b2c63-7b2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                            APIs
                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 007B2C91
                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 007B2CB2
                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,007B1CAD,?), ref: 007B2CC6
                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,007B1CAD,?), ref: 007B2CCF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$CreateShow
                                                                            • String ID: AutoIt v3$edit
                                                                            • API String ID: 1584632944-3779509399
                                                                            • Opcode ID: f8a239ab4a8b37928b49ee257c92cae3bc18d85d01d30a449f6b0c38a79a9260
                                                                            • Instruction ID: 60fda538a2e8d333e4d7b47389421d17f7ca04c3680a8707d71cbaa5833db533
                                                                            • Opcode Fuzzy Hash: f8a239ab4a8b37928b49ee257c92cae3bc18d85d01d30a449f6b0c38a79a9260
                                                                            • Instruction Fuzzy Hash: 43F0DA755413947AEB71171BAC0CEB72EBDF7C7F50B00005AF900A26A0CA791852DBB0
                                                                            Function 0083AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 768 83ad64-83ad9c call 7ba961 call 7d2340 773 83add1-83add5 768->773 774 83ad9e-83adb5 call 7b7510 768->774 775 83adf1-83adf5 773->775 776 83add7-83adee call 7b7510 call 7b7620 773->776 774->773 782 83adb7-83adce call 7b7510 call 7b7620 774->782 779 83adf7-83ae0e call 7b7510 775->779 780 83ae3a 775->780 776->775 784 83ae3c-83ae40 779->784 795 83ae10-83ae21 call 7b9b47 779->795 780->784 782->773 788 83ae53-83aeae call 7d2340 call 7b7510 ShellExecuteExW 784->788 789 83ae42-83ae50 call 7bb567 784->789 805 83aeb0-83aeb6 call 7cfe14 788->805 806 83aeb7-83aeb9 788->806 789->788 795->780 804 83ae23-83ae2e call 7b7510 795->804 804->780 813 83ae30-83ae35 call 7ba8c7 804->813 805->806 810 83aec2-83aec6 806->810 811 83aebb-83aec1 call 7cfe14 806->811 815 83af0a-83af0e 810->815 816 83aec8-83aed6 810->816 811->810 813->780 817 83af10-83af19 815->817 818 83af1b-83af33 call 7bcfa0 815->818 821 83aedb-83aeeb 816->821 822 83aed8 816->822 823 83af6d-83af7b call 7b988f 817->823 818->823 830 83af35-83af46 GetProcessId 818->830 825 83aef0-83af08 call 7bcfa0 821->825 826 83aeed 821->826 822->821 825->823 826->825 833 83af48 830->833 834 83af4e-83af67 call 7bcfa0 CloseHandle 830->834 833->834 834->823
                                                                            APIs
                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 0083AEA3
                                                                              • Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625
                                                                            • GetProcessId.KERNEL32(00000000), ref: 0083AF38
                                                                            • CloseHandle.KERNEL32(00000000), ref: 0083AF67
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                            • String ID: <$@
                                                                            • API String ID: 146682121-1426351568
                                                                            • Opcode ID: a1e8e54d99908530fd31c87e4971018f6bd14dc05f2c7eeb71df1fd777beea8e
                                                                            • Instruction ID: 0e93e18584d8fd4e031ba74f8871918c6b0a72136bb4e8682d7f72f6ddc2bcfa
                                                                            • Opcode Fuzzy Hash: a1e8e54d99908530fd31c87e4971018f6bd14dc05f2c7eeb71df1fd777beea8e
                                                                            • Instruction Fuzzy Hash: 87718A75A00619DFCB18DF54C489A9EBBF4FF48314F048499E856AB3A2CB78ED41CB91
                                                                            Function 007B3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 873 7b3b1c-7b3b27 874 7b3b99-7b3b9b 873->874 875 7b3b29-7b3b2e 873->875 876 7b3b8c-7b3b8f 874->876 875->874 877 7b3b30-7b3b48 RegOpenKeyExW 875->877 877->874 878 7b3b4a-7b3b69 RegQueryValueExW 877->878 879 7b3b6b-7b3b76 878->879 880 7b3b80-7b3b8b RegCloseKey 878->880 881 7b3b78-7b3b7a 879->881 882 7b3b90-7b3b97 879->882 880->876 883 7b3b7e 881->883 882->883 883->880
                                                                            APIs
                                                                            • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,007B3B0F,SwapMouseButtons,00000004,?), ref: 007B3B40
                                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,007B3B0F,SwapMouseButtons,00000004,?), ref: 007B3B61
                                                                            • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,007B3B0F,SwapMouseButtons,00000004,?), ref: 007B3B83
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseOpenQueryValue
                                                                            • String ID: Control Panel\Mouse
                                                                            • API String ID: 3677997916-824357125
                                                                            • Opcode ID: aaec3f81ff09898a84b9ad4fe0d4ea5fcafb8922b79fe6c25e47f39e2e0a5db9
                                                                            • Instruction ID: 9d38b0f5344b554f51f5e0ab528a7cd7a5a17e3e46a56bf46c7cab4f0add6402
                                                                            • Opcode Fuzzy Hash: aaec3f81ff09898a84b9ad4fe0d4ea5fcafb8922b79fe6c25e47f39e2e0a5db9
                                                                            • Instruction Fuzzy Hash: 63112AB5511208FFDB208FA5DC44AEFB7BCEF05744B104559A805D7114E6359E809760
                                                                            Function 007B3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 007F33A2
                                                                              • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 007B3A04
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                            • String ID: Line:
                                                                            • API String ID: 2289894680-1585850449
                                                                            • Opcode ID: b219c1129509365c63f19b04f35ea8d8f7d2bb6dbb4f070d5462fa94264963ec
                                                                            • Instruction ID: c2d9a5d3c2a3724d77f4dce91b8d5b7178161273fced04ebf02d287a016a00d4
                                                                            • Opcode Fuzzy Hash: b219c1129509365c63f19b04f35ea8d8f7d2bb6dbb4f070d5462fa94264963ec
                                                                            • Instruction Fuzzy Hash: 8831A571408304AAD725EB14DC49BEBB7ECBF40714F10451AF59993291EF7CAA89C7C2
                                                                            Function 007CFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 007D0668
                                                                              • Part of subcall function 007D32A4: RaiseException.KERNEL32(?,?,?,007D068A,?,00881444,?,?,?,?,?,?,007D068A,007B1129,00878738,007B1129), ref: 007D3304
                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 007D0685
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                            • String ID: Unknown exception
                                                                            • API String ID: 3476068407-410509341
                                                                            • Opcode ID: bc7dba0eeb95dc407f5bdab15e14ea8cd8c98c0559cdaf7c6b0210ee62885b69
                                                                            • Instruction ID: 2ba0eed18da7c6e991da94069f5c0a75968269e1c7b7ba0a096af79c6d66e1cc
                                                                            • Opcode Fuzzy Hash: bc7dba0eeb95dc407f5bdab15e14ea8cd8c98c0559cdaf7c6b0210ee62885b69
                                                                            • Instruction Fuzzy Hash: 27F0F42490020DF38B04B664E84EE5D777CAE00350B60803AB929D6795EF38EA2585C0
                                                                            Function 007B10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 007B1BF4
                                                                              • Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 007B1BFC
                                                                              • Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 007B1C07
                                                                              • Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 007B1C12
                                                                              • Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 007B1C1A
                                                                              • Part of subcall function 007B1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 007B1C22
                                                                              • Part of subcall function 007B1B4A: RegisterWindowMessageW.USER32(00000004,?,007B12C4), ref: 007B1BA2
                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 007B136A
                                                                            • OleInitialize.OLE32 ref: 007B1388
                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 007F24AB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                            • String ID:
                                                                            • API String ID: 1986988660-0
                                                                            • Opcode ID: c0dae7988f3bfd3e9336ec9da35489214642f4a51d118ac9ff2bba423e50abd2
                                                                            • Instruction ID: 2a8378fe63216dd94af72982eb9a9d8d69743d40b6effe0dad25e46b102256fe
                                                                            • Opcode Fuzzy Hash: c0dae7988f3bfd3e9336ec9da35489214642f4a51d118ac9ff2bba423e50abd2
                                                                            • Instruction Fuzzy Hash: 1871A7B49122009ECB84EFBDE95EA953AEDFB88344794823AD10AC7262EF344447CF45
                                                                            Function 007E86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,007E85CC,?,00878CC8,0000000C), ref: 007E8704
                                                                            • GetLastError.KERNEL32(?,007E85CC,?,00878CC8,0000000C), ref: 007E870E
                                                                            • __dosmaperr.LIBCMT ref: 007E8739
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                            • String ID:
                                                                            • API String ID: 490808831-0
                                                                            • Opcode ID: f5644c105a932bab965377306b92cbbe992053e6d738618300ba1049150bd1f2
                                                                            • Instruction ID: 35639846571ea60e7556ceb2e599b3bc1fa38c7882d36c369d90a3c6c1a8ddcb
                                                                            • Opcode Fuzzy Hash: f5644c105a932bab965377306b92cbbe992053e6d738618300ba1049150bd1f2
                                                                            • Instruction Fuzzy Hash: 61018E326072E056C2E06376694977E67494B8E77CF390119F81C8B1D3DEACCC81C252
                                                                            Function 007C1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __Init_thread_footer.LIBCMT ref: 007C17F6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Init_thread_footer
                                                                            • String ID: CALL
                                                                            • API String ID: 1385522511-4196123274
                                                                            • Opcode ID: 95b5cfb3c321b925622788916e1e918f0556e4f1756cde5ebda6e75a6550a79f
                                                                            • Instruction ID: cafe3a304a03d0293577203725c671af39c01d09fbb21efc5572f62f5c856d8b
                                                                            • Opcode Fuzzy Hash: 95b5cfb3c321b925622788916e1e918f0556e4f1756cde5ebda6e75a6550a79f
                                                                            • Instruction Fuzzy Hash: 22226870608241DFC714DF14C894F2ABBE1FF86314F64896DE4968B3A2D739E961CB92
                                                                            Function 007B2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 007F2C8C
                                                                              • Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2
                                                                              • Part of subcall function 007B2DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 007B2DC4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                            • String ID: X
                                                                            • API String ID: 779396738-3081909835
                                                                            • Opcode ID: dd658ede7d605a0d6f10dc25efd02c48eacab03035d2efcaf562261b1b1f4ee4
                                                                            • Instruction ID: 10f3d2c0e7e985bb5eb1991a23a38f256f952c6aee1e8d1ada9d2b0d514219f7
                                                                            • Opcode Fuzzy Hash: dd658ede7d605a0d6f10dc25efd02c48eacab03035d2efcaf562261b1b1f4ee4
                                                                            • Instruction Fuzzy Hash: 68218471A002589ACB419F94C8497EE7BF8AF49704F108059E505A7345EBB89A8A8F61
                                                                            Function 007B3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 007B3908
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconNotifyShell_
                                                                            • String ID:
                                                                            • API String ID: 1144537725-0
                                                                            • Opcode ID: b428cb4e2389d5e3117a226269cced2183daa18a6cf1f2df5765165741d00166
                                                                            • Instruction ID: df33565e570c24ec0ab75f2d69afd495e636fc64f8d39664cf9192ee67be9680
                                                                            • Opcode Fuzzy Hash: b428cb4e2389d5e3117a226269cced2183daa18a6cf1f2df5765165741d00166
                                                                            • Instruction Fuzzy Hash: 4E314B705047019FD761DF28D8897D7BBE8FB49708F00092EF59987250E779AA85CB52
                                                                            Function 007B4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E9C
                                                                              • Part of subcall function 007B4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007B4EAE
                                                                              • Part of subcall function 007B4E90: FreeLibrary.KERNEL32(00000000,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4EC0
                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4EFD
                                                                              • Part of subcall function 007B4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E62
                                                                              • Part of subcall function 007B4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007B4E74
                                                                              • Part of subcall function 007B4E59: FreeLibrary.KERNEL32(00000000,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E87
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$Load$AddressFreeProc
                                                                            • String ID:
                                                                            • API String ID: 2632591731-0
                                                                            • Opcode ID: 635c82eb9184576e9e06d0f7ea5f5b9d0bdf1cb7005edcea2c48a96de9a469ef
                                                                            • Instruction ID: f39bb18074390a2396b92a63e87437c692f9dd7d5700f41b38081963b2b192de
                                                                            • Opcode Fuzzy Hash: 635c82eb9184576e9e06d0f7ea5f5b9d0bdf1cb7005edcea2c48a96de9a469ef
                                                                            • Instruction Fuzzy Hash: 23119132610219EADB14BB64DC0ABFD77A5AF40B10F148429F542AB2D2EEB8DA459B50
                                                                            Function 007E8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __wsopen_s
                                                                            • String ID:
                                                                            • API String ID: 3347428461-0
                                                                            • Opcode ID: 48cd4ce9dd3c3a9c8f2d37773703f26335cc45b27659d5aeb0d35d79e37b44f7
                                                                            • Instruction ID: 19c8dad1ae945c52cf00985d9f9c5ca92f61fca66a11f58615c14e53e089d38f
                                                                            • Opcode Fuzzy Hash: 48cd4ce9dd3c3a9c8f2d37773703f26335cc45b27659d5aeb0d35d79e37b44f7
                                                                            • Instruction Fuzzy Hash: B711487190414AEFCB05DF59E94099A7BF4FF49310F104059F808AB352DA30EA11CBA5
                                                                            Function 007E5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007E4C7D: RtlAllocateHeap.NTDLL(00000008,007B1129,00000000,?,007E2E29,00000001,00000364,?,?,?,007DF2DE,007E3863,00881444,?,007CFDF5,?), ref: 007E4CBE
                                                                            • _free.LIBCMT ref: 007E506C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateHeap_free
                                                                            • String ID:
                                                                            • API String ID: 614378929-0
                                                                            • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                            • Instruction ID: 1b047f7810a48538705bd989243e77eb370b89b13573f9134d7fb08d3f518431
                                                                            • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                            • Instruction Fuzzy Hash: 29012B722057489BE3218E66984595AFBECFB8D374F25061DF184932C0E674A805C674
                                                                            Function 007DE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                            • Instruction ID: ea18de7b83e1c395e7701adc6edcabc862f7046c42db6bf5be5b3a23b2ee40f7
                                                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                            • Instruction Fuzzy Hash: 35F02D32511A14D6C7323A668C0DB5A33BC9F52334F10071BF525973D2DB7CE80285A6
                                                                            Function 007E4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00000008,007B1129,00000000,?,007E2E29,00000001,00000364,?,?,?,007DF2DE,007E3863,00881444,?,007CFDF5,?), ref: 007E4CBE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: c6f8d53a5a609c4af1f35b772a75a4987f4809cc9ef738a78c3cf4a4d8180228
                                                                            • Instruction ID: dbac7ee847919760a726093c3af6e86d14240725c9dfb424580813b2a28b93de
                                                                            • Opcode Fuzzy Hash: c6f8d53a5a609c4af1f35b772a75a4987f4809cc9ef738a78c3cf4a4d8180228
                                                                            • Instruction Fuzzy Hash: 6AF0E9326032A4A7DB315F679D09B5A3798BF457A0B385512F81AA76B1CA3CD80186F0
                                                                            Function 007E3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: 9cdb24ab57ee2d66a88d578fc3cb559b09a81f302ffec679f242f051037c038a
                                                                            • Instruction ID: 9fac118bfbabbf2e9f875c06f57fba4abcd4b713562dcc3be7837c1025fb3c69
                                                                            • Opcode Fuzzy Hash: 9cdb24ab57ee2d66a88d578fc3cb559b09a81f302ffec679f242f051037c038a
                                                                            • Instruction Fuzzy Hash: 26E065321032A4ABE63126A79D0DB9A3759AB867B0F190123BC1597691DB2DDD0182F1
                                                                            Function 007B4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FreeLibrary.KERNEL32(?,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4F6D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FreeLibrary
                                                                            • String ID:
                                                                            • API String ID: 3664257935-0
                                                                            • Opcode ID: 39da7279b185725aab6ba2d80a57a8d5b1770773a7b243db8621b95d806bdb3d
                                                                            • Instruction ID: db4ad80747efecfdadd3329c095c3d8defde3b3c0a65fe3ae13450e5a87b7cef
                                                                            • Opcode Fuzzy Hash: 39da7279b185725aab6ba2d80a57a8d5b1770773a7b243db8621b95d806bdb3d
                                                                            • Instruction Fuzzy Hash: D4F03971505752CFDB349F64D494AA2BBF4FF14329328897EE1EA83622C7399844DF10
                                                                            Function 007B30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 007B314E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconNotifyShell_
                                                                            • String ID:
                                                                            • API String ID: 1144537725-0
                                                                            • Opcode ID: 62e9eec14f0dde55a2f273c9b18f82b81c6839c8a2e3b72a52ec1084ff2faaa9
                                                                            • Instruction ID: d3a3a4d931ad5432b3029dbc190efe177d839bb227aeda24295183e75ee7da3d
                                                                            • Opcode Fuzzy Hash: 62e9eec14f0dde55a2f273c9b18f82b81c6839c8a2e3b72a52ec1084ff2faaa9
                                                                            • Instruction Fuzzy Hash: 99F037709143189FEB529B28DC4A7D57BBCB701708F0000E5A54896292DB785789CF51
                                                                            Function 007B2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 007B2DC4
                                                                              • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LongNamePath_wcslen
                                                                            • String ID:
                                                                            • API String ID: 541455249-0
                                                                            • Opcode ID: 6cf9934e50a66d46a1edf6523045a476b49e83081b569989b97c762570c74d9f
                                                                            • Instruction ID: b3f7c9bbff3f365484ad9ca56525ff18cf532009276b01c8933a953149444733
                                                                            • Opcode Fuzzy Hash: 6cf9934e50a66d46a1edf6523045a476b49e83081b569989b97c762570c74d9f
                                                                            • Instruction Fuzzy Hash: 29E0CD766011249BC71092589C09FEA77EDDFC8790F040071FE09D7248DAA4AD80C550
                                                                            Function 007B2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 007B3908
                                                                              • Part of subcall function 007BD730: GetInputState.USER32 ref: 007BD807
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 007B2B6B
                                                                              • Part of subcall function 007B30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 007B314E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                            • String ID:
                                                                            • API String ID: 3667716007-0
                                                                            • Opcode ID: 239cf67fbfeae930ab4691ac15a90aec66e9909731f19716ef892bece4d87d15
                                                                            • Instruction ID: b560895cf7c5647bce0ec895f962b894b6cb2d3b75af866a4e33fb29ee46d7d2
                                                                            • Opcode Fuzzy Hash: 239cf67fbfeae930ab4691ac15a90aec66e9909731f19716ef892bece4d87d15
                                                                            • Instruction Fuzzy Hash: 27E0863130424486CA04BBB4985E7EDA75EABD1751F40153EF24283163DE2D498A8352
                                                                            Function 007F039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(00000000,00000000,?,007F0704,?,?,00000000,?,007F0704,00000000,0000000C), ref: 007F03B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: 863bca47567c81481c8770c676942e9efd103e18faa43f2b984bc456a4368d84
                                                                            • Instruction ID: 754634fb71f6034882e362a0cc5cb08bfc37607b2adb99d32f34c98cb0075d29
                                                                            • Opcode Fuzzy Hash: 863bca47567c81481c8770c676942e9efd103e18faa43f2b984bc456a4368d84
                                                                            • Instruction Fuzzy Hash: FDD06C3204010DBBDF028F84DD06EDA3BAAFB48714F014000BE1856020C732E821EB90
                                                                            Function 007B1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 007B1CBC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: InfoParametersSystem
                                                                            • String ID:
                                                                            • API String ID: 3098949447-0
                                                                            • Opcode ID: be112453b1a50494ff87e7b10596b1d32751c5e35702e2d38d76967e7903fee9
                                                                            • Instruction ID: 0d648e9656b78ef6b0d63044c8c3925663222103df78edc5e0dfa631605da1d8
                                                                            • Opcode Fuzzy Hash: be112453b1a50494ff87e7b10596b1d32751c5e35702e2d38d76967e7903fee9
                                                                            • Instruction Fuzzy Hash: 02C0923A2C0304AFF6548B88FC4EF547768B348B00F048001F709A96E3C7A22820EB50

                                                                            Non-executed Functions

                                                                            Function 00849576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0084961A
                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0084965B
                                                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0084969F
                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008496C9
                                                                            • SendMessageW.USER32 ref: 008496F2
                                                                            • GetKeyState.USER32(00000011), ref: 0084978B
                                                                            • GetKeyState.USER32(00000009), ref: 00849798
                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 008497AE
                                                                            • GetKeyState.USER32(00000010), ref: 008497B8
                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008497E9
                                                                            • SendMessageW.USER32 ref: 00849810
                                                                            • SendMessageW.USER32(?,00001030,?,00847E95), ref: 00849918
                                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0084992E
                                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00849941
                                                                            • SetCapture.USER32(?), ref: 0084994A
                                                                            • ClientToScreen.USER32(?,?), ref: 008499AF
                                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 008499BC
                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008499D6
                                                                            • ReleaseCapture.USER32 ref: 008499E1
                                                                            • GetCursorPos.USER32(?), ref: 00849A19
                                                                            • ScreenToClient.USER32(?,?), ref: 00849A26
                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00849A80
                                                                            • SendMessageW.USER32 ref: 00849AAE
                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00849AEB
                                                                            • SendMessageW.USER32 ref: 00849B1A
                                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00849B3B
                                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00849B4A
                                                                            • GetCursorPos.USER32(?), ref: 00849B68
                                                                            • ScreenToClient.USER32(?,?), ref: 00849B75
                                                                            • GetParent.USER32(?), ref: 00849B93
                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00849BFA
                                                                            • SendMessageW.USER32 ref: 00849C2B
                                                                            • ClientToScreen.USER32(?,?), ref: 00849C84
                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00849CB4
                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00849CDE
                                                                            • SendMessageW.USER32 ref: 00849D01
                                                                            • ClientToScreen.USER32(?,?), ref: 00849D4E
                                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00849D82
                                                                              • Part of subcall function 007C9944: GetWindowLongW.USER32(?,000000EB), ref: 007C9952
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00849E05
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                            • String ID: @GUI_DRAGID$F
                                                                            • API String ID: 3429851547-4164748364
                                                                            • Opcode ID: 1e8a45da8b3bab601a96c25d6e683745d0a36805c0cca96be036a90e457de754
                                                                            • Instruction ID: a2b2a6dc32ec33dfe7574b9e76dc95a8f42d96c71219bd29a2cc688098abe6ca
                                                                            • Opcode Fuzzy Hash: 1e8a45da8b3bab601a96c25d6e683745d0a36805c0cca96be036a90e457de754
                                                                            • Instruction Fuzzy Hash: 0E427834204209AFDB60CF68CC88EABBBE9FF59314F114619F699C72A1E731A850CF51
                                                                            Function 00844873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 008448F3
                                                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00844908
                                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00844927
                                                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0084494B
                                                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0084495C
                                                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0084497B
                                                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 008449AE
                                                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 008449D4
                                                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00844A0F
                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00844A56
                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00844A7E
                                                                            • IsMenu.USER32(?), ref: 00844A97
                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00844AF2
                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00844B20
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00844B94
                                                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00844BE3
                                                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00844C82
                                                                            • wsprintfW.USER32 ref: 00844CAE
                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00844CC9
                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 00844CF1
                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00844D13
                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00844D33
                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 00844D5A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                            • String ID: %d/%02d/%02d
                                                                            • API String ID: 4054740463-328681919
                                                                            • Opcode ID: c7001fa924dbed8776ac438ab7a34a32543d59433d6359c4e68698e4f511d6c6
                                                                            • Instruction ID: 2d76dbcbfb1c467eaede8a8a6eebf3288cd8e3f7bdd12fba6de3ce3e65db71d8
                                                                            • Opcode Fuzzy Hash: c7001fa924dbed8776ac438ab7a34a32543d59433d6359c4e68698e4f511d6c6
                                                                            • Instruction Fuzzy Hash: 4B12ED71A00618ABEB249F28CC49FAE7BF8FF45714F105129F916EB2E1DB789941CB50
                                                                            Function 007CF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 007CF998
                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0080F474
                                                                            • IsIconic.USER32(00000000), ref: 0080F47D
                                                                            • ShowWindow.USER32(00000000,00000009), ref: 0080F48A
                                                                            • SetForegroundWindow.USER32(00000000), ref: 0080F494
                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0080F4AA
                                                                            • GetCurrentThreadId.KERNEL32 ref: 0080F4B1
                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0080F4BD
                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0080F4CE
                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0080F4D6
                                                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0080F4DE
                                                                            • SetForegroundWindow.USER32(00000000), ref: 0080F4E1
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F4F6
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0080F501
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F50B
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0080F510
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F519
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0080F51E
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0080F528
                                                                            • keybd_event.USER32(00000012,00000000), ref: 0080F52D
                                                                            • SetForegroundWindow.USER32(00000000), ref: 0080F530
                                                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0080F557
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                            • String ID: Shell_TrayWnd
                                                                            • API String ID: 4125248594-2988720461
                                                                            • Opcode ID: 41aaca6f352644f508968b125e64c89777d2f0a14f8677a0544ec519bbcc793c
                                                                            • Instruction ID: 8f1286e31ad4cc59d2319fa426ea0de351e031c5736c12bdc7ecc7a262a87d08
                                                                            • Opcode Fuzzy Hash: 41aaca6f352644f508968b125e64c89777d2f0a14f8677a0544ec519bbcc793c
                                                                            • Instruction Fuzzy Hash: BC315E75A41218BBEB706BB55C4AFBF7E6CFB45B50F114029FA05E61D2C6B06D00EAA0
                                                                            Function 00811201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 008116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0081170D
                                                                              • Part of subcall function 008116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0081173A
                                                                              • Part of subcall function 008116C3: GetLastError.KERNEL32 ref: 0081174A
                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00811286
                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 008112A8
                                                                            • CloseHandle.KERNEL32(?), ref: 008112B9
                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 008112D1
                                                                            • GetProcessWindowStation.USER32 ref: 008112EA
                                                                            • SetProcessWindowStation.USER32(00000000), ref: 008112F4
                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00811310
                                                                              • Part of subcall function 008110BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008111FC), ref: 008110D4
                                                                              • Part of subcall function 008110BF: CloseHandle.KERNEL32(?,?,008111FC), ref: 008110E9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                            • String ID: $default$winsta0
                                                                            • API String ID: 22674027-1027155976
                                                                            • Opcode ID: c801a8b4b328a57a589f3a9a78510020c1a86f2eff867fc82439f94e02073dca
                                                                            • Instruction ID: c7241843eba24ea5ca14d90ddefd302ada9300f71624874dfec6e8beff8b884e
                                                                            • Opcode Fuzzy Hash: c801a8b4b328a57a589f3a9a78510020c1a86f2eff867fc82439f94e02073dca
                                                                            • Instruction Fuzzy Hash: 9F818D71900209ABDF109FA8DC4DBEE7BBEFF05B04F144129FA10E62A0D7758984CB25
                                                                            Function 00810B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00811114
                                                                              • Part of subcall function 008110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811120
                                                                              • Part of subcall function 008110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 0081112F
                                                                              • Part of subcall function 008110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811136
                                                                              • Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0081114D
                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00810BCC
                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00810C00
                                                                            • GetLengthSid.ADVAPI32(?), ref: 00810C17
                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00810C51
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00810C6D
                                                                            • GetLengthSid.ADVAPI32(?), ref: 00810C84
                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00810C8C
                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00810C93
                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00810CB4
                                                                            • CopySid.ADVAPI32(00000000), ref: 00810CBB
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00810CEA
                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00810D0C
                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00810D1E
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810D45
                                                                            • HeapFree.KERNEL32(00000000), ref: 00810D4C
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810D55
                                                                            • HeapFree.KERNEL32(00000000), ref: 00810D5C
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810D65
                                                                            • HeapFree.KERNEL32(00000000), ref: 00810D6C
                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00810D78
                                                                            • HeapFree.KERNEL32(00000000), ref: 00810D7F
                                                                              • Part of subcall function 00811193: GetProcessHeap.KERNEL32(00000008,00810BB1,?,00000000,?,00810BB1,?), ref: 008111A1
                                                                              • Part of subcall function 00811193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00810BB1,?), ref: 008111A8
                                                                              • Part of subcall function 00811193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00810BB1,?), ref: 008111B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                            • String ID:
                                                                            • API String ID: 4175595110-0
                                                                            • Opcode ID: d1799a26887fade3429e3cdb037bee204b548328eb4c2cd62acf4434b849098c
                                                                            • Instruction ID: 8b09cbb75c6769ae384a2d5dc96db1eb726c9f5735e92be48380aaf8011057e9
                                                                            • Opcode Fuzzy Hash: d1799a26887fade3429e3cdb037bee204b548328eb4c2cd62acf4434b849098c
                                                                            • Instruction Fuzzy Hash: A4715CB690120AABDF10DFA4EC48BEEBBBCFF05300F144615E915E6191D7B5A985CFA0
                                                                            Function 0082EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • OpenClipboard.USER32(0084CC08), ref: 0082EB29
                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 0082EB37
                                                                            • GetClipboardData.USER32(0000000D), ref: 0082EB43
                                                                            • CloseClipboard.USER32 ref: 0082EB4F
                                                                            • GlobalLock.KERNEL32(00000000), ref: 0082EB87
                                                                            • CloseClipboard.USER32 ref: 0082EB91
                                                                            • GlobalUnlock.KERNEL32(00000000,00000000), ref: 0082EBBC
                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 0082EBC9
                                                                            • GetClipboardData.USER32(00000001), ref: 0082EBD1
                                                                            • GlobalLock.KERNEL32(00000000), ref: 0082EBE2
                                                                            • GlobalUnlock.KERNEL32(00000000,?), ref: 0082EC22
                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 0082EC38
                                                                            • GetClipboardData.USER32(0000000F), ref: 0082EC44
                                                                            • GlobalLock.KERNEL32(00000000), ref: 0082EC55
                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0082EC77
                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0082EC94
                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0082ECD2
                                                                            • GlobalUnlock.KERNEL32(00000000,?,?), ref: 0082ECF3
                                                                            • CountClipboardFormats.USER32 ref: 0082ED14
                                                                            • CloseClipboard.USER32 ref: 0082ED59
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                            • String ID:
                                                                            • API String ID: 420908878-0
                                                                            • Opcode ID: 1d98e9f0f2eff1943ea2fc5d60627db7539f5ec9868f9768dbc750fd3e35d347
                                                                            • Instruction ID: 70d26ad48a605bd91c8d96eeaf04639676e02377722b521ce965b4de1a8722eb
                                                                            • Opcode Fuzzy Hash: 1d98e9f0f2eff1943ea2fc5d60627db7539f5ec9868f9768dbc750fd3e35d347
                                                                            • Instruction Fuzzy Hash: 3C61EE38204301AFD300EF24E888F6ABBA8FF85714F14441DF956D72A2CB75E985CB66
                                                                            Function 0082698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 008269BE
                                                                            • FindClose.KERNEL32(00000000), ref: 00826A12
                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00826A4E
                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00826A75
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00826AB2
                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00826ADF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                            • API String ID: 3830820486-3289030164
                                                                            • Opcode ID: daa5dd59ef565ac3564eae9c7c897fad44d51b0add3f2f8fc8d83dd560099b59
                                                                            • Instruction ID: ed90acc4aeb2a21a10b72b3fc399f026b19da73d77c2113dcdb23d7b4317ce26
                                                                            • Opcode Fuzzy Hash: daa5dd59ef565ac3564eae9c7c897fad44d51b0add3f2f8fc8d83dd560099b59
                                                                            • Instruction Fuzzy Hash: FCD15172508350EFC314EBA4D885EABB7ECBF88704F04491DF699D6191EB78DA44CB62
                                                                            Function 00829642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00829663
                                                                            • GetFileAttributesW.KERNEL32(?), ref: 008296A1
                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 008296BB
                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 008296D3
                                                                            • FindClose.KERNEL32(00000000), ref: 008296DE
                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 008296FA
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 0082974A
                                                                            • SetCurrentDirectoryW.KERNEL32(00876B7C), ref: 00829768
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00829772
                                                                            • FindClose.KERNEL32(00000000), ref: 0082977F
                                                                            • FindClose.KERNEL32(00000000), ref: 0082978F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                            • String ID: *.*
                                                                            • API String ID: 1409584000-438819550
                                                                            • Opcode ID: dd0f80fcafb6b06a82d5abcade86095e01ae9253bfbadce2d238f0f4904a830e
                                                                            • Instruction ID: a4eabb6f3b957525a1e0d0f1fca76b82c4190295822f59410e6870ee7d641fc0
                                                                            • Opcode Fuzzy Hash: dd0f80fcafb6b06a82d5abcade86095e01ae9253bfbadce2d238f0f4904a830e
                                                                            • Instruction Fuzzy Hash: 4A31D3365016296FDB10AFB4EC48ADE77BCFF0A320F144156F955E2190EB74DD84CA14
                                                                            Function 0082979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 008297BE
                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00829819
                                                                            • FindClose.KERNEL32(00000000), ref: 00829824
                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00829840
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00829890
                                                                            • SetCurrentDirectoryW.KERNEL32(00876B7C), ref: 008298AE
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 008298B8
                                                                            • FindClose.KERNEL32(00000000), ref: 008298C5
                                                                            • FindClose.KERNEL32(00000000), ref: 008298D5
                                                                              • Part of subcall function 0081DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0081DB00
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                            • String ID: *.*
                                                                            • API String ID: 2640511053-438819550
                                                                            • Opcode ID: a748d0f29ed6b0314ecff41715ab36c61ab2c75d1eaf524cbb939a85339f79de
                                                                            • Instruction ID: 7e0e3106991e1674fe1058e4c1251df1acec521ed94aa7b3b2f577fc8bdef7eb
                                                                            • Opcode Fuzzy Hash: a748d0f29ed6b0314ecff41715ab36c61ab2c75d1eaf524cbb939a85339f79de
                                                                            • Instruction Fuzzy Hash: B531C3315016296FDB14EFB4EC48ADE77BCFF06330F184166E994E2290EB75D984CA24
                                                                            Function 0083BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
                                                                              • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
                                                                              • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
                                                                              • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083BF3E
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0083BFA9
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0083BFCD
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0083C02C
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0083C0E7
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0083C154
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0083C1E9
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0083C23A
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0083C2E3
                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0083C382
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0083C38F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                            • String ID:
                                                                            • API String ID: 3102970594-0
                                                                            • Opcode ID: 7d057924f4e77c972c78a88643201eb1dc8f7aa9f8623130f98910d5efd8cfad
                                                                            • Instruction ID: 5e2dfdf008dbd6dfe70dcdf02a6c6d47944671222260474cea57d0a48a30e435
                                                                            • Opcode Fuzzy Hash: 7d057924f4e77c972c78a88643201eb1dc8f7aa9f8623130f98910d5efd8cfad
                                                                            • Instruction Fuzzy Hash: A8020B716042009FD714DF28C895E2ABBE5FF89318F18849DF84ADB2A2DB35ED45CB91
                                                                            Function 00828195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLocalTime.KERNEL32(?), ref: 00828257
                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00828267
                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00828273
                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00828310
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00828324
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00828356
                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0082838C
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00828395
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                            • String ID: *.*
                                                                            • API String ID: 1464919966-438819550
                                                                            • Opcode ID: f367a6cad3911eea264db868a3cc08a5596261d8784aac0b1990c7e6ae2c03b7
                                                                            • Instruction ID: dea6c7f11a398fcb72b7037e5e2bc77df8fc9faa8ef28f06cf2e392f1f438c6f
                                                                            • Opcode Fuzzy Hash: f367a6cad3911eea264db868a3cc08a5596261d8784aac0b1990c7e6ae2c03b7
                                                                            • Instruction Fuzzy Hash: 99614972504315DFCB10EF64D848AAEB3E8FF89314F04891AF999C7251EB35E985CB92
                                                                            Function 0081D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2
                                                                              • Part of subcall function 0081E199: GetFileAttributesW.KERNEL32(?,0081CF95), ref: 0081E19A
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0081D122
                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0081D1DD
                                                                            • MoveFileW.KERNEL32(?,?), ref: 0081D1F0
                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0081D20D
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0081D237
                                                                              • Part of subcall function 0081D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0081D21C,?,?), ref: 0081D2B2
                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 0081D253
                                                                            • FindClose.KERNEL32(00000000), ref: 0081D264
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                            • String ID: \*.*
                                                                            • API String ID: 1946585618-1173974218
                                                                            • Opcode ID: 161cfc07d4372b4f91d790e984c96cab9b67171a26ec4324f677fbaa3a429048
                                                                            • Instruction ID: e49f302a25271c7ac3816de4f1782a724c02ec216c230a78ba32f49f66f75e14
                                                                            • Opcode Fuzzy Hash: 161cfc07d4372b4f91d790e984c96cab9b67171a26ec4324f677fbaa3a429048
                                                                            • Instruction Fuzzy Hash: 4A617B3180120DABCF05EBE4D996AEDB7B9FF15300F204165E512B7191EB34AF89CB61
                                                                            Function 0082ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                            • String ID:
                                                                            • API String ID: 1737998785-0
                                                                            • Opcode ID: 3bcd0783a50432ccf3d0753468cd39f40426e13fffae51f504e4fffc7c0f9ee6
                                                                            • Instruction ID: 3ff1f48c32f14d47a0e6de395c9607a1fd91ef17d9bb7008202ec32c13f61d73
                                                                            • Opcode Fuzzy Hash: 3bcd0783a50432ccf3d0753468cd39f40426e13fffae51f504e4fffc7c0f9ee6
                                                                            • Instruction Fuzzy Hash: FC419D39205621AFD720DF19E888B29BBE5FF45318F15C099E419CB762C779EC81CB94
                                                                            Function 0081E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 008116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0081170D
                                                                              • Part of subcall function 008116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0081173A
                                                                              • Part of subcall function 008116C3: GetLastError.KERNEL32 ref: 0081174A
                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 0081E932
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                            • API String ID: 2234035333-3163812486
                                                                            • Opcode ID: cb0c26ebf1a2fffccbd555dfa1ff09c2477707705d2a957453906c707ef07568
                                                                            • Instruction ID: f05e902cbe1d76b5fab7efaa79a9f1252d2d62bb1f6d34d90c7d2a4b6a704466
                                                                            • Opcode Fuzzy Hash: cb0c26ebf1a2fffccbd555dfa1ff09c2477707705d2a957453906c707ef07568
                                                                            • Instruction Fuzzy Hash: 2A014932A10315ABEB5426B8AC8AFFF765CFF18744F150422FD13E21D1D6A55CC085A0
                                                                            Function 00831204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00831276
                                                                            • WSAGetLastError.WSOCK32 ref: 00831283
                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 008312BA
                                                                            • WSAGetLastError.WSOCK32 ref: 008312C5
                                                                            • closesocket.WSOCK32(00000000), ref: 008312F4
                                                                            • listen.WSOCK32(00000000,00000005), ref: 00831303
                                                                            • WSAGetLastError.WSOCK32 ref: 0083130D
                                                                            • closesocket.WSOCK32(00000000), ref: 0083133C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                                            • String ID:
                                                                            • API String ID: 540024437-0
                                                                            • Opcode ID: 29a7206ac2e6b3cc96c30922d75d707f2dd61475ed1625ae6a819706081f3637
                                                                            • Instruction ID: 1d610b6c898d3fec574b7a19f6f0ba50f2cf742c680a281f7d56ebe111381221
                                                                            • Opcode Fuzzy Hash: 29a7206ac2e6b3cc96c30922d75d707f2dd61475ed1625ae6a819706081f3637
                                                                            • Instruction Fuzzy Hash: 02417F356001009FDB10DF64C488B6ABBE5FF86718F188198E856DF296C775ED81CBE1
                                                                            Function 0081D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2
                                                                              • Part of subcall function 0081E199: GetFileAttributesW.KERNEL32(?,0081CF95), ref: 0081E19A
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0081D420
                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0081D470
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0081D481
                                                                            • FindClose.KERNEL32(00000000), ref: 0081D498
                                                                            • FindClose.KERNEL32(00000000), ref: 0081D4A1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                            • String ID: \*.*
                                                                            • API String ID: 2649000838-1173974218
                                                                            • Opcode ID: 668c281f38bdd11c30c64302713d9bd508da6a8178a1e134c198521e0c9b8287
                                                                            • Instruction ID: 46a68ffa8539213f2c77d5263a435ddde62a08f5216d3627c91567542c066943
                                                                            • Opcode Fuzzy Hash: 668c281f38bdd11c30c64302713d9bd508da6a8178a1e134c198521e0c9b8287
                                                                            • Instruction Fuzzy Hash: 3A319C71009355ABC300EF64C899AEFB7ECBE92304F444A1DF5E593191EB34AA49CB67
                                                                            Function 007EE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __floor_pentium4
                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                            • API String ID: 4168288129-2761157908
                                                                            • Opcode ID: bc57be55b44c0240b66c3747f25bed99f292ed244f8c71cab34a3e7298901e05
                                                                            • Instruction ID: ff0a9df85205f84eb1eb104872bac5011a686f8a6c19bdb6e1503f1d18d1af3d
                                                                            • Opcode Fuzzy Hash: bc57be55b44c0240b66c3747f25bed99f292ed244f8c71cab34a3e7298901e05
                                                                            • Instruction Fuzzy Hash: B0C27B72E066688FDB25CF29CD407EAB7B5EB48305F1445EAD84DE7241E778AE818F40
                                                                            Function 0082648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 008264DC
                                                                            • CoInitialize.OLE32(00000000), ref: 00826639
                                                                            • CoCreateInstance.OLE32(0084FCF8,00000000,00000001,0084FB68,?), ref: 00826650
                                                                            • CoUninitialize.OLE32 ref: 008268D4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                            • String ID: .lnk
                                                                            • API String ID: 886957087-24824748
                                                                            • Opcode ID: f893096d4e7322b891f1f0eef19796161fb3015edb03fc595b929e2a869b9737
                                                                            • Instruction ID: 4677cc5c1f57fbde6181ca4938c1c62aecb4db10334f93fadb96429c1f53431a
                                                                            • Opcode Fuzzy Hash: f893096d4e7322b891f1f0eef19796161fb3015edb03fc595b929e2a869b9737
                                                                            • Instruction Fuzzy Hash: C8D15871508211AFC304EF24C885AABB7E8FF98704F14496DF595CB2A1EB34ED45CBA2
                                                                            Function 008322DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 008322E8
                                                                              • Part of subcall function 0082E4EC: GetWindowRect.USER32(?,?), ref: 0082E504
                                                                            • GetDesktopWindow.USER32 ref: 00832312
                                                                            • GetWindowRect.USER32(00000000), ref: 00832319
                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00832355
                                                                            • GetCursorPos.USER32(?), ref: 00832381
                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 008323DF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                            • String ID:
                                                                            • API String ID: 2387181109-0
                                                                            • Opcode ID: f06ed5bdcac63c6205850c3c8191deb3677bd4343c5f01638555030887f8093e
                                                                            • Instruction ID: 946e2557c38b3416bf38cb2bbc364231dc1a472b907eadae8f6ae49a9e72cdea
                                                                            • Opcode Fuzzy Hash: f06ed5bdcac63c6205850c3c8191deb3677bd4343c5f01638555030887f8093e
                                                                            • Instruction Fuzzy Hash: 6C31EB72505315ABD720DF18C848A9BBBADFFC9314F000A19F985D7291DB34EA08CBD2
                                                                            Function 00829B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00829B78
                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00829C8B
                                                                              • Part of subcall function 00823874: GetInputState.USER32 ref: 008238CB
                                                                              • Part of subcall function 00823874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00823966
                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00829BA8
                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00829C75
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                            • String ID: *.*
                                                                            • API String ID: 1972594611-438819550
                                                                            • Opcode ID: 8d6dd3521b0e469653de16e939843667445395c3c7d063fb045469a66e6013e0
                                                                            • Instruction ID: 4a4664865148f167111ad4607857d5179e4b70d8b033192ae8a2877702140989
                                                                            • Opcode Fuzzy Hash: 8d6dd3521b0e469653de16e939843667445395c3c7d063fb045469a66e6013e0
                                                                            • Instruction Fuzzy Hash: 3F418E7190021AAFDF55DF64D889AEEBBB8FF05310F24405AE855E2291EB349E84CF60
                                                                            Function 007C997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 007C9A4E
                                                                            • GetSysColor.USER32(0000000F), ref: 007C9B23
                                                                            • SetBkColor.GDI32(?,00000000), ref: 007C9B36
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$LongProcWindow
                                                                            • String ID:
                                                                            • API String ID: 3131106179-0
                                                                            • Opcode ID: 25d334b42d0d155e1977b6d2f3a241c4b62233b5837774586cd6a0791387cd1b
                                                                            • Instruction ID: 250f5027b649dc180fd2d61af20620e28a309c606707483054bb19aef8032d35
                                                                            • Opcode Fuzzy Hash: 25d334b42d0d155e1977b6d2f3a241c4b62233b5837774586cd6a0791387cd1b
                                                                            • Instruction Fuzzy Hash: 27A127B1609444BEE7B5AA2C8C4DF7F2B9DFB42340B15811DF212D66D1CA29AD01D376
                                                                            Function 00831806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0083304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0083307A
                                                                              • Part of subcall function 0083304E: _wcslen.LIBCMT ref: 0083309B
                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0083185D
                                                                            • WSAGetLastError.WSOCK32 ref: 00831884
                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 008318DB
                                                                            • WSAGetLastError.WSOCK32 ref: 008318E6
                                                                            • closesocket.WSOCK32(00000000), ref: 00831915
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                            • String ID:
                                                                            • API String ID: 1601658205-0
                                                                            • Opcode ID: d643066a3f3dfbbcfcfef5ab8d7823a607e92763bd3d5455d51584a6bad5b97c
                                                                            • Instruction ID: 908772a10ccc822ab6519cbdc44b03cba4dc68ec11ef0de54987b4f9a4fd0b4f
                                                                            • Opcode Fuzzy Hash: d643066a3f3dfbbcfcfef5ab8d7823a607e92763bd3d5455d51584a6bad5b97c
                                                                            • Instruction Fuzzy Hash: BC519175A00200AFDB10AF24C88AF6A77E5EB85718F08849CF9069F393C775AD41CBE1
                                                                            Function 00841C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                            • String ID:
                                                                            • API String ID: 292994002-0
                                                                            • Opcode ID: eaa3a7f3fcdbe3e69c1735bdcd48ac49dffe81db14292d2135ea042a598253d6
                                                                            • Instruction ID: b6cf2a1207dfd86d62ba0327f0e5ecbda89ab54a4ea887ae4226030dd16777e2
                                                                            • Opcode Fuzzy Hash: eaa3a7f3fcdbe3e69c1735bdcd48ac49dffe81db14292d2135ea042a598253d6
                                                                            • Instruction Fuzzy Hash: 5C21D3317412159FDB208F1ADC88B6A7BE9FF95315B198058E84ACB351C775DC82CB90
                                                                            Function 007B8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                            • API String ID: 0-1546025612
                                                                            • Opcode ID: 4e26d3e98fa97253bf5ee3e623b83e6f72ca883769504f5c79c6217fe26746d2
                                                                            • Instruction ID: a935b0329c206711c9a0025703c797e44efb9536168389ab3c51ab5513a98be9
                                                                            • Opcode Fuzzy Hash: 4e26d3e98fa97253bf5ee3e623b83e6f72ca883769504f5c79c6217fe26746d2
                                                                            • Instruction Fuzzy Hash: 8CA24A70A0021ECBDF64CF58C8407FDB7B5BB54314F2481AAEA15AB385EB789D81DB91
                                                                            Function 0081AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0081AAAC
                                                                            • SetKeyboardState.USER32(00000080), ref: 0081AAC8
                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0081AB36
                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0081AB88
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                            • String ID:
                                                                            • API String ID: 432972143-0
                                                                            • Opcode ID: 595f3f1a9d7b8a444da205aa039bcf3af491694b3e74a3d8ac1a3cd6b893f401
                                                                            • Instruction ID: c888791674a9e236ec8f1967d991f9ed7eb46355b3642917957b297c6a71b242
                                                                            • Opcode Fuzzy Hash: 595f3f1a9d7b8a444da205aa039bcf3af491694b3e74a3d8ac1a3cd6b893f401
                                                                            • Instruction Fuzzy Hash: 66312570A46288AEEB38CA68CC05BFA7BAEFF55330F04421AF081D21D1D37589C1C762
                                                                            Function 007EBB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _free.LIBCMT ref: 007EBB7F
                                                                              • Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
                                                                              • Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0
                                                                            • GetTimeZoneInformation.KERNEL32 ref: 007EBB91
                                                                            • WideCharToMultiByte.KERNEL32(00000000,?,0088121C,000000FF,?,0000003F,?,?), ref: 007EBC09
                                                                            • WideCharToMultiByte.KERNEL32(00000000,?,00881270,000000FF,?,0000003F,?,?,?,0088121C,000000FF,?,0000003F,?,?), ref: 007EBC36
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                            • String ID:
                                                                            • API String ID: 806657224-0
                                                                            • Opcode ID: c6865c5d94ada38534294776684d01a3b469161e2e2a9aff7a3b85d23a3539b8
                                                                            • Instruction ID: 5fe1aabd7d025a8043cc766793f5e1ddcd020e1f17c44333d3771d6bf617c662
                                                                            • Opcode Fuzzy Hash: c6865c5d94ada38534294776684d01a3b469161e2e2a9aff7a3b85d23a3539b8
                                                                            • Instruction Fuzzy Hash: 2031B270909285DFCB11DF6ADC8586ABFBCFF49750B24426AE060D72B1DB349D02CB60
                                                                            Function 0082CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 0082CE89
                                                                            • GetLastError.KERNEL32(?,00000000), ref: 0082CEEA
                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 0082CEFE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                            • String ID:
                                                                            • API String ID: 234945975-0
                                                                            • Opcode ID: 178b6b28b62f1882852aed5dcf1e4e69b92e8834a4f05b4c9d982a0236625ccb
                                                                            • Instruction ID: 6f6587535dbbc486be53583dfd6afe318078846b70efbf08eff17e4576e6b68f
                                                                            • Opcode Fuzzy Hash: 178b6b28b62f1882852aed5dcf1e4e69b92e8834a4f05b4c9d982a0236625ccb
                                                                            • Instruction Fuzzy Hash: 9221BDB5500715EBDB20DFA5E948BAABBFCFB10358F10441EE546D2251EBB4EE84CB60
                                                                            Function 00818298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 008182AA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: lstrlen
                                                                            • String ID: ($|
                                                                            • API String ID: 1659193697-1631851259
                                                                            • Opcode ID: d6ae90395ee45484e27afbd9b5a1d75dd5731fabd0038ce3bcbf77aa9f396867
                                                                            • Instruction ID: 5eaab2fcd789cc79e39935a399d08f09eba5375629fe6b5693ed5cfe750dcbfb
                                                                            • Opcode Fuzzy Hash: d6ae90395ee45484e27afbd9b5a1d75dd5731fabd0038ce3bcbf77aa9f396867
                                                                            • Instruction Fuzzy Hash: F2323674A00605DFC728CF59C481AAAB7F4FF48710B15C56EE59ADB3A1EB70E981CB40
                                                                            Function 00825C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00825CC1
                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00825D17
                                                                            • FindClose.KERNEL32(?), ref: 00825D5F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$CloseFirstNext
                                                                            • String ID:
                                                                            • API String ID: 3541575487-0
                                                                            • Opcode ID: 5feb721cd0d2887cc0e539f5560e984ec56bd50ed11870745d78fa531f533505
                                                                            • Instruction ID: 6df17040c9e66a1c8680cb9c55f272c90e0555d0cbd79a566c0745b7dcbe5cce
                                                                            • Opcode Fuzzy Hash: 5feb721cd0d2887cc0e539f5560e984ec56bd50ed11870745d78fa531f533505
                                                                            • Instruction Fuzzy Hash: B751A835600A019FC314CF28D498A9AB7E4FF09324F14856EE95ACB3A2DB30ED44CB91
                                                                            Function 007E2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsDebuggerPresent.KERNEL32 ref: 007E271A
                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 007E2724
                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 007E2731
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                            • String ID:
                                                                            • API String ID: 3906539128-0
                                                                            • Opcode ID: f68e90561578566727a515d9ac1b0daa53820a25b9be3f7011eae8c659cc66e2
                                                                            • Instruction ID: 5d86e878b77766ebb493418cda938315fa509f17597ee868deb348b428ef05e6
                                                                            • Opcode Fuzzy Hash: f68e90561578566727a515d9ac1b0daa53820a25b9be3f7011eae8c659cc66e2
                                                                            • Instruction Fuzzy Hash: E731B5749112189BCB21DF65DC8979DB7B8BF08310F5051EAE41CA7261E7749F818F45
                                                                            Function 008251CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 008251DA
                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00825238
                                                                            • SetErrorMode.KERNEL32(00000000), ref: 008252A1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$DiskFreeSpace
                                                                            • String ID:
                                                                            • API String ID: 1682464887-0
                                                                            • Opcode ID: 2b0692dae3f1f9ce0686b25e9d852877d35d938df9b19c9199f5fa9b128b322b
                                                                            • Instruction ID: c4de5d7ea6e1350daeb794baad217fa1f8004e41ff578703a452271caeb71127
                                                                            • Opcode Fuzzy Hash: 2b0692dae3f1f9ce0686b25e9d852877d35d938df9b19c9199f5fa9b128b322b
                                                                            • Instruction Fuzzy Hash: 59314C75A00618DFDB00DF54D888FADBBB4FF49314F188099E805AB3A2DB35E855CBA0
                                                                            Function 008116C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007CFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007D0668
                                                                              • Part of subcall function 007CFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 007D0685
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0081170D
                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0081173A
                                                                            • GetLastError.KERNEL32 ref: 0081174A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                            • String ID:
                                                                            • API String ID: 577356006-0
                                                                            • Opcode ID: 0bfc823786314b777ad8f0ea81c1ae94f34fa848e9eab74611b62b67b861bd68
                                                                            • Instruction ID: f7cd3a7242af2bcf2d2a55666ae5422cc402c3e67f6dbe3de8abae2f4addbac2
                                                                            • Opcode Fuzzy Hash: 0bfc823786314b777ad8f0ea81c1ae94f34fa848e9eab74611b62b67b861bd68
                                                                            • Instruction Fuzzy Hash: 551191B2514309AFD7189F54DC8AEAAB7FDFF44714B20852EE05697291EB70BC81CA60
                                                                            Function 0081D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0081D608
                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0081D645
                                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0081D650
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                            • String ID:
                                                                            • API String ID: 33631002-0
                                                                            • Opcode ID: 319d748bb5250c71a25b3e58894f324e38fe24736270b03d370dfbf4277e347b
                                                                            • Instruction ID: f3f2bb63242efa200f1e517f08d0b503c876247f0c0a7397c7dc75484ce963fd
                                                                            • Opcode Fuzzy Hash: 319d748bb5250c71a25b3e58894f324e38fe24736270b03d370dfbf4277e347b
                                                                            • Instruction Fuzzy Hash: 6D113C75E05228BBDB208F95AC45FAFBBBCFB45B50F108115F904E7290D6B05A058BA1
                                                                            Function 00811663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0081168C
                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 008116A1
                                                                            • FreeSid.ADVAPI32(?), ref: 008116B1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                            • String ID:
                                                                            • API String ID: 3429775523-0
                                                                            • Opcode ID: 94dff07213445ce5295e3b454c0b67d7a673cc707522e444821643eb7e9a5e2f
                                                                            • Instruction ID: 08d28467e565838e88e6f329e6d717e97354cf708979bf115c6e85bb70eed289
                                                                            • Opcode Fuzzy Hash: 94dff07213445ce5295e3b454c0b67d7a673cc707522e444821643eb7e9a5e2f
                                                                            • Instruction Fuzzy Hash: 03F0F475A51309FBDF00DFE49C89AAEBBBCFB08605F504965E501E2181E774AA448A54
                                                                            Function 0080D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 0080D28C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: NameUser
                                                                            • String ID: X64
                                                                            • API String ID: 2645101109-893830106
                                                                            • Opcode ID: 8998da5bf2991af5f2767e73466c3d83431398e75e884cddccf48fd72909cc2b
                                                                            • Instruction ID: cc6a150767ee1976015c787b84510d26dad30c984967cd4fba8fc478e37ba1a9
                                                                            • Opcode Fuzzy Hash: 8998da5bf2991af5f2767e73466c3d83431398e75e884cddccf48fd72909cc2b
                                                                            • Instruction Fuzzy Hash: 6DD0C9B480211DEBCB90CB90DC88DD9B37CBB14305F100155F106E2040D77495488F10
                                                                            Function 007DCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                            • Instruction ID: 887e2f7fe43384356b54a913814697f260e245b0739f1c841e5ba9d30cee4775
                                                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                            • Instruction Fuzzy Hash: 01022E72E0011A9FDF15CFA9C9806ADFBF1EF48314F25826AD919E7384D735A941CB90
                                                                            Function 008268EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00826918
                                                                            • FindClose.KERNEL32(00000000), ref: 00826961
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$CloseFileFirst
                                                                            • String ID:
                                                                            • API String ID: 2295610775-0
                                                                            • Opcode ID: d4008379dc71207df22c81a74ea5ca8931991878c9caed257a498b8bf5e93bb0
                                                                            • Instruction ID: 8d9f7b6728609dea5a29e02c43d6058468cee4ae1b73bef59749d778be6a30b3
                                                                            • Opcode Fuzzy Hash: d4008379dc71207df22c81a74ea5ca8931991878c9caed257a498b8bf5e93bb0
                                                                            • Instruction Fuzzy Hash: 6E11D0356042109FC710CF29D488A26BBE4FF85328F04C699F4698F2A2DB74EC85CB90
                                                                            Function 008237B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00834891,?,?,00000035,?), ref: 008237E4
                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00834891,?,?,00000035,?), ref: 008237F4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorFormatLastMessage
                                                                            • String ID:
                                                                            • API String ID: 3479602957-0
                                                                            • Opcode ID: bf92905cec17bc47c5f5f396646061b3c8abd7085f8e20571bffa2964c115564
                                                                            • Instruction ID: 0240b8c5be96d6e16e1d173495479ba12d2fcb4ac3bf872b37bc19bf9cff9491
                                                                            • Opcode Fuzzy Hash: bf92905cec17bc47c5f5f396646061b3c8abd7085f8e20571bffa2964c115564
                                                                            • Instruction Fuzzy Hash: 8CF0E5B46052286BEB6017B69C4DFEB3AAEFFC5761F000275F609D2291D9A09944C6B0
                                                                            Function 0081B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0081B25D
                                                                            • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 0081B270
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: InputSendkeybd_event
                                                                            • String ID:
                                                                            • API String ID: 3536248340-0
                                                                            • Opcode ID: 5db047f0597291159f2de79dea8ca5d0c18c9bf2f3ff2f60f4c04fb9cef8336a
                                                                            • Instruction ID: 7c6ee300b6d925419e4cad1608e8953ad65c99901dd41ff6ae06468f9a391c97
                                                                            • Opcode Fuzzy Hash: 5db047f0597291159f2de79dea8ca5d0c18c9bf2f3ff2f60f4c04fb9cef8336a
                                                                            • Instruction Fuzzy Hash: 44F01D7590424DABDB159FA4C805BEE7BB4FF05309F008009F955E6191C3798655DF94
                                                                            Function 008110BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008111FC), ref: 008110D4
                                                                            • CloseHandle.KERNEL32(?,?,008111FC), ref: 008110E9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                            • String ID:
                                                                            • API String ID: 81990902-0
                                                                            • Opcode ID: 8acd8b9fe8228e3fbe09e7bb375cd6c6e21ee067118e2a098458220658e6f66a
                                                                            • Instruction ID: da4ea6254f5ed1069c50aabcededfb4646f32e9f73926cff854c1498d39e5e1c
                                                                            • Opcode Fuzzy Hash: 8acd8b9fe8228e3fbe09e7bb375cd6c6e21ee067118e2a098458220658e6f66a
                                                                            • Instruction Fuzzy Hash: E1E0BF76115A10EEE7652F51FC09F7777ADFF05310B14882EF5A6804B1DB626C90DB50
                                                                            Function 007BCAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • Variable is not of type 'Object'., xrefs: 00800C40
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Variable is not of type 'Object'.
                                                                            • API String ID: 0-1840281001
                                                                            • Opcode ID: 0737545edb8471297625bae86863010f95fe8268c84d6ab0aac056d78fd80f44
                                                                            • Instruction ID: 24e2820227c6b8a1d3c4fdf88ff481ce9e6762616b0c1629da2b38e240bfb3cc
                                                                            • Opcode Fuzzy Hash: 0737545edb8471297625bae86863010f95fe8268c84d6ab0aac056d78fd80f44
                                                                            • Instruction Fuzzy Hash: 3C329C74A00218DFDF15DF94C895BEDBBB5FF05304F248069E806AB292DB79AE45CB60
                                                                            Function 007E676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,007E6766,?,?,00000008,?,?,007EFEFE,00000000), ref: 007E6998
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionRaise
                                                                            • String ID:
                                                                            • API String ID: 3997070919-0
                                                                            • Opcode ID: 5ca036b4220c24f7424240c83599b118ca6fc22fbe4620ebff5dfae822c63a24
                                                                            • Instruction ID: 3afdcb59fc3100b23658443fa656ca690f740d629dd42764941fd857d91f3ac1
                                                                            • Opcode Fuzzy Hash: 5ca036b4220c24f7424240c83599b118ca6fc22fbe4620ebff5dfae822c63a24
                                                                            • Instruction Fuzzy Hash: B5B169716116488FD719CF29C48AB647BE0FF193A4F25C65CE899CF2A2C339E981CB40
                                                                            Function 007CB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID: 0-3916222277
                                                                            • Opcode ID: a78dbb6819c49db2e9e7052a271377b9271305f6dbbce470e46382db87fa63f1
                                                                            • Instruction ID: 66cdfa7cca44f0f9bc7b66500fdac595c8993bcf01a90416ba66c63356266075
                                                                            • Opcode Fuzzy Hash: a78dbb6819c49db2e9e7052a271377b9271305f6dbbce470e46382db87fa63f1
                                                                            • Instruction Fuzzy Hash: F9123E71900229DFDB54CF58C881BEEB7B5FF48710F15819AE849EB295EB349A81CF90
                                                                            Function 0082EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • BlockInput.USER32(00000001), ref: 0082EABD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BlockInput
                                                                            • String ID:
                                                                            • API String ID: 3456056419-0
                                                                            • Opcode ID: aa56408e5682c4cb4dbeaf8db820746673cd235f66a32d49cedb923d0559c82f
                                                                            • Instruction ID: 1dda23cd55a898d8b9141e4f57ee34f6e77e6bc6c0041d0528a3ea8aa1b0bc32
                                                                            • Opcode Fuzzy Hash: aa56408e5682c4cb4dbeaf8db820746673cd235f66a32d49cedb923d0559c82f
                                                                            • Instruction Fuzzy Hash: 2EE012752002149FC710DF59D404E9AB7EDFF69760F00841AFC4AC7251D674A8408B91
                                                                            Function 007D09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,007D03EE), ref: 007D09DA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterUnhandled
                                                                            • String ID:
                                                                            • API String ID: 3192549508-0
                                                                            • Opcode ID: eddd58dab075fd5e131effaa5bc80b888fcc747710d51c99b6f562efa945445e
                                                                            • Instruction ID: 0ed1eb06eb66f68bd871d8577a5c3774b430488172c0f00202e36d148d87abaf
                                                                            • Opcode Fuzzy Hash: eddd58dab075fd5e131effaa5bc80b888fcc747710d51c99b6f562efa945445e
                                                                            • Instruction Fuzzy Hash:
                                                                            Function 007D781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 0
                                                                            • API String ID: 0-4108050209
                                                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                            • Instruction ID: 524fc1e03a5d6f68f95409f4f15ad6012ac6d82fca642812d005cce6c09e7a18
                                                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                            • Instruction Fuzzy Hash: E451677260C7459BDB3C856888AE7BE67B99B52300F18050BD886DB382F61DEE41E356
                                                                            Function 007E6DD9 Relevance: .6, Instructions: 637COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cf789f8af10a6d13a9d3ec2a9702d2ad4439d26ada26f9f74d990df3287c30cc
                                                                            • Instruction ID: ba2920f483475723c66805b7642280a74f2461043f9b3179ad6762511c073cda
                                                                            • Opcode Fuzzy Hash: cf789f8af10a6d13a9d3ec2a9702d2ad4439d26ada26f9f74d990df3287c30cc
                                                                            • Instruction Fuzzy Hash: 05322322D2AF814DD7279635D8223356259BFBB3C6F14D737E81AB59A6EF2DC4838100
                                                                            Function 007CCC39 Relevance: .6, Instructions: 635COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3fb6ebf565cb25174ace8702e73a4b02b6677d437b689461c7150179e2648bd8
                                                                            • Instruction ID: fd448adea62279b9153319ff48474851b6d5eaa88ec86510d29cbf7b4d251a43
                                                                            • Opcode Fuzzy Hash: 3fb6ebf565cb25174ace8702e73a4b02b6677d437b689461c7150179e2648bd8
                                                                            • Instruction Fuzzy Hash: 51320232A041198BDF79CF29C894B7D7BA1FB45314F28826ED89ACB2D1D234DD81DB51
                                                                            Function 007B7920 Relevance: .6, Instructions: 563COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 521293262bbeafdb4d815ac79e479a4abd26691d79e3c04132e44ab9c30885a2
                                                                            • Instruction ID: da360f733b950ba6777d4032e7b28461b65de1e4ef6be1d49fea559222a024f3
                                                                            • Opcode Fuzzy Hash: 521293262bbeafdb4d815ac79e479a4abd26691d79e3c04132e44ab9c30885a2
                                                                            • Instruction Fuzzy Hash: 8A228EB0A04609DFDF14DF68D885BEEB7B6FF44300F204529E916AB391EB39A951CB50
                                                                            Function 007B91C0 Relevance: .5, Instructions: 475COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 33de26385668d8461dce66500748765c2dd9077ae83f088181d613008c4f1d72
                                                                            • Instruction ID: 477fbd10c624b78aaea92dedf39f93e414dec230005efe4a9c4e0056ba7d6ba4
                                                                            • Opcode Fuzzy Hash: 33de26385668d8461dce66500748765c2dd9077ae83f088181d613008c4f1d72
                                                                            • Instruction Fuzzy Hash: 1E02A7B1E00209EBDB14DF64D885BBDB7B5FF44300F108169EA169B3A1EB39DA50DB91
                                                                            Function 007E9EEE Relevance: .3, Instructions: 294COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fcf81f42ef7b0397818b8064c40af0fdcf99f19b227230f2396317225a808119
                                                                            • Instruction ID: 9369cbbd8c18c3eef5974c26225465263018a679ea9a2286a9b3b2376b0af720
                                                                            • Opcode Fuzzy Hash: fcf81f42ef7b0397818b8064c40af0fdcf99f19b227230f2396317225a808119
                                                                            • Instruction Fuzzy Hash: 31B1F020D2AF414DC62396399831336B75CBFBB6D6F91D31BFC2674E22EB2686834140
                                                                            Function 007D1C77 Relevance: .3, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                            • Instruction ID: ad58c1e606bf26f58a887eac6606d20549147af21a86469759dc06de5e240761
                                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                            • Instruction Fuzzy Hash: B79176722090E35ADB29463E857403EFFF15A923A235A079FD4F2CA3C5FE28D954D620
                                                                            Function 007D1F32 Relevance: .2, Instructions: 244COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                            • Instruction ID: 8f2028f9bc27fce677bd02f5cf124f41e5b8e23481cceb1df10d1fc05fd0e4d0
                                                                            • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                            • Instruction Fuzzy Hash: 0E9169722090E349DB6D4339857403DFFF15AA23A131A479FE4F2CB2C6EE29D556D620
                                                                            Function 007D19B0 Relevance: .2, Instructions: 240COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                            • Instruction ID: ab9bc2a21a5880f6d25682787912b68eecbb869972b73ae910fe2b26a87cdbd3
                                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                            • Instruction Fuzzy Hash: B89154722090E35ADB2D427A857403EFFF15A923A239A479FD4F2CA2C5FE28D554D620
                                                                            Function 007D7A4A Relevance: .2, Instructions: 237COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f7254075197c6e3f3e73751c42fe2aa758b471049a743cdbfcae28d361e71a25
                                                                            • Instruction ID: 62142cea7ef744e1fbfd2ac3c34bec2f5e6f6d0a64d72cc962736b87afec309a
                                                                            • Opcode Fuzzy Hash: f7254075197c6e3f3e73751c42fe2aa758b471049a743cdbfcae28d361e71a25
                                                                            • Instruction Fuzzy Hash: 44614BB120874996DA3C5A2C8D96BBE23B8DF81700F14491FE846DB381F61DDE42C366
                                                                            Function 007D7CA7 Relevance: .2, Instructions: 237COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dce13b0d871eef399c94097beece11b31ebd49e1a40d3b04c283d1cab66b3997
                                                                            • Instruction ID: 7b32e13d9d46272207342d8e12e924cb833b0b7b50492969595cfd25d5115b8d
                                                                            • Opcode Fuzzy Hash: dce13b0d871eef399c94097beece11b31ebd49e1a40d3b04c283d1cab66b3997
                                                                            • Instruction Fuzzy Hash: 39616A7170870996DE3C4A288896BBF63B6DF42704F14095BE983DB381FA1EED42C256
                                                                            Function 007D1706 Relevance: .2, Instructions: 232COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                            • Instruction ID: 893de2ce9f4573d324b55c64d80b79c86ea1fd9f15ab7398311d744167746b4a
                                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                            • Instruction Fuzzy Hash: F78163726090E319EB6D827A853443EFFF15A923B135A079FD4F2CA2D1EE289554E620
                                                                            Function 00822046 Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 06113e9d275bb668a73157ddaa1f1c24ed544c7273796778d8a9c7839bba3a06
                                                                            • Instruction ID: 3f57fcf30c17d3eedcbaa1ce4a44b30b1f8cd67a3bdae20d0beae84e3e6f6985
                                                                            • Opcode Fuzzy Hash: 06113e9d275bb668a73157ddaa1f1c24ed544c7273796778d8a9c7839bba3a06
                                                                            • Instruction Fuzzy Hash: D621A8326206218BD728CE79C81267A73E5FB64310F15862EE4A7C77D0DE35A944CB40
                                                                            Function 00832ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteObject.GDI32(00000000), ref: 00832B30
                                                                            • DeleteObject.GDI32(00000000), ref: 00832B43
                                                                            • DestroyWindow.USER32 ref: 00832B52
                                                                            • GetDesktopWindow.USER32 ref: 00832B6D
                                                                            • GetWindowRect.USER32(00000000), ref: 00832B74
                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00832CA3
                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00832CB1
                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832CF8
                                                                            • GetClientRect.USER32(00000000,?), ref: 00832D04
                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00832D40
                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D62
                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D75
                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D80
                                                                            • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D89
                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832D98
                                                                            • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832DA1
                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832DA8
                                                                            • GlobalFree.KERNEL32(00000000), ref: 00832DB3
                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832DC5
                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,0084FC38,00000000), ref: 00832DDB
                                                                            • GlobalFree.KERNEL32(00000000), ref: 00832DEB
                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00832E11
                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00832E30
                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00832E52
                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0083303F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                            • API String ID: 2211948467-2373415609
                                                                            • Opcode ID: 2a1f81974851d170d5cb5ae9df6e1c74a47469bf538cd2e2d4c790d7e437515e
                                                                            • Instruction ID: de225b8e1bb19c54a2fe0a37a6454395ce4765346d593baaa9a1e32bbebf032e
                                                                            • Opcode Fuzzy Hash: 2a1f81974851d170d5cb5ae9df6e1c74a47469bf538cd2e2d4c790d7e437515e
                                                                            • Instruction Fuzzy Hash: 64024975500218EFDB24DF68CC89EAE7BB9FF49710F048558F915EB2A1DB74A901CBA0
                                                                            Function 008470D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetTextColor.GDI32(?,00000000), ref: 0084712F
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00847160
                                                                            • GetSysColor.USER32(0000000F), ref: 0084716C
                                                                            • SetBkColor.GDI32(?,000000FF), ref: 00847186
                                                                            • SelectObject.GDI32(?,?), ref: 00847195
                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 008471C0
                                                                            • GetSysColor.USER32(00000010), ref: 008471C8
                                                                            • CreateSolidBrush.GDI32(00000000), ref: 008471CF
                                                                            • FrameRect.USER32(?,?,00000000), ref: 008471DE
                                                                            • DeleteObject.GDI32(00000000), ref: 008471E5
                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 00847230
                                                                            • FillRect.USER32(?,?,?), ref: 00847262
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00847284
                                                                              • Part of subcall function 008473E8: GetSysColor.USER32(00000012), ref: 00847421
                                                                              • Part of subcall function 008473E8: SetTextColor.GDI32(?,?), ref: 00847425
                                                                              • Part of subcall function 008473E8: GetSysColorBrush.USER32(0000000F), ref: 0084743B
                                                                              • Part of subcall function 008473E8: GetSysColor.USER32(0000000F), ref: 00847446
                                                                              • Part of subcall function 008473E8: GetSysColor.USER32(00000011), ref: 00847463
                                                                              • Part of subcall function 008473E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00847471
                                                                              • Part of subcall function 008473E8: SelectObject.GDI32(?,00000000), ref: 00847482
                                                                              • Part of subcall function 008473E8: SetBkColor.GDI32(?,00000000), ref: 0084748B
                                                                              • Part of subcall function 008473E8: SelectObject.GDI32(?,?), ref: 00847498
                                                                              • Part of subcall function 008473E8: InflateRect.USER32(?,000000FF,000000FF), ref: 008474B7
                                                                              • Part of subcall function 008473E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008474CE
                                                                              • Part of subcall function 008473E8: GetWindowLongW.USER32(00000000,000000F0), ref: 008474DB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                            • String ID:
                                                                            • API String ID: 4124339563-0
                                                                            • Opcode ID: 10ee9c17faaabc063ab7e1356e31aab080272d9ebd1674a953e482da728a5e3d
                                                                            • Instruction ID: 765c7c820242e0881352ec17fa747d780afdc7684f34830b6d3cf1ea659bc5ac
                                                                            • Opcode Fuzzy Hash: 10ee9c17faaabc063ab7e1356e31aab080272d9ebd1674a953e482da728a5e3d
                                                                            • Instruction Fuzzy Hash: 23A1AF76009315AFDB509F64DC48E6BBBA9FF8A320F100A19F962E61E1D770E944CB91
                                                                            Function 007C8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(?,?), ref: 007C8E14
                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00806AC5
                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00806AFE
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00806F43
                                                                              • Part of subcall function 007C8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007C8BE8,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 007C8FC5
                                                                            • SendMessageW.USER32(?,00001053), ref: 00806F7F
                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00806F96
                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00806FAC
                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00806FB7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                            • String ID: 0
                                                                            • API String ID: 2760611726-4108050209
                                                                            • Opcode ID: d719e92253906da0e560665713dace305ba87b8fcdd02875513b461ea5d46841
                                                                            • Instruction ID: 7f3433964298a26378854a6256eb689d9390172b6443fa529c02fe2b8930344c
                                                                            • Opcode Fuzzy Hash: d719e92253906da0e560665713dace305ba87b8fcdd02875513b461ea5d46841
                                                                            • Instruction Fuzzy Hash: 9912AC34201211DFDBA5CF28CC58BA9BBE5FF45310F54446DE495CB2A2DB35E862CB92
                                                                            Function 00832711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(00000000), ref: 0083273E
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0083286A
                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 008328A9
                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 008328B9
                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00832900
                                                                            • GetClientRect.USER32(00000000,?), ref: 0083290C
                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00832955
                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00832964
                                                                            • GetStockObject.GDI32(00000011), ref: 00832974
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00832978
                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00832988
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00832991
                                                                            • DeleteDC.GDI32(00000000), ref: 0083299A
                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 008329C6
                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 008329DD
                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00832A1D
                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00832A31
                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 00832A42
                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00832A77
                                                                            • GetStockObject.GDI32(00000011), ref: 00832A82
                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00832A8D
                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00832A97
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                            • API String ID: 2910397461-517079104
                                                                            • Opcode ID: 42f6ab8db8f57951d15bfa8142149586d7703f832eb4af3d780732a282b74bc1
                                                                            • Instruction ID: e3b379803e14e7dd318039e1bb2d1dc92b6d133347857f5bce554b731aef1237
                                                                            • Opcode Fuzzy Hash: 42f6ab8db8f57951d15bfa8142149586d7703f832eb4af3d780732a282b74bc1
                                                                            • Instruction Fuzzy Hash: F3B16C75A00219AFEB14DFA8CC4AFAE7BA9FB48714F008514F915E7290DB74ED40CBA0
                                                                            Function 00824ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00824AED
                                                                            • GetDriveTypeW.KERNEL32(?,0084CB68,?,\\.\,0084CC08), ref: 00824BCA
                                                                            • SetErrorMode.KERNEL32(00000000,0084CB68,?,\\.\,0084CC08), ref: 00824D36
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$DriveType
                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                            • API String ID: 2907320926-4222207086
                                                                            • Opcode ID: 57628564f60d5b832ac0b273d8f380e5ed4549c85789049cedcb031ef6817ec2
                                                                            • Instruction ID: 71ac7bcd1eace9da5b23383f833b7ba123e9ec81be9bf7a821a97e2da5ada5ee
                                                                            • Opcode Fuzzy Hash: 57628564f60d5b832ac0b273d8f380e5ed4549c85789049cedcb031ef6817ec2
                                                                            • Instruction Fuzzy Hash: CE610630601619DBCB14DF68DA85DAC7BA0FF44304B249016F81AEB396EB3ADDD1DB61
                                                                            Function 008473E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSysColor.USER32(00000012), ref: 00847421
                                                                            • SetTextColor.GDI32(?,?), ref: 00847425
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 0084743B
                                                                            • GetSysColor.USER32(0000000F), ref: 00847446
                                                                            • CreateSolidBrush.GDI32(?), ref: 0084744B
                                                                            • GetSysColor.USER32(00000011), ref: 00847463
                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00847471
                                                                            • SelectObject.GDI32(?,00000000), ref: 00847482
                                                                            • SetBkColor.GDI32(?,00000000), ref: 0084748B
                                                                            • SelectObject.GDI32(?,?), ref: 00847498
                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 008474B7
                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 008474CE
                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 008474DB
                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0084752A
                                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00847554
                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 00847572
                                                                            • DrawFocusRect.USER32(?,?), ref: 0084757D
                                                                            • GetSysColor.USER32(00000011), ref: 0084758E
                                                                            • SetTextColor.GDI32(?,00000000), ref: 00847596
                                                                            • DrawTextW.USER32(?,008470F5,000000FF,?,00000000), ref: 008475A8
                                                                            • SelectObject.GDI32(?,?), ref: 008475BF
                                                                            • DeleteObject.GDI32(?), ref: 008475CA
                                                                            • SelectObject.GDI32(?,?), ref: 008475D0
                                                                            • DeleteObject.GDI32(?), ref: 008475D5
                                                                            • SetTextColor.GDI32(?,?), ref: 008475DB
                                                                            • SetBkColor.GDI32(?,?), ref: 008475E5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                            • String ID:
                                                                            • API String ID: 1996641542-0
                                                                            • Opcode ID: d3cf065a283503f6623c3425484309ed5ff45f5d45476a826bfaa7abf5e2b2d0
                                                                            • Instruction ID: d6224014a002ad7f0ff79dc7d5a2697c23b377326337c4872d921a66a2239604
                                                                            • Opcode Fuzzy Hash: d3cf065a283503f6623c3425484309ed5ff45f5d45476a826bfaa7abf5e2b2d0
                                                                            • Instruction Fuzzy Hash: 35616A76901218AFDF119FA4DC49EAEBFB9FB09320F118115F915BB2A1D7749940CF90
                                                                            Function 00840FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCursorPos.USER32(?), ref: 00841128
                                                                            • GetDesktopWindow.USER32 ref: 0084113D
                                                                            • GetWindowRect.USER32(00000000), ref: 00841144
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00841199
                                                                            • DestroyWindow.USER32(?), ref: 008411B9
                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 008411ED
                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0084120B
                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0084121D
                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 00841232
                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00841245
                                                                            • IsWindowVisible.USER32(00000000), ref: 008412A1
                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 008412BC
                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 008412D0
                                                                            • GetWindowRect.USER32(00000000,?), ref: 008412E8
                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 0084130E
                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 00841328
                                                                            • CopyRect.USER32(?,?), ref: 0084133F
                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 008413AA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                            • String ID: ($0$tooltips_class32
                                                                            • API String ID: 698492251-4156429822
                                                                            • Opcode ID: e8857675b455bb798727b58c8232ad6253c871286ebdd2fc2f01579275611c4e
                                                                            • Instruction ID: e02ff8c16b9035c6c8926b66873e34a28ab9ef6b6d0ff0dfadcbe4f19a749648
                                                                            • Opcode Fuzzy Hash: e8857675b455bb798727b58c8232ad6253c871286ebdd2fc2f01579275611c4e
                                                                            • Instruction Fuzzy Hash: 2AB17D71604345AFDB54DF64C888BAABBE4FF89354F00891CF999DB261C771E844CB92
                                                                            Function 007C8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007C8968
                                                                            • GetSystemMetrics.USER32(00000007), ref: 007C8970
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007C899B
                                                                            • GetSystemMetrics.USER32(00000008), ref: 007C89A3
                                                                            • GetSystemMetrics.USER32(00000004), ref: 007C89C8
                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 007C89E5
                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 007C89F5
                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 007C8A28
                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 007C8A3C
                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 007C8A5A
                                                                            • GetStockObject.GDI32(00000011), ref: 007C8A76
                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 007C8A81
                                                                              • Part of subcall function 007C912D: GetCursorPos.USER32(?), ref: 007C9141
                                                                              • Part of subcall function 007C912D: ScreenToClient.USER32(00000000,?), ref: 007C915E
                                                                              • Part of subcall function 007C912D: GetAsyncKeyState.USER32(00000001), ref: 007C9183
                                                                              • Part of subcall function 007C912D: GetAsyncKeyState.USER32(00000002), ref: 007C919D
                                                                            • SetTimer.USER32(00000000,00000000,00000028,007C90FC), ref: 007C8AA8
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                            • String ID: AutoIt v3 GUI
                                                                            • API String ID: 1458621304-248962490
                                                                            • Opcode ID: 21bad5887a6951e8a429dd5ee04059b893e63cdd167a6a8df35df2c513903126
                                                                            • Instruction ID: 8293708309932ccce6a3c8c1b09fbdbb734a17a459b3c0ef6f2d911d929b5645
                                                                            • Opcode Fuzzy Hash: 21bad5887a6951e8a429dd5ee04059b893e63cdd167a6a8df35df2c513903126
                                                                            • Instruction Fuzzy Hash: 8FB18A75A0020AAFDF54DFA8CC49BAE7BB9FB48314F11422DFA15E7290DB34A851CB51
                                                                            Function 00810D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00811114
                                                                              • Part of subcall function 008110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811120
                                                                              • Part of subcall function 008110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 0081112F
                                                                              • Part of subcall function 008110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811136
                                                                              • Part of subcall function 008110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0081114D
                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00810DF5
                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00810E29
                                                                            • GetLengthSid.ADVAPI32(?), ref: 00810E40
                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00810E7A
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00810E96
                                                                            • GetLengthSid.ADVAPI32(?), ref: 00810EAD
                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00810EB5
                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00810EBC
                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00810EDD
                                                                            • CopySid.ADVAPI32(00000000), ref: 00810EE4
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00810F13
                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00810F35
                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00810F47
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810F6E
                                                                            • HeapFree.KERNEL32(00000000), ref: 00810F75
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810F7E
                                                                            • HeapFree.KERNEL32(00000000), ref: 00810F85
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00810F8E
                                                                            • HeapFree.KERNEL32(00000000), ref: 00810F95
                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00810FA1
                                                                            • HeapFree.KERNEL32(00000000), ref: 00810FA8
                                                                              • Part of subcall function 00811193: GetProcessHeap.KERNEL32(00000008,00810BB1,?,00000000,?,00810BB1,?), ref: 008111A1
                                                                              • Part of subcall function 00811193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00810BB1,?), ref: 008111A8
                                                                              • Part of subcall function 00811193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00810BB1,?), ref: 008111B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                            • String ID:
                                                                            • API String ID: 4175595110-0
                                                                            • Opcode ID: 337e1eb813370e709417c086be5436925f92dabeff2125b56a97aef522fb7571
                                                                            • Instruction ID: 30cb46ac7d96d2665850688efda8f31fb9d5c29f5f0e013e73940b53b491ce77
                                                                            • Opcode Fuzzy Hash: 337e1eb813370e709417c086be5436925f92dabeff2125b56a97aef522fb7571
                                                                            • Instruction Fuzzy Hash: 9171487690120AABDB209FA5DC49BEEBBBCFF05300F044115E959E6191DB719A86CF60
                                                                            Function 0083C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083C4BD
                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,0084CC08,00000000,?,00000000,?,?), ref: 0083C544
                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0083C5A4
                                                                            • _wcslen.LIBCMT ref: 0083C5F4
                                                                            • _wcslen.LIBCMT ref: 0083C66F
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0083C6B2
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0083C7C1
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0083C84D
                                                                            • RegCloseKey.ADVAPI32(?), ref: 0083C881
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0083C88E
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0083C960
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                            • API String ID: 9721498-966354055
                                                                            • Opcode ID: 9189e7f91001ef01aaaef177b6a18dd99e9e437b94bc11346e59622040e2aaaf
                                                                            • Instruction ID: 19cc5cd4c630f8493a62c4cc936dd02d9bf427eabe57c65402344910b4ec52a5
                                                                            • Opcode Fuzzy Hash: 9189e7f91001ef01aaaef177b6a18dd99e9e437b94bc11346e59622040e2aaaf
                                                                            • Instruction Fuzzy Hash: 5B123435604201DFCB14DF14C885B6AB7E5FF88714F14889DF89AAB2A2DB35ED41CB91
                                                                            Function 0084091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharUpperBuffW.USER32(?,?), ref: 008409C6
                                                                            • _wcslen.LIBCMT ref: 00840A01
                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00840A54
                                                                            • _wcslen.LIBCMT ref: 00840A8A
                                                                            • _wcslen.LIBCMT ref: 00840B06
                                                                            • _wcslen.LIBCMT ref: 00840B81
                                                                              • Part of subcall function 007CF9F2: _wcslen.LIBCMT ref: 007CF9FD
                                                                              • Part of subcall function 00812BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00812BFA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                            • API String ID: 1103490817-4258414348
                                                                            • Opcode ID: 11f5358184063a390b88f9988477ef12a53897d931eaff3219dbe8da420ec9e1
                                                                            • Instruction ID: 55e4d8eb6a3f4d9bfca4a3d644c7bafdb43ed57f86d5de9b5f2341458b66eb6f
                                                                            • Opcode Fuzzy Hash: 11f5358184063a390b88f9988477ef12a53897d931eaff3219dbe8da420ec9e1
                                                                            • Instruction Fuzzy Hash: 10E17831608305DFC714DF24C491A6AB7E2FF98318B14895DF99A9B3A2D734ED49CB82
                                                                            Function 0083C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharUpper
                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                            • API String ID: 1256254125-909552448
                                                                            • Opcode ID: 92ce81ddef22ef537d01200543781dbcbe4baa0aa70c0791b8ac7876f10f9fe2
                                                                            • Instruction ID: 9ca86d202b339990f141ed305aa969b5fbfacdef98adffa7c22e863867014045
                                                                            • Opcode Fuzzy Hash: 92ce81ddef22ef537d01200543781dbcbe4baa0aa70c0791b8ac7876f10f9fe2
                                                                            • Instruction Fuzzy Hash: 7271D37260012A8BCB20DE7CCD516BA73A5FBE0764F254529F866F7284EA35DD45C3E0
                                                                            Function 0084833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 0084835A
                                                                            • _wcslen.LIBCMT ref: 0084836E
                                                                            • _wcslen.LIBCMT ref: 00848391
                                                                            • _wcslen.LIBCMT ref: 008483B4
                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 008483F2
                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0084361A,?), ref: 0084844E
                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00848487
                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 008484CA
                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00848501
                                                                            • FreeLibrary.KERNEL32(?), ref: 0084850D
                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0084851D
                                                                            • DestroyIcon.USER32(?), ref: 0084852C
                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00848549
                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00848555
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                            • String ID: .dll$.exe$.icl
                                                                            • API String ID: 799131459-1154884017
                                                                            • Opcode ID: 15f317537bd7df392fba25ab743e63f6cfd9526fcd82a442900d44ee0b921287
                                                                            • Instruction ID: 0755e91b7ab20ab911b55309e3dc2967c8d10a9aec67aeb3ad187cb982899be9
                                                                            • Opcode Fuzzy Hash: 15f317537bd7df392fba25ab743e63f6cfd9526fcd82a442900d44ee0b921287
                                                                            • Instruction Fuzzy Hash: B961AF71900219FBEB14DF64CC85BBE77ACFB04B11F10454AF915E61D1DB74AA90CBA0
                                                                            Function 007B7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                            • API String ID: 0-1645009161
                                                                            • Opcode ID: 64599cebc13cd0d12b7f1bf469ecb68ccc8f82fb96059e56254695749a34808e
                                                                            • Instruction ID: e9ae8844307ff727b0ea56be9e59a88c66f851b101d7ba9b43d039a3d3b105c7
                                                                            • Opcode Fuzzy Hash: 64599cebc13cd0d12b7f1bf469ecb68ccc8f82fb96059e56254695749a34808e
                                                                            • Instruction Fuzzy Hash: BB81C371A04609FBDB24AF60CC46FFE37A9FF55300F044025FA15AA296EB7CD911D6A1
                                                                            Function 00823E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharLowerBuffW.USER32(?,?), ref: 00823EF8
                                                                            • _wcslen.LIBCMT ref: 00823F03
                                                                            • _wcslen.LIBCMT ref: 00823F5A
                                                                            • _wcslen.LIBCMT ref: 00823F98
                                                                            • GetDriveTypeW.KERNEL32(?), ref: 00823FD6
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0082401E
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00824059
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00824087
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                            • API String ID: 1839972693-4113822522
                                                                            • Opcode ID: 7a8d00cfb8414bf816bfec0c31da590350dd89975edab9292cd904dbeb019244
                                                                            • Instruction ID: e5fc2d533d9e1a16cf615f241f11eb5dadedea36d0b3f5ddcfd437aafe71a33b
                                                                            • Opcode Fuzzy Hash: 7a8d00cfb8414bf816bfec0c31da590350dd89975edab9292cd904dbeb019244
                                                                            • Instruction Fuzzy Hash: 267101326046119FC310EF24D8909AAB7F4FF94758F10892DF9A5D7251EB38ED89CB51
                                                                            Function 00815A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadIconW.USER32(00000063), ref: 00815A2E
                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00815A40
                                                                            • SetWindowTextW.USER32(?,?), ref: 00815A57
                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00815A6C
                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00815A72
                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00815A82
                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00815A88
                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00815AA9
                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00815AC3
                                                                            • GetWindowRect.USER32(?,?), ref: 00815ACC
                                                                            • _wcslen.LIBCMT ref: 00815B33
                                                                            • SetWindowTextW.USER32(?,?), ref: 00815B6F
                                                                            • GetDesktopWindow.USER32 ref: 00815B75
                                                                            • GetWindowRect.USER32(00000000), ref: 00815B7C
                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00815BD3
                                                                            • GetClientRect.USER32(?,?), ref: 00815BE0
                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 00815C05
                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00815C2F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                            • String ID:
                                                                            • API String ID: 895679908-0
                                                                            • Opcode ID: 1a4674c344b2de4132d1e20a0fb70f2298fdfeca4356c1a6e65832bbdb7ad9df
                                                                            • Instruction ID: 18d71799e6ad14f13930a64823c0960bdc378615cc513ea4a99d52609d6a2055
                                                                            • Opcode Fuzzy Hash: 1a4674c344b2de4132d1e20a0fb70f2298fdfeca4356c1a6e65832bbdb7ad9df
                                                                            • Instruction Fuzzy Hash: F2716F31900B09EFDB20DFA9CE85AAEBBF9FF88714F104519E542E25A0D775E984CB50
                                                                            Function 0082FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 0082FE27
                                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 0082FE32
                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 0082FE3D
                                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 0082FE48
                                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 0082FE53
                                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 0082FE5E
                                                                            • LoadCursorW.USER32(00000000,00007F81), ref: 0082FE69
                                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 0082FE74
                                                                            • LoadCursorW.USER32(00000000,00007F80), ref: 0082FE7F
                                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 0082FE8A
                                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 0082FE95
                                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 0082FEA0
                                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 0082FEAB
                                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 0082FEB6
                                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 0082FEC1
                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 0082FECC
                                                                            • GetCursorInfo.USER32(?), ref: 0082FEDC
                                                                            • GetLastError.KERNEL32 ref: 0082FF1E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Cursor$Load$ErrorInfoLast
                                                                            • String ID:
                                                                            • API String ID: 3215588206-0
                                                                            • Opcode ID: 2b9e669b75deb0085c38591913aa42ca1d423837d60f74dd56c4adf797f351cc
                                                                            • Instruction ID: 043c68343e12d85225fac4952fd7b9c99572e6c9bdcfe6e916b6ec6e18499a0f
                                                                            • Opcode Fuzzy Hash: 2b9e669b75deb0085c38591913aa42ca1d423837d60f74dd56c4adf797f351cc
                                                                            • Instruction Fuzzy Hash: 314160B0D04319AADB109FBA9C8985EBFF8FF04354B50853AF119E7281DB78A941CE90
                                                                            Function 007D00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 007D00C6
                                                                              • Part of subcall function 007D00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0088070C,00000FA0,D51A35C2,?,?,?,?,007F23B3,000000FF), ref: 007D011C
                                                                              • Part of subcall function 007D00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,007F23B3,000000FF), ref: 007D0127
                                                                              • Part of subcall function 007D00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,007F23B3,000000FF), ref: 007D0138
                                                                              • Part of subcall function 007D00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 007D014E
                                                                              • Part of subcall function 007D00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 007D015C
                                                                              • Part of subcall function 007D00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 007D016A
                                                                              • Part of subcall function 007D00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007D0195
                                                                              • Part of subcall function 007D00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007D01A0
                                                                            • ___scrt_fastfail.LIBCMT ref: 007D00E7
                                                                              • Part of subcall function 007D00A3: __onexit.LIBCMT ref: 007D00A9
                                                                            Strings
                                                                            • SleepConditionVariableCS, xrefs: 007D0154
                                                                            • kernel32.dll, xrefs: 007D0133
                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 007D0122
                                                                            • WakeAllConditionVariable, xrefs: 007D0162
                                                                            • InitializeConditionVariable, xrefs: 007D0148
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                            • API String ID: 66158676-1714406822
                                                                            • Opcode ID: fb5fc22f96e3cff6248dc2f0653c1cb4342d459d20ec6aaee3f4f9b64ae1e7d8
                                                                            • Instruction ID: 5c245c9f306993479fbfc1a9d13b205c66e4fc8408f9863c02985868cfb002ab
                                                                            • Opcode Fuzzy Hash: fb5fc22f96e3cff6248dc2f0653c1cb4342d459d20ec6aaee3f4f9b64ae1e7d8
                                                                            • Instruction Fuzzy Hash: 0D21C636A45719ABE7506BA4AC09B6E77E8FB05B51F10013FF911E3392DB7E98008AD0
                                                                            Function 008130F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen
                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                            • API String ID: 176396367-1603158881
                                                                            • Opcode ID: a8137b3f5c9445f4494a8947a0c393c5cd25e3b5b73f82fe5e319595d5c56ef2
                                                                            • Instruction ID: 0fedceb0302cbd488bfd94d1c42bd4f4bd7e2ba3d28bf9bbc2925dd844819846
                                                                            • Opcode Fuzzy Hash: a8137b3f5c9445f4494a8947a0c393c5cd25e3b5b73f82fe5e319595d5c56ef2
                                                                            • Instruction Fuzzy Hash: 63E1E432A00516EBCB189FA8C455BEDFBB9FF54710F54812AE566F7240DB30AEC98790
                                                                            Function 008244C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharLowerBuffW.USER32(00000000,00000000,0084CC08), ref: 00824527
                                                                            • _wcslen.LIBCMT ref: 0082453B
                                                                            • _wcslen.LIBCMT ref: 00824599
                                                                            • _wcslen.LIBCMT ref: 008245F4
                                                                            • _wcslen.LIBCMT ref: 0082463F
                                                                            • _wcslen.LIBCMT ref: 008246A7
                                                                              • Part of subcall function 007CF9F2: _wcslen.LIBCMT ref: 007CF9FD
                                                                            • GetDriveTypeW.KERNEL32(?,00876BF0,00000061), ref: 00824743
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                            • API String ID: 2055661098-1000479233
                                                                            • Opcode ID: 0ce5cbb06bdf287ad6008cb94fe77b48c7af531ac44dd64504502d91b3904ddb
                                                                            • Instruction ID: a922b0521a8c074d8b507d955d448b3b9ffd4edd28cf4bebd4f6f4dab113efae
                                                                            • Opcode Fuzzy Hash: 0ce5cbb06bdf287ad6008cb94fe77b48c7af531ac44dd64504502d91b3904ddb
                                                                            • Instruction Fuzzy Hash: A1B112316083229FC710DF28E890A6EB7E5FFA5724F50591DF5AAC7291E734D884CB62
                                                                            Function 0083AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 0083B198
                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0083B1B0
                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0083B1D4
                                                                            • _wcslen.LIBCMT ref: 0083B200
                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0083B214
                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0083B236
                                                                            • _wcslen.LIBCMT ref: 0083B332
                                                                              • Part of subcall function 008205A7: GetStdHandle.KERNEL32(000000F6), ref: 008205C6
                                                                            • _wcslen.LIBCMT ref: 0083B34B
                                                                            • _wcslen.LIBCMT ref: 0083B366
                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0083B3B6
                                                                            • GetLastError.KERNEL32(00000000), ref: 0083B407
                                                                            • CloseHandle.KERNEL32(?), ref: 0083B439
                                                                            • CloseHandle.KERNEL32(00000000), ref: 0083B44A
                                                                            • CloseHandle.KERNEL32(00000000), ref: 0083B45C
                                                                            • CloseHandle.KERNEL32(00000000), ref: 0083B46E
                                                                            • CloseHandle.KERNEL32(?), ref: 0083B4E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 2178637699-0
                                                                            • Opcode ID: 230adcc91a068a44d8dc80fca3fc6cab5d8e81137f9015f1bb7613c248007a66
                                                                            • Instruction ID: bfba125c42c2d90b8d22faba33be38814aadcdcf8a012eabf3d6b031a481c1b6
                                                                            • Opcode Fuzzy Hash: 230adcc91a068a44d8dc80fca3fc6cab5d8e81137f9015f1bb7613c248007a66
                                                                            • Instruction Fuzzy Hash: A9F17871608200DFC724EF24C895B6ABBE5FF85314F14855DF99A8B2A2DB35EC40CB92
                                                                            Function 00833FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,0084CC08), ref: 008340BB
                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 008340CD
                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0084CC08), ref: 008340F2
                                                                            • FreeLibrary.KERNEL32(00000000,?,0084CC08), ref: 0083413E
                                                                            • StringFromGUID2.OLE32(?,?,00000028,?,0084CC08), ref: 008341A8
                                                                            • SysFreeString.OLEAUT32(00000009), ref: 00834262
                                                                            • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 008342C8
                                                                            • SysFreeString.OLEAUT32(?), ref: 008342F2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                            • String ID: GetModuleHandleExW$kernel32.dll
                                                                            • API String ID: 354098117-199464113
                                                                            • Opcode ID: 4ed91841bbe92b514f4a2b006addf9b61e4f5ddff4ae81c5fd90b4b6d43f5d87
                                                                            • Instruction ID: 2e4ae6a385866f397824fe749e10ef71288891ceeec14c517b0fd55e8b81d250
                                                                            • Opcode Fuzzy Hash: 4ed91841bbe92b514f4a2b006addf9b61e4f5ddff4ae81c5fd90b4b6d43f5d87
                                                                            • Instruction Fuzzy Hash: 99122D75A00119EFDB14CF94C884EAEBBB9FF85318F248098E905EB251D731ED46CBA0
                                                                            Function 007B326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemCount.USER32(00881990), ref: 007F2F8D
                                                                            • GetMenuItemCount.USER32(00881990), ref: 007F303D
                                                                            • GetCursorPos.USER32(?), ref: 007F3081
                                                                            • SetForegroundWindow.USER32(00000000), ref: 007F308A
                                                                            • TrackPopupMenuEx.USER32(00881990,00000000,?,00000000,00000000,00000000), ref: 007F309D
                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 007F30A9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                            • String ID: 0
                                                                            • API String ID: 36266755-4108050209
                                                                            • Opcode ID: 2eb704990b5e4e13cd1be0a915ef535783358ff7aa0c7c71d64c83a8580cf2f3
                                                                            • Instruction ID: ce8344698765f5ab8dfbc8e13e75fc09c1031beeb5a925525f7bfb7b9b137017
                                                                            • Opcode Fuzzy Hash: 2eb704990b5e4e13cd1be0a915ef535783358ff7aa0c7c71d64c83a8580cf2f3
                                                                            • Instruction Fuzzy Hash: B5712D70644209BEEB218F64CC49FEABF69FF05324F204216F615A62D1C7B9AD50DB51
                                                                            Function 00846CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(00000000,?), ref: 00846DEB
                                                                              • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00846E5F
                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00846E81
                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00846E94
                                                                            • DestroyWindow.USER32(?), ref: 00846EB5
                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,007B0000,00000000), ref: 00846EE4
                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00846EFD
                                                                            • GetDesktopWindow.USER32 ref: 00846F16
                                                                            • GetWindowRect.USER32(00000000), ref: 00846F1D
                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00846F35
                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00846F4D
                                                                              • Part of subcall function 007C9944: GetWindowLongW.USER32(?,000000EB), ref: 007C9952
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                            • String ID: 0$tooltips_class32
                                                                            • API String ID: 2429346358-3619404913
                                                                            • Opcode ID: 7324067461c5b0abb4bd5c1edd98fc0aea3392cecda6757137138d198a0764fa
                                                                            • Instruction ID: 59fbb75dd60c66bc5a3a352b1f24904d8d8c8462b208c094b4b13a2d77133f45
                                                                            • Opcode Fuzzy Hash: 7324067461c5b0abb4bd5c1edd98fc0aea3392cecda6757137138d198a0764fa
                                                                            • Instruction Fuzzy Hash: 9A714674104348AFDB61CF18DC48BAABBE9FB8A304F54441DF999C7261DB74A91ACB12
                                                                            Function 0084911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                            • DragQueryPoint.SHELL32(?,?), ref: 00849147
                                                                              • Part of subcall function 00847674: ClientToScreen.USER32(?,?), ref: 0084769A
                                                                              • Part of subcall function 00847674: GetWindowRect.USER32(?,?), ref: 00847710
                                                                              • Part of subcall function 00847674: PtInRect.USER32(?,?,00848B89), ref: 00847720
                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 008491B0
                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 008491BB
                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 008491DE
                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00849225
                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 0084923E
                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00849255
                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00849277
                                                                            • DragFinish.SHELL32(?), ref: 0084927E
                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00849371
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                            • API String ID: 221274066-3440237614
                                                                            • Opcode ID: 73234da629cbd78eb70dcfc152f34a4d3252928702f820598f720f00c8b5ca71
                                                                            • Instruction ID: bdbbfa59c9f06e861bfc0e85633b40ae4c7a2a46a3a1954221d2fa731e0e9048
                                                                            • Opcode Fuzzy Hash: 73234da629cbd78eb70dcfc152f34a4d3252928702f820598f720f00c8b5ca71
                                                                            • Instruction Fuzzy Hash: 07617C71108305AFD701EF64DC89EAFBBE8FF89350F40491DF6A5922A1DB709A49CB52
                                                                            Function 0082C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0082C4B0
                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0082C4C3
                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0082C4D7
                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0082C4F0
                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0082C533
                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0082C549
                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0082C554
                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0082C584
                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0082C5DC
                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0082C5F0
                                                                            • InternetCloseHandle.WININET(00000000), ref: 0082C5FB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                            • String ID:
                                                                            • API String ID: 3800310941-3916222277
                                                                            • Opcode ID: f298dea88832a5e65c1a29458ebb40c6e3ff002fd90ea0b71bd33c0f4f6d804e
                                                                            • Instruction ID: c652945e43e4d41af07cab9cdc426af269a9cc61754e98b66f1b20f1297b3179
                                                                            • Opcode Fuzzy Hash: f298dea88832a5e65c1a29458ebb40c6e3ff002fd90ea0b71bd33c0f4f6d804e
                                                                            • Instruction Fuzzy Hash: 4D5158B4500618AFEB219F64DA88ABB7BFCFF09344F00441AF945D6250DB74E984DB60
                                                                            Function 0084856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00848592
                                                                            • GetFileSize.KERNEL32(00000000,00000000), ref: 008485A2
                                                                            • GlobalAlloc.KERNEL32(00000002,00000000), ref: 008485AD
                                                                            • CloseHandle.KERNEL32(00000000), ref: 008485BA
                                                                            • GlobalLock.KERNEL32(00000000), ref: 008485C8
                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 008485D7
                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 008485E0
                                                                            • CloseHandle.KERNEL32(00000000), ref: 008485E7
                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 008485F8
                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,0084FC38,?), ref: 00848611
                                                                            • GlobalFree.KERNEL32(00000000), ref: 00848621
                                                                            • GetObjectW.GDI32(?,00000018,000000FF), ref: 00848641
                                                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00848671
                                                                            • DeleteObject.GDI32(00000000), ref: 00848699
                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 008486AF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                            • String ID:
                                                                            • API String ID: 3840717409-0
                                                                            • Opcode ID: 6e08ea6f6a589543d07bbed1e3c1eb075cffe3d2ea23c9687765bea4b09db686
                                                                            • Instruction ID: 7da7ef7db1ef7a90081bfab9c8421dccd1309b2c1413ec2e677ef774535f6a14
                                                                            • Opcode Fuzzy Hash: 6e08ea6f6a589543d07bbed1e3c1eb075cffe3d2ea23c9687765bea4b09db686
                                                                            • Instruction Fuzzy Hash: D8412979601208EFDB519FA5CC48EAE7BBCFF9A715F118058F909E7260DB749901DB20
                                                                            Function 008214BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(00000000), ref: 00821502
                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0082150B
                                                                            • VariantClear.OLEAUT32(?), ref: 00821517
                                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 008215FB
                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 00821657
                                                                            • VariantInit.OLEAUT32(?), ref: 00821708
                                                                            • SysFreeString.OLEAUT32(?), ref: 0082178C
                                                                            • VariantClear.OLEAUT32(?), ref: 008217D8
                                                                            • VariantClear.OLEAUT32(?), ref: 008217E7
                                                                            • VariantInit.OLEAUT32(00000000), ref: 00821823
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                            • API String ID: 1234038744-3931177956
                                                                            • Opcode ID: d27d66d1397570efa1b24bb300897270d60de9aee44f815f873a66d03a141748
                                                                            • Instruction ID: 15a55445df01e1e8f38bac0e7d42cfb47e89e0e35077e7c34c292fe008193826
                                                                            • Opcode Fuzzy Hash: d27d66d1397570efa1b24bb300897270d60de9aee44f815f873a66d03a141748
                                                                            • Instruction Fuzzy Hash: 4CD1CF71A00229EBDF109F65E98DBB9B7B5FF55704F24809AE406EB180DB34EC81DB61
                                                                            Function 0083B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                              • Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
                                                                              • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
                                                                              • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
                                                                              • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083B6F4
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0083B772
                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 0083B80A
                                                                            • RegCloseKey.ADVAPI32(?), ref: 0083B87E
                                                                            • RegCloseKey.ADVAPI32(?), ref: 0083B89C
                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0083B8F2
                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0083B904
                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 0083B922
                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0083B983
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0083B994
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                            • API String ID: 146587525-4033151799
                                                                            • Opcode ID: a54c3aa904fc45b99503c02276fc718fba4217feda7901b5a0ce10c95142ad81
                                                                            • Instruction ID: 30513ba37bd3a0391948f638cf2344f51ef3e724e4cb0e6172822ab24584d91f
                                                                            • Opcode Fuzzy Hash: a54c3aa904fc45b99503c02276fc718fba4217feda7901b5a0ce10c95142ad81
                                                                            • Instruction Fuzzy Hash: 03C17A75208201EFD710DF14C499B6ABBE5FF84318F18849CF69A8B2A2DB35ED45CB91
                                                                            Function 0083255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDC.USER32(00000000), ref: 008325D8
                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 008325E8
                                                                            • CreateCompatibleDC.GDI32(?), ref: 008325F4
                                                                            • SelectObject.GDI32(00000000,?), ref: 00832601
                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0083266D
                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 008326AC
                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 008326D0
                                                                            • SelectObject.GDI32(?,?), ref: 008326D8
                                                                            • DeleteObject.GDI32(?), ref: 008326E1
                                                                            • DeleteDC.GDI32(?), ref: 008326E8
                                                                            • ReleaseDC.USER32(00000000,?), ref: 008326F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                            • String ID: (
                                                                            • API String ID: 2598888154-3887548279
                                                                            • Opcode ID: aad4aa2bc5f34126b20d361abbf775c0e74afc29abdbbb3e232eb1320852a9a9
                                                                            • Instruction ID: e8186a6d8b64aa710d723f887d49b43914c7514245dced594197877913144902
                                                                            • Opcode Fuzzy Hash: aad4aa2bc5f34126b20d361abbf775c0e74afc29abdbbb3e232eb1320852a9a9
                                                                            • Instruction Fuzzy Hash: CB61E275D01219EFCF14CFA8D885AAEBBBAFF48310F208529E955E7250E770A951CF90
                                                                            Function 007EDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ___free_lconv_mon.LIBCMT ref: 007EDAA1
                                                                              • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED659
                                                                              • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED66B
                                                                              • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED67D
                                                                              • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED68F
                                                                              • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6A1
                                                                              • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6B3
                                                                              • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6C5
                                                                              • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6D7
                                                                              • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6E9
                                                                              • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED6FB
                                                                              • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED70D
                                                                              • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED71F
                                                                              • Part of subcall function 007ED63C: _free.LIBCMT ref: 007ED731
                                                                            • _free.LIBCMT ref: 007EDA96
                                                                              • Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
                                                                              • Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0
                                                                            • _free.LIBCMT ref: 007EDAB8
                                                                            • _free.LIBCMT ref: 007EDACD
                                                                            • _free.LIBCMT ref: 007EDAD8
                                                                            • _free.LIBCMT ref: 007EDAFA
                                                                            • _free.LIBCMT ref: 007EDB0D
                                                                            • _free.LIBCMT ref: 007EDB1B
                                                                            • _free.LIBCMT ref: 007EDB26
                                                                            • _free.LIBCMT ref: 007EDB5E
                                                                            • _free.LIBCMT ref: 007EDB65
                                                                            • _free.LIBCMT ref: 007EDB82
                                                                            • _free.LIBCMT ref: 007EDB9A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                            • String ID:
                                                                            • API String ID: 161543041-0
                                                                            • Opcode ID: b4d5840bfc30ca9022307aa1ecd3015d85341cc2b50ad69d6863f88f0ff58c12
                                                                            • Instruction ID: cadab9b782c309b43f8f849fc2163c742b30370a4ad6403aaf63d0bd409cb1ad
                                                                            • Opcode Fuzzy Hash: b4d5840bfc30ca9022307aa1ecd3015d85341cc2b50ad69d6863f88f0ff58c12
                                                                            • Instruction Fuzzy Hash: 62315F71506288DFDB31AA76D84AB5677E8FF08310F115429E458E71A2EA3DFD418B20
                                                                            Function 0081365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 0081369C
                                                                            • _wcslen.LIBCMT ref: 008136A7
                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00813797
                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 0081380C
                                                                            • GetDlgCtrlID.USER32(?), ref: 0081385D
                                                                            • GetWindowRect.USER32(?,?), ref: 00813882
                                                                            • GetParent.USER32(?), ref: 008138A0
                                                                            • ScreenToClient.USER32(00000000), ref: 008138A7
                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00813921
                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 0081395D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                            • String ID: %s%u
                                                                            • API String ID: 4010501982-679674701
                                                                            • Opcode ID: a84072a21a3d19320f277c12d6fda2d5eee65f28471c589ccf53badaa9a65334
                                                                            • Instruction ID: b8174ff7018e758bc9656e04ec2446cebe36a206382cb83e366266fa773738bf
                                                                            • Opcode Fuzzy Hash: a84072a21a3d19320f277c12d6fda2d5eee65f28471c589ccf53badaa9a65334
                                                                            • Instruction Fuzzy Hash: C291AF71204606AFD719DF24C885FEAFBACFF45350F008629F999D2190DB34EA95CBA1
                                                                            Function 00814954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00814994
                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 008149DA
                                                                            • _wcslen.LIBCMT ref: 008149EB
                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 008149F7
                                                                            • _wcsstr.LIBVCRUNTIME ref: 00814A2C
                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00814A64
                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00814A9D
                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00814AE6
                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00814B20
                                                                            • GetWindowRect.USER32(?,?), ref: 00814B8B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                            • String ID: ThumbnailClass
                                                                            • API String ID: 1311036022-1241985126
                                                                            • Opcode ID: 4c35fe6e6f5a247bdd25830eca6ca770d27be02f05abf4b5ef2031bc679643ed
                                                                            • Instruction ID: d39455dc301cfbb0c8bd6abfc5b9519509f65586d4c80559f349caab81242975
                                                                            • Opcode Fuzzy Hash: 4c35fe6e6f5a247bdd25830eca6ca770d27be02f05abf4b5ef2031bc679643ed
                                                                            • Instruction Fuzzy Hash: D4919C710082059BDB04CF54C985BEA7BECFF84354F04946AFD8ADA196EB34ED85CBA1
                                                                            Function 0081BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(00881990,000000FF,00000000,00000030), ref: 0081BFAC
                                                                            • SetMenuItemInfoW.USER32(00881990,00000004,00000000,00000030), ref: 0081BFE1
                                                                            • Sleep.KERNEL32(000001F4), ref: 0081BFF3
                                                                            • GetMenuItemCount.USER32(?), ref: 0081C039
                                                                            • GetMenuItemID.USER32(?,00000000), ref: 0081C056
                                                                            • GetMenuItemID.USER32(?,-00000001), ref: 0081C082
                                                                            • GetMenuItemID.USER32(?,?), ref: 0081C0C9
                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0081C10F
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0081C124
                                                                            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0081C145
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                            • String ID: 0
                                                                            • API String ID: 1460738036-4108050209
                                                                            • Opcode ID: e4610a28e77910416d0b63c669583eda8edfdab0efebc535647e15a2c9ab2ec2
                                                                            • Instruction ID: 367f7f1afec4795ccb081c6da047aa1aa522907223a79dbc9b0dd2b170bc19de
                                                                            • Opcode Fuzzy Hash: e4610a28e77910416d0b63c669583eda8edfdab0efebc535647e15a2c9ab2ec2
                                                                            • Instruction Fuzzy Hash: 51615AB498024AABDF11CF68DC88AEEBBADFF06344F104155E811E3291CB35AD85CB61
                                                                            Function 0083CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0083CC64
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0083CC8D
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0083CD48
                                                                              • Part of subcall function 0083CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0083CCAA
                                                                              • Part of subcall function 0083CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0083CCBD
                                                                              • Part of subcall function 0083CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0083CCCF
                                                                              • Part of subcall function 0083CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0083CD05
                                                                              • Part of subcall function 0083CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0083CD28
                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 0083CCF3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                            • API String ID: 2734957052-4033151799
                                                                            • Opcode ID: 236d771883ecb8f5718df8a4d68d6aeb2cc41e63fef33f405f5dd9dfdb5d0d5c
                                                                            • Instruction ID: 22b0f1c9fc82eb60db71aec6aa43807974f58b74acdc6b38951f65299314fbbe
                                                                            • Opcode Fuzzy Hash: 236d771883ecb8f5718df8a4d68d6aeb2cc41e63fef33f405f5dd9dfdb5d0d5c
                                                                            • Instruction Fuzzy Hash: E9316C75902129BBDB609B65DC88EFFBB7CFF86754F000165B906E2240DA349A45DBE0
                                                                            Function 00823D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00823D40
                                                                            • _wcslen.LIBCMT ref: 00823D6D
                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00823D9D
                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00823DBE
                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 00823DCE
                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00823E55
                                                                            • CloseHandle.KERNEL32(00000000), ref: 00823E60
                                                                            • CloseHandle.KERNEL32(00000000), ref: 00823E6B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                            • String ID: :$\$\??\%s
                                                                            • API String ID: 1149970189-3457252023
                                                                            • Opcode ID: 5f0a3dcb3bbc06d1f1b19e66dc39d7fcc556453781af9770c3d5d753772d8af2
                                                                            • Instruction ID: d7ec37b13efa586e67184ed12d2c18261143e34b1aa1e80b6813f2a05535bd97
                                                                            • Opcode Fuzzy Hash: 5f0a3dcb3bbc06d1f1b19e66dc39d7fcc556453781af9770c3d5d753772d8af2
                                                                            • Instruction Fuzzy Hash: 1F31A176A00219ABDB209FA0DC49FEB37BCFF89700F1041A6F509D6160E7789784CB24
                                                                            Function 0081E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • timeGetTime.WINMM ref: 0081E6B4
                                                                              • Part of subcall function 007CE551: timeGetTime.WINMM(?,?,0081E6D4), ref: 007CE555
                                                                            • Sleep.KERNEL32(0000000A), ref: 0081E6E1
                                                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0081E705
                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0081E727
                                                                            • SetActiveWindow.USER32 ref: 0081E746
                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0081E754
                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 0081E773
                                                                            • Sleep.KERNEL32(000000FA), ref: 0081E77E
                                                                            • IsWindow.USER32 ref: 0081E78A
                                                                            • EndDialog.USER32(00000000), ref: 0081E79B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                            • String ID: BUTTON
                                                                            • API String ID: 1194449130-3405671355
                                                                            • Opcode ID: 22c13e52455321b8ca7607fcb0225ed33e9f6ebc23cc8a47bcbf6cc2d1258a7e
                                                                            • Instruction ID: 3ea98f274d18cb4169a702da365f9b00772bda9d6865b8e2c172d0039125f18f
                                                                            • Opcode Fuzzy Hash: 22c13e52455321b8ca7607fcb0225ed33e9f6ebc23cc8a47bcbf6cc2d1258a7e
                                                                            • Instruction Fuzzy Hash: 96218174201204AFFB50DF68EC89E653BADFF76748F144424F915C22A1EB75AC80CB25
                                                                            Function 0081E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0081EA5D
                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0081EA73
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0081EA84
                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0081EA96
                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0081EAA7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: SendString$_wcslen
                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                            • API String ID: 2420728520-1007645807
                                                                            • Opcode ID: e6bf2cb8509cf0db647adb5d170499a85c357bb953b725aa0141290a9e7839cb
                                                                            • Instruction ID: 466c79ea8bfe02a29b2e9699877d591223304839b2db0a0920f8bc2a81929720
                                                                            • Opcode Fuzzy Hash: e6bf2cb8509cf0db647adb5d170499a85c357bb953b725aa0141290a9e7839cb
                                                                            • Instruction Fuzzy Hash: 1511BF20A50229B9D720A3A1DC4AEFB6F7CFFD1B40F000429B925E20D5EA744984C5B0
                                                                            Function 00819F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?), ref: 0081A012
                                                                            • SetKeyboardState.USER32(?), ref: 0081A07D
                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 0081A09D
                                                                            • GetKeyState.USER32(000000A0), ref: 0081A0B4
                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 0081A0E3
                                                                            • GetKeyState.USER32(000000A1), ref: 0081A0F4
                                                                            • GetAsyncKeyState.USER32(00000011), ref: 0081A120
                                                                            • GetKeyState.USER32(00000011), ref: 0081A12E
                                                                            • GetAsyncKeyState.USER32(00000012), ref: 0081A157
                                                                            • GetKeyState.USER32(00000012), ref: 0081A165
                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 0081A18E
                                                                            • GetKeyState.USER32(0000005B), ref: 0081A19C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: State$Async$Keyboard
                                                                            • String ID:
                                                                            • API String ID: 541375521-0
                                                                            • Opcode ID: 497a251811f0993f0798f257375429fc50bc91dec2e6000eb5f95f13b0f4b153
                                                                            • Instruction ID: 7bb4f49127d558ea732d146b7d421f176b9fce52cb93254030d5f38b1a29d488
                                                                            • Opcode Fuzzy Hash: 497a251811f0993f0798f257375429fc50bc91dec2e6000eb5f95f13b0f4b153
                                                                            • Instruction Fuzzy Hash: 4E51B96490578469FB39DB64C4117EABFBCEF12340F084599D5C2D61C2DA649ACCC763
                                                                            Function 00815CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDlgItem.USER32(?,00000001), ref: 00815CE2
                                                                            • GetWindowRect.USER32(00000000,?), ref: 00815CFB
                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00815D59
                                                                            • GetDlgItem.USER32(?,00000002), ref: 00815D69
                                                                            • GetWindowRect.USER32(00000000,?), ref: 00815D7B
                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00815DCF
                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00815DDD
                                                                            • GetWindowRect.USER32(00000000,?), ref: 00815DEF
                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00815E31
                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00815E44
                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00815E5A
                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00815E67
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                            • String ID:
                                                                            • API String ID: 3096461208-0
                                                                            • Opcode ID: df0719639641416704eabca035255ab84f0f749b18f3771593a4b201515f0403
                                                                            • Instruction ID: 0eb812a29dc43a0ca2b843a20ade7daea5dcc3de54e3bfe8f0eacaf70f353b37
                                                                            • Opcode Fuzzy Hash: df0719639641416704eabca035255ab84f0f749b18f3771593a4b201515f0403
                                                                            • Instruction Fuzzy Hash: BE510E75B01609AFDF18CF68DD89AAEBBB9FF89300F148129F915E6290D7709E40CB50
                                                                            Function 007C8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007C8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007C8BE8,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 007C8FC5
                                                                            • DestroyWindow.USER32(?), ref: 007C8C81
                                                                            • KillTimer.USER32(00000000,?,?,?,?,007C8BBA,00000000,?), ref: 007C8D1B
                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00806973
                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 008069A1
                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,007C8BBA,00000000,?), ref: 008069B8
                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,007C8BBA,00000000), ref: 008069D4
                                                                            • DeleteObject.GDI32(00000000), ref: 008069E6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                            • String ID:
                                                                            • API String ID: 641708696-0
                                                                            • Opcode ID: 59f78126dd5f9fda10547256c65b812d82d84c57e13774994908d9309df60b37
                                                                            • Instruction ID: bcb263434e6f0378092e68be610bd50ffb88919ec2be2df314bcc872dc5a5daf
                                                                            • Opcode Fuzzy Hash: 59f78126dd5f9fda10547256c65b812d82d84c57e13774994908d9309df60b37
                                                                            • Instruction Fuzzy Hash: 3561BD31102A10DFCBB59F18DD48B25BBF5FB41312F14456CE0429BAA0CB39ACA1DFA6
                                                                            Function 007C9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007C9944: GetWindowLongW.USER32(?,000000EB), ref: 007C9952
                                                                            • GetSysColor.USER32(0000000F), ref: 007C9862
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ColorLongWindow
                                                                            • String ID:
                                                                            • API String ID: 259745315-0
                                                                            • Opcode ID: e0d57f440088004a5f9b58c821e61bbba51619d6b014fa08e57b2500c340d0d0
                                                                            • Instruction ID: 5b267e0ef934107272f051fbd7921e2ba9c0aa5ba0533bccb465315cd8ecbcb9
                                                                            • Opcode Fuzzy Hash: e0d57f440088004a5f9b58c821e61bbba51619d6b014fa08e57b2500c340d0d0
                                                                            • Instruction Fuzzy Hash: 79417D35505640AFDBA05F389C88FB93BA9FB47330F14465DFAA2871E2D735A942DB10
                                                                            Function 007E8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .}
                                                                            • API String ID: 0-2266125135
                                                                            • Opcode ID: f9e43d3984fe416a90cab7291451a35ea3c5704c9c9fbed47d7df97e1be1d1ea
                                                                            • Instruction ID: 2be937ed8ee9abca35004e715190fcad8cb3275e3a1b5ce37c4b2fe708a5de9b
                                                                            • Opcode Fuzzy Hash: f9e43d3984fe416a90cab7291451a35ea3c5704c9c9fbed47d7df97e1be1d1ea
                                                                            • Instruction Fuzzy Hash: 2AC13675905289EFCF51DFAAC844BADBBB0BF0D310F044199E619AB392C7389941CF61
                                                                            Function 008196E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,007FF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00819717
                                                                            • LoadStringW.USER32(00000000,?,007FF7F8,00000001), ref: 00819720
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,007FF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00819742
                                                                            • LoadStringW.USER32(00000000,?,007FF7F8,00000001), ref: 00819745
                                                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00819866
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                            • API String ID: 747408836-2268648507
                                                                            • Opcode ID: 3cfda51a4965d2061224a6e9395e96e044ee31c20fcd36766a41474d2b0354b4
                                                                            • Instruction ID: 3da26277cd922559b3b0e6bc49e58a195898d5cb668853ce9604f15d9db22a2e
                                                                            • Opcode Fuzzy Hash: 3cfda51a4965d2061224a6e9395e96e044ee31c20fcd36766a41474d2b0354b4
                                                                            • Instruction Fuzzy Hash: AF411371800219AACB04EBE4DD9AEEEB77CFF55340F504465F605B2192EB396F88CB61
                                                                            Function 008106DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 008107A2
                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 008107BE
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 008107DA
                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00810804
                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0081082C
                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00810837
                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0081083C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                            • API String ID: 323675364-22481851
                                                                            • Opcode ID: 18910849108dce7a890fcdc0a30a1b75a0a00d841621e82f73c55500dd898c4d
                                                                            • Instruction ID: c41c86ff60da3f0400585c3dd958b69d18e7d4d9c590baab1d0996459de86142
                                                                            • Opcode Fuzzy Hash: 18910849108dce7a890fcdc0a30a1b75a0a00d841621e82f73c55500dd898c4d
                                                                            • Instruction Fuzzy Hash: 0B413872C00229EBDF11EBA4DC89DEEB778FF04340B144129E915A31A1EB74AE84CF90
                                                                            Function 00843F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0084403B
                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 00844042
                                                                            • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00844055
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0084405D
                                                                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 00844068
                                                                            • DeleteDC.GDI32(00000000), ref: 00844072
                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 0084407C
                                                                            • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00844092
                                                                            • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 0084409E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                            • String ID: static
                                                                            • API String ID: 2559357485-2160076837
                                                                            • Opcode ID: 52249f73ed6b33390965c6ef48fac6664ba563ea6c1944eb5cdd2e746fec01af
                                                                            • Instruction ID: 4b38fab7eda6b3b3ef4c4f8c1fe1da5bb9d282187d89e48847d2a202fdd98c2e
                                                                            • Opcode Fuzzy Hash: 52249f73ed6b33390965c6ef48fac6664ba563ea6c1944eb5cdd2e746fec01af
                                                                            • Instruction Fuzzy Hash: 43315A36502219ABDF619FA8DC09FDA3B6CFF0E324F110215FA59E61A0D775D820DB54
                                                                            Function 00833C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(?), ref: 00833C5C
                                                                            • CoInitialize.OLE32(00000000), ref: 00833C8A
                                                                            • CoUninitialize.OLE32 ref: 00833C94
                                                                            • _wcslen.LIBCMT ref: 00833D2D
                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 00833DB1
                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 00833ED5
                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00833F0E
                                                                            • CoGetObject.OLE32(?,00000000,0084FB98,?), ref: 00833F2D
                                                                            • SetErrorMode.KERNEL32(00000000), ref: 00833F40
                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00833FC4
                                                                            • VariantClear.OLEAUT32(?), ref: 00833FD8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                            • String ID:
                                                                            • API String ID: 429561992-0
                                                                            • Opcode ID: 310b64ab8eba9e7c3be35206d2d3682098833e9b83f6811a07eb76747ff0ddf8
                                                                            • Instruction ID: b0c05532ad7d56a888cb74c4010604013c8d576b1888322cbecfbabd622cf773
                                                                            • Opcode Fuzzy Hash: 310b64ab8eba9e7c3be35206d2d3682098833e9b83f6811a07eb76747ff0ddf8
                                                                            • Instruction Fuzzy Hash: FDC11271608205AFD700DF68C88496BBBE9FF89748F10491DF98ADB211DB71EE45CB92
                                                                            Function 00827A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoInitialize.OLE32(00000000), ref: 00827AF3
                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00827B8F
                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 00827BA3
                                                                            • CoCreateInstance.OLE32(0084FD08,00000000,00000001,00876E6C,?), ref: 00827BEF
                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00827C74
                                                                            • CoTaskMemFree.OLE32(?,?), ref: 00827CCC
                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00827D57
                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00827D7A
                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00827D81
                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00827DD6
                                                                            • CoUninitialize.OLE32 ref: 00827DDC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                            • String ID:
                                                                            • API String ID: 2762341140-0
                                                                            • Opcode ID: 5ed7ae773a31b71ac91a7124bae52729996454adf448d54e7855004a417f8db4
                                                                            • Instruction ID: 3e07028b8b9a9bdecc91e7ec1a2ce444fd55c8370204e76c459b60ea7b55d35e
                                                                            • Opcode Fuzzy Hash: 5ed7ae773a31b71ac91a7124bae52729996454adf448d54e7855004a417f8db4
                                                                            • Instruction Fuzzy Hash: 2DC14B75A00119EFCB14DFA4D888DAEBBF9FF48304B1484A9E916DB261D730ED81CB90
                                                                            Function 0084541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00845504
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00845515
                                                                            • CharNextW.USER32(00000158), ref: 00845544
                                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00845585
                                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0084559B
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 008455AC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CharNext
                                                                            • String ID:
                                                                            • API String ID: 1350042424-0
                                                                            • Opcode ID: 4cfbe50355e38dd0333251ad56e587f816efc3953ca398ac610f21f2b0026575
                                                                            • Instruction ID: 8dfd5ab271c0b9f81d60831491258d3683578e9a2e4c0435a98da25e36755efd
                                                                            • Opcode Fuzzy Hash: 4cfbe50355e38dd0333251ad56e587f816efc3953ca398ac610f21f2b0026575
                                                                            • Instruction Fuzzy Hash: 21619F7490560CEFDF509F64CC849FE7BB9FB06728F108149F925EA292D7748A81DB60
                                                                            Function 0080FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0080FAAF
                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 0080FB08
                                                                            • VariantInit.OLEAUT32(?), ref: 0080FB1A
                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 0080FB3A
                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0080FB8D
                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 0080FBA1
                                                                            • VariantClear.OLEAUT32(?), ref: 0080FBB6
                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 0080FBC3
                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0080FBCC
                                                                            • VariantClear.OLEAUT32(?), ref: 0080FBDE
                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0080FBE9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                            • String ID:
                                                                            • API String ID: 2706829360-0
                                                                            • Opcode ID: 73454fe1ff715a895f3dcde965c7f42dbf9aa5f6f8979d3327ca3674efa20e18
                                                                            • Instruction ID: e1a3dc52d10de2c2d2ec2c207d72e608bbb37b7187ac62d38be907bfa884417d
                                                                            • Opcode Fuzzy Hash: 73454fe1ff715a895f3dcde965c7f42dbf9aa5f6f8979d3327ca3674efa20e18
                                                                            • Instruction Fuzzy Hash: 63415F35A01219DFCB50DF68CC689AEBBB9FF49354F00C069E945E7262CB34A945CFA4
                                                                            Function 00819C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?), ref: 00819CA1
                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00819D22
                                                                            • GetKeyState.USER32(000000A0), ref: 00819D3D
                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00819D57
                                                                            • GetKeyState.USER32(000000A1), ref: 00819D6C
                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00819D84
                                                                            • GetKeyState.USER32(00000011), ref: 00819D96
                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00819DAE
                                                                            • GetKeyState.USER32(00000012), ref: 00819DC0
                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00819DD8
                                                                            • GetKeyState.USER32(0000005B), ref: 00819DEA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: State$Async$Keyboard
                                                                            • String ID:
                                                                            • API String ID: 541375521-0
                                                                            • Opcode ID: d386c8a2160d8b4e9696b6cff84dd06ffe703883b29f3161f89eec673f896949
                                                                            • Instruction ID: 4ac756ada051ed6f5c97e8d2a3ef22eafb4b79da475fa8f9ee0feff2d421e4d1
                                                                            • Opcode Fuzzy Hash: d386c8a2160d8b4e9696b6cff84dd06ffe703883b29f3161f89eec673f896949
                                                                            • Instruction Fuzzy Hash: E241D5346047C96DFF708664D8243F5BEE8FF12344F08805ADAC6965C2EBA499C8C7A2
                                                                            Function 0083055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 008305BC
                                                                            • inet_addr.WSOCK32(?), ref: 0083061C
                                                                            • gethostbyname.WSOCK32(?), ref: 00830628
                                                                            • IcmpCreateFile.IPHLPAPI ref: 00830636
                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 008306C6
                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 008306E5
                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 008307B9
                                                                            • WSACleanup.WSOCK32 ref: 008307BF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                            • String ID: Ping
                                                                            • API String ID: 1028309954-2246546115
                                                                            • Opcode ID: 9f1c6d2bd0c054155880706f675eafd4543a66b097340ad0e4c8344b4ee3406b
                                                                            • Instruction ID: 890a9b139598f197213da5b6c45959010b813cdda79e84996e8a0abf4f09147b
                                                                            • Opcode Fuzzy Hash: 9f1c6d2bd0c054155880706f675eafd4543a66b097340ad0e4c8344b4ee3406b
                                                                            • Instruction Fuzzy Hash: 4A9167356082019FD320DF19C899B1ABBE4FF88318F1485A9E46ADB6A2C735EC41CFD1
                                                                            Function 00838CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharLower
                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                            • API String ID: 707087890-567219261
                                                                            • Opcode ID: 3e86d6065a0e9a89aea144e1dd64b6321b5c080b7a0bf494f6e246c3cd337bbe
                                                                            • Instruction ID: 90a78edcf8663f084168a90b63eb67ea37c53a765f1495acc384709c61ec4946
                                                                            • Opcode Fuzzy Hash: 3e86d6065a0e9a89aea144e1dd64b6321b5c080b7a0bf494f6e246c3cd337bbe
                                                                            • Instruction Fuzzy Hash: 5D518031A00616DBCF14DF68C9909BEB7A5FFA4724B214229F526E7284EB35DD44C7D0
                                                                            Function 0083372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoInitialize.OLE32 ref: 00833774
                                                                            • CoUninitialize.OLE32 ref: 0083377F
                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,0084FB78,?), ref: 008337D9
                                                                            • IIDFromString.OLE32(?,?), ref: 0083384C
                                                                            • VariantInit.OLEAUT32(?), ref: 008338E4
                                                                            • VariantClear.OLEAUT32(?), ref: 00833936
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                            • API String ID: 636576611-1287834457
                                                                            • Opcode ID: 6b29be6bb1937d9edfe9d6fd0db38bbc51a82e99456c34b2f48f8574a17e85e7
                                                                            • Instruction ID: 6cddecab79ad8871549343a6c0d4c90db660dbfc4de05ef1879aa6d1fe3bd628
                                                                            • Opcode Fuzzy Hash: 6b29be6bb1937d9edfe9d6fd0db38bbc51a82e99456c34b2f48f8574a17e85e7
                                                                            • Instruction Fuzzy Hash: DD6159B4608301AFD310DF54C889B6ABBE8FF89714F104929F995DB291C774EE48CB92
                                                                            Function 00823388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 008233CF
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 008233F0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LoadString$_wcslen
                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                            • API String ID: 4099089115-3080491070
                                                                            • Opcode ID: 7142b1ed3cb79f5af9ccfd49f4bf376ca0e2db01c250d55f187c9cc3b900ca74
                                                                            • Instruction ID: 4306ef850d39e4e6f7aad73a72c4e0ff3be64cf4962e258a73550ceb2f8df60b
                                                                            • Opcode Fuzzy Hash: 7142b1ed3cb79f5af9ccfd49f4bf376ca0e2db01c250d55f187c9cc3b900ca74
                                                                            • Instruction Fuzzy Hash: FA51A371800219EADF14EBA0DD5AEEEB7B8FF14340F204065F119B2151EB396F98DB61
                                                                            Function 0081B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharUpper
                                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                            • API String ID: 1256254125-769500911
                                                                            • Opcode ID: 61c0155671e3f2669a1662d988e1b2342c69914ace5b6fea8ffac2fa343b47da
                                                                            • Instruction ID: cb380ac7da1442273fc2c591bf2d50ce2b3ccfaaaa10d0ee1fe13686e9b32751
                                                                            • Opcode Fuzzy Hash: 61c0155671e3f2669a1662d988e1b2342c69914ace5b6fea8ffac2fa343b47da
                                                                            • Instruction Fuzzy Hash: 4D41A032A001269BCB206F7988A05FEB7A9FFB17A4F244229E525D7284F735CDC1C690
                                                                            Function 00825393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 008253A0
                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00825416
                                                                            • GetLastError.KERNEL32 ref: 00825420
                                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 008254A7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                            • API String ID: 4194297153-14809454
                                                                            • Opcode ID: c3472e5c528a082446a2894f8633d010d2591f534d079579d86b0b40f5de2b2b
                                                                            • Instruction ID: 50c0c3b545787483bf7cbd5eab23f08f67032dfe1d1d9d40023dd666d82a3c06
                                                                            • Opcode Fuzzy Hash: c3472e5c528a082446a2894f8633d010d2591f534d079579d86b0b40f5de2b2b
                                                                            • Instruction Fuzzy Hash: 6D31D2B5A40614DFD710EF68D488BAABBB4FF05305F148066E505CB292E771DDC6CBA0
                                                                            Function 00843C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMenu.USER32 ref: 00843C79
                                                                            • SetMenu.USER32(?,00000000), ref: 00843C88
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00843D10
                                                                            • IsMenu.USER32(?), ref: 00843D24
                                                                            • CreatePopupMenu.USER32 ref: 00843D2E
                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00843D5B
                                                                            • DrawMenuBar.USER32 ref: 00843D63
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                            • String ID: 0$F
                                                                            • API String ID: 161812096-3044882817
                                                                            • Opcode ID: 71c8fd9c983dba33de3926d474a02cbfeb2434a30892d7ed57d4c19cce65d648
                                                                            • Instruction ID: fd888473996f90fdc6f8c2a8df4fb9a123c2a2671e5dc7477db360518a91c825
                                                                            • Opcode Fuzzy Hash: 71c8fd9c983dba33de3926d474a02cbfeb2434a30892d7ed57d4c19cce65d648
                                                                            • Instruction Fuzzy Hash: BA412779A02209EFDB14DF64D884BAEBBB9FF49350F140029E956A7360D770AA11CB94
                                                                            Function 00811EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                              • Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA
                                                                            • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00811F64
                                                                            • GetDlgCtrlID.USER32 ref: 00811F6F
                                                                            • GetParent.USER32 ref: 00811F8B
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00811F8E
                                                                            • GetDlgCtrlID.USER32(?), ref: 00811F97
                                                                            • GetParent.USER32(?), ref: 00811FAB
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00811FAE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 711023334-1403004172
                                                                            • Opcode ID: baf27075a124c8aeae314851a3b7f90137e49caa0000450ad59482434fb60a6d
                                                                            • Instruction ID: 4d3bc2548a1a7201342eff14d7863019603d101ce725feafc6decb823a6afb35
                                                                            • Opcode Fuzzy Hash: baf27075a124c8aeae314851a3b7f90137e49caa0000450ad59482434fb60a6d
                                                                            • Instruction Fuzzy Hash: F321B374A00118BBCF44AFA0CC89AEEBBB8FF16314F104119BA65A7291DB785949DB60
                                                                            Function 00811FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                              • Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA
                                                                            • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00812043
                                                                            • GetDlgCtrlID.USER32 ref: 0081204E
                                                                            • GetParent.USER32 ref: 0081206A
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 0081206D
                                                                            • GetDlgCtrlID.USER32(?), ref: 00812076
                                                                            • GetParent.USER32(?), ref: 0081208A
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 0081208D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 711023334-1403004172
                                                                            • Opcode ID: f1fd6916b25bbd3dfc6e1c15c44d4a978097a7e7ba87c753da7ef50d33173ae3
                                                                            • Instruction ID: 5d8af3269f41b278c269c2139d875599891a2ce7111731a0f9cbd4470951da0b
                                                                            • Opcode Fuzzy Hash: f1fd6916b25bbd3dfc6e1c15c44d4a978097a7e7ba87c753da7ef50d33173ae3
                                                                            • Instruction Fuzzy Hash: 9121D7B5900218BBCF14AFA0CC89EFEBBBCFF19344F104005BA65A7191D7794554DB60
                                                                            Function 00843A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00843A9D
                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00843AA0
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00843AC7
                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00843AEA
                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00843B62
                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00843BAC
                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00843BC7
                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00843BE2
                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00843BF6
                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00843C13
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$LongWindow
                                                                            • String ID:
                                                                            • API String ID: 312131281-0
                                                                            • Opcode ID: b36c6fa13d8c906a34c9adcb2f31529d9fdf4a57c04368defd06e6e247e5a32e
                                                                            • Instruction ID: 06b1834d92bbfcd46ba937aa7ff566edff02a09fb7628493f902ccb89660bb0e
                                                                            • Opcode Fuzzy Hash: b36c6fa13d8c906a34c9adcb2f31529d9fdf4a57c04368defd06e6e247e5a32e
                                                                            • Instruction Fuzzy Hash: FB617775A00208AFDB11DFA8CC85EEEB7B8FB09714F104199FA15E72A1C774AA46DF50
                                                                            Function 0081B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentThreadId.KERNEL32 ref: 0081B151
                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B165
                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 0081B16C
                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B17B
                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 0081B18D
                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B1A6
                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B1B8
                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B1FD
                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B212
                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0081A1E1,?,00000001), ref: 0081B21D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                            • String ID:
                                                                            • API String ID: 2156557900-0
                                                                            • Opcode ID: 2ce2ec533c8e28eec879781e5703d6e6d5a3ea3c9dbf2e818ce61bdc61ed408b
                                                                            • Instruction ID: d7dfd91ac48a9c2f86063d4c9b0975a32e418046316e917454caa7fa5a5ea460
                                                                            • Opcode Fuzzy Hash: 2ce2ec533c8e28eec879781e5703d6e6d5a3ea3c9dbf2e818ce61bdc61ed408b
                                                                            • Instruction Fuzzy Hash: 3D31A9B5601604BFDB10AF68DC58FAD7BADFF62711F218009FA01DA190D7B49A84CF64
                                                                            Function 007E2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _free.LIBCMT ref: 007E2C94
                                                                              • Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
                                                                              • Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0
                                                                            • _free.LIBCMT ref: 007E2CA0
                                                                            • _free.LIBCMT ref: 007E2CAB
                                                                            • _free.LIBCMT ref: 007E2CB6
                                                                            • _free.LIBCMT ref: 007E2CC1
                                                                            • _free.LIBCMT ref: 007E2CCC
                                                                            • _free.LIBCMT ref: 007E2CD7
                                                                            • _free.LIBCMT ref: 007E2CE2
                                                                            • _free.LIBCMT ref: 007E2CED
                                                                            • _free.LIBCMT ref: 007E2CFB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: 6a5642ee0f4265d412e1b5124f56cbb85029b90440b2839ac6e66c2600181a35
                                                                            • Instruction ID: 652d438804ef9c724adc7d609681b5c562699d3d061682c5deed2efa36a3ee23
                                                                            • Opcode Fuzzy Hash: 6a5642ee0f4265d412e1b5124f56cbb85029b90440b2839ac6e66c2600181a35
                                                                            • Instruction Fuzzy Hash: 9D11B376101148EFCB02EF56D846C9D3BA9BF09350F5254A0FA48AB233D639EA519F90
                                                                            Function 00827DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00827FAD
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00827FC1
                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00827FEB
                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00828005
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00828017
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00828060
                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 008280B0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                            • String ID: *.*
                                                                            • API String ID: 769691225-438819550
                                                                            • Opcode ID: 15159bcc5d01456358efb080b8c0ba9bf1e9d4648a77b2db2fdfa16cbe39be94
                                                                            • Instruction ID: 04672a6c4cc442ebd48c1820beb9078b5bb82227de0c67f45853a57616257c1e
                                                                            • Opcode Fuzzy Hash: 15159bcc5d01456358efb080b8c0ba9bf1e9d4648a77b2db2fdfa16cbe39be94
                                                                            • Instruction Fuzzy Hash: 0281C076508255DBCB20EF15D844AAAB3E8FF88714F55486EF885C7250EB34ED84CBA2
                                                                            Function 007B5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 007B5C7A
                                                                              • Part of subcall function 007B5D0A: GetClientRect.USER32(?,?), ref: 007B5D30
                                                                              • Part of subcall function 007B5D0A: GetWindowRect.USER32(?,?), ref: 007B5D71
                                                                              • Part of subcall function 007B5D0A: ScreenToClient.USER32(?,?), ref: 007B5D99
                                                                            • GetDC.USER32 ref: 007F46F5
                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 007F4708
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 007F4716
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 007F472B
                                                                            • ReleaseDC.USER32(?,00000000), ref: 007F4733
                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 007F47C4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                            • String ID: U
                                                                            • API String ID: 4009187628-3372436214
                                                                            • Opcode ID: 51bfc8d57aa8a0e34585e1a044a973e03e8b4678cecb6ab39cbe38197646279b
                                                                            • Instruction ID: 02f2abdcbaf424dbf86495f22651afc7e668d08a574b6fb4baaeab3f8151260d
                                                                            • Opcode Fuzzy Hash: 51bfc8d57aa8a0e34585e1a044a973e03e8b4678cecb6ab39cbe38197646279b
                                                                            • Instruction Fuzzy Hash: CF71E135500209DFCF219F68C984BFB7BB6FF4A360F144269EE559A266C7398841DF60
                                                                            Function 0082359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 008235E4
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                            • LoadStringW.USER32(00882390,?,00000FFF,?), ref: 0082360A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LoadString$_wcslen
                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                            • API String ID: 4099089115-2391861430
                                                                            • Opcode ID: 77649d3f5a9ae6c421c0708659f2871c0036acc6fc8808a0481f2c536b6c3605
                                                                            • Instruction ID: a48a8a34419c28ff3563222028f5279c371d02c04acc1052cbd9fadf4c8e0768
                                                                            • Opcode Fuzzy Hash: 77649d3f5a9ae6c421c0708659f2871c0036acc6fc8808a0481f2c536b6c3605
                                                                            • Instruction Fuzzy Hash: FE513B71800219FACF14EBA4DC9AEEEBB78FF14300F144125F215A21A1EB395AD9DF61
                                                                            Function 0082C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0082C272
                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0082C29A
                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0082C2CA
                                                                            • GetLastError.KERNEL32 ref: 0082C322
                                                                            • SetEvent.KERNEL32(?), ref: 0082C336
                                                                            • InternetCloseHandle.WININET(00000000), ref: 0082C341
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                            • String ID:
                                                                            • API String ID: 3113390036-3916222277
                                                                            • Opcode ID: 8034bf4c8262d34c9def46e377874ab1b2221defc5f4d5c38e9963dbdc3cabf2
                                                                            • Instruction ID: 3a89b5d80945110745e383bff48d8acbcafa968d149f7bdf3c7c825cde2d7352
                                                                            • Opcode Fuzzy Hash: 8034bf4c8262d34c9def46e377874ab1b2221defc5f4d5c38e9963dbdc3cabf2
                                                                            • Instruction Fuzzy Hash: 8F317CB5500618AFD721DFA8A888ABF7AFCFB49744B10891EA446D2200DB74DD848B61
                                                                            Function 0081989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,007F3AAF,?,?,Bad directive syntax error,0084CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 008198BC
                                                                            • LoadStringW.USER32(00000000,?,007F3AAF,?), ref: 008198C3
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00819987
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                            • API String ID: 858772685-4153970271
                                                                            • Opcode ID: fd1863f1c27539792cbbf70b8af028657b1bb30e9cc320a01425770b1479bf00
                                                                            • Instruction ID: e1bbf06c5e3e51803466a8de2ed01a127228210785854a541e8f189fb746ae31
                                                                            • Opcode Fuzzy Hash: fd1863f1c27539792cbbf70b8af028657b1bb30e9cc320a01425770b1479bf00
                                                                            • Instruction Fuzzy Hash: 8B21713180021DFBCF15AF90CC1AEEE7B79FF14304F044459F629A61A2EB3996A8CB10
                                                                            Function 0081209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetParent.USER32 ref: 008120AB
                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 008120C0
                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0081214D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameParentSend
                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                            • API String ID: 1290815626-3381328864
                                                                            • Opcode ID: 6892a3a97441899cfb81af8dcdf1fe6a99f3574a5f61602b55ff6310859656e3
                                                                            • Instruction ID: cab16a55a736dad167132639c66e664090987a771a4beaa6e93f9de000dcc777
                                                                            • Opcode Fuzzy Hash: 6892a3a97441899cfb81af8dcdf1fe6a99f3574a5f61602b55ff6310859656e3
                                                                            • Instruction Fuzzy Hash: A7113A7A684706FAF705A220DC0ACFA33ACFF15324B20801AFB08F41D1FBA9B8915614
                                                                            Function 007ECE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                            • String ID:
                                                                            • API String ID: 1282221369-0
                                                                            • Opcode ID: 8321e2c0fa5952564485060166c2f5765e33a2a55eacae668c18c89f0fd95f37
                                                                            • Instruction ID: fe8dd19ac04ea27b3e7256d47128b552c4b5116a2b9408b64761d3a90be52154
                                                                            • Opcode Fuzzy Hash: 8321e2c0fa5952564485060166c2f5765e33a2a55eacae668c18c89f0fd95f37
                                                                            • Instruction Fuzzy Hash: A4614C77906384EFDB32AFBA984966D7BA9AF0D310F04456DF940A7243D63D9D028B50
                                                                            Function 008450D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00845186
                                                                            • ShowWindow.USER32(?,00000000), ref: 008451C7
                                                                            • ShowWindow.USER32(?,00000005,?,00000000), ref: 008451CD
                                                                            • SetFocus.USER32(?,?,00000005,?,00000000), ref: 008451D1
                                                                              • Part of subcall function 00846FBA: DeleteObject.GDI32(00000000), ref: 00846FE6
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 0084520D
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0084521A
                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0084524D
                                                                            • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00845287
                                                                            • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00845296
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                            • String ID:
                                                                            • API String ID: 3210457359-0
                                                                            • Opcode ID: 8f0a84837acae2106faca4cfe8207961aef71eed7c610e1a167031ebecd97dc6
                                                                            • Instruction ID: 75e6c107adff9cb8b1013354cbe0fab6900dfba01e3ccc17adeb4e9faf1527d8
                                                                            • Opcode Fuzzy Hash: 8f0a84837acae2106faca4cfe8207961aef71eed7c610e1a167031ebecd97dc6
                                                                            • Instruction Fuzzy Hash: 6A519C30A41A1CFFEF609F28CC4AB9D7B65FB05325F148016FA25D62E2C7B5A980DB41
                                                                            Function 007C8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00806890
                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 008068A9
                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 008068B9
                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 008068D1
                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 008068F2
                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007C8874,00000000,00000000,00000000,000000FF,00000000), ref: 00806901
                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0080691E
                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,007C8874,00000000,00000000,00000000,000000FF,00000000), ref: 0080692D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                            • String ID:
                                                                            • API String ID: 1268354404-0
                                                                            • Opcode ID: 711e42a9a0a428c5c1f22cd27fe0e912172af0326fa9979c58ea1f0744ffc6d0
                                                                            • Instruction ID: 5e0b3aa9ee89f5fef339af56f5f62f411b8c91e415d8fa41549e1ec92fd17814
                                                                            • Opcode Fuzzy Hash: 711e42a9a0a428c5c1f22cd27fe0e912172af0326fa9979c58ea1f0744ffc6d0
                                                                            • Instruction Fuzzy Hash: DC5169B0600209EFDB608F28CC55FAA7BB9FB54750F10452CF906D62A0EB74ADA0DB50
                                                                            Function 0082C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0082C182
                                                                            • GetLastError.KERNEL32 ref: 0082C195
                                                                            • SetEvent.KERNEL32(?), ref: 0082C1A9
                                                                              • Part of subcall function 0082C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0082C272
                                                                              • Part of subcall function 0082C253: GetLastError.KERNEL32 ref: 0082C322
                                                                              • Part of subcall function 0082C253: SetEvent.KERNEL32(?), ref: 0082C336
                                                                              • Part of subcall function 0082C253: InternetCloseHandle.WININET(00000000), ref: 0082C341
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                            • String ID:
                                                                            • API String ID: 337547030-0
                                                                            • Opcode ID: 1392931aa63f858ddfd21a0f10396e5e67c51c1ebaafeffc0c2336b9c4281c31
                                                                            • Instruction ID: 1fad6b94899d83c3edd4abb21bee5866492c9e844697abbb36857ef45cc2a9d1
                                                                            • Opcode Fuzzy Hash: 1392931aa63f858ddfd21a0f10396e5e67c51c1ebaafeffc0c2336b9c4281c31
                                                                            • Instruction Fuzzy Hash: 1E317A75201A15EFDB219FA9ED44A7ABBECFF19300B00441EF956C3610DB71E894DBA0
                                                                            Function 008125A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00813A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00813A57
                                                                              • Part of subcall function 00813A3D: GetCurrentThreadId.KERNEL32 ref: 00813A5E
                                                                              • Part of subcall function 00813A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008125B3), ref: 00813A65
                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 008125BD
                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 008125DB
                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 008125DF
                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 008125E9
                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00812601
                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00812605
                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 0081260F
                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00812623
                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00812627
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                            • String ID:
                                                                            • API String ID: 2014098862-0
                                                                            • Opcode ID: 7b0984cd7907b28f8c79523810c55c46ad1e50261fb4f8d92e5bf4eee38d5269
                                                                            • Instruction ID: 493717cd3c3f6c731c72a4779ce87681a4376879d2b4514bf4dd99fd7cefdc96
                                                                            • Opcode Fuzzy Hash: 7b0984cd7907b28f8c79523810c55c46ad1e50261fb4f8d92e5bf4eee38d5269
                                                                            • Instruction Fuzzy Hash: F001D430391624BBFB5067689C8AF993F5DFF5EB12F100005F318EE0D1C9E22484CAAA
                                                                            Function 00811803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00811449,?,?,00000000), ref: 0081180C
                                                                            • HeapAlloc.KERNEL32(00000000,?,00811449,?,?,00000000), ref: 00811813
                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00811449,?,?,00000000), ref: 00811828
                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,00811449,?,?,00000000), ref: 00811830
                                                                            • DuplicateHandle.KERNEL32(00000000,?,00811449,?,?,00000000), ref: 00811833
                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00811449,?,?,00000000), ref: 00811843
                                                                            • GetCurrentProcess.KERNEL32(00811449,00000000,?,00811449,?,?,00000000), ref: 0081184B
                                                                            • DuplicateHandle.KERNEL32(00000000,?,00811449,?,?,00000000), ref: 0081184E
                                                                            • CreateThread.KERNEL32(00000000,00000000,00811874,00000000,00000000,00000000), ref: 00811868
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                            • String ID:
                                                                            • API String ID: 1957940570-0
                                                                            • Opcode ID: fbffd52bbafdab8eaa33673d74369d63bcf9bc1551bdd7e9b8d689e1d5a860b4
                                                                            • Instruction ID: e1545f617d9ed093512c0ae81740e26d641096b2133053a529326da6fffc7ba4
                                                                            • Opcode Fuzzy Hash: fbffd52bbafdab8eaa33673d74369d63bcf9bc1551bdd7e9b8d689e1d5a860b4
                                                                            • Instruction Fuzzy Hash: 9C01BF75241304BFE750AFA5DC4DF577B6CFB8AB11F004411FA05DB291C6749800CB20
                                                                            Function 007E3E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __alldvrm$_strrchr
                                                                            • String ID: }}}$}}}$}}}
                                                                            • API String ID: 1036877536-3712723652
                                                                            • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                            • Instruction ID: 2ef9044cc96cb930592fc49d528f646039efd0b3cf06b1c9450ee25cef0daeb1
                                                                            • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                            • Instruction Fuzzy Hash: 54A13672E023CA9FDB25CE1AC8957AEBBF4EF69350F1441ADE5859B282C23C9941C750
                                                                            Function 0083A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0081D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0081D501
                                                                              • Part of subcall function 0081D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0081D50F
                                                                              • Part of subcall function 0081D4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 0081D5DC
                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0083A16D
                                                                            • GetLastError.KERNEL32 ref: 0083A180
                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0083A1B3
                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 0083A268
                                                                            • GetLastError.KERNEL32(00000000), ref: 0083A273
                                                                            • CloseHandle.KERNEL32(00000000), ref: 0083A2C4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                            • String ID: SeDebugPrivilege
                                                                            • API String ID: 1701285019-2896544425
                                                                            • Opcode ID: a88f93238cd0c984cff6eeb4d7c2add1d401e09bab9853f6241ff7b1cc215371
                                                                            • Instruction ID: 4d846aa3c4f8722dd4e7e7ae55cdf7a52d50d44e2fa4fc403450ff3e8d7537ae
                                                                            • Opcode Fuzzy Hash: a88f93238cd0c984cff6eeb4d7c2add1d401e09bab9853f6241ff7b1cc215371
                                                                            • Instruction Fuzzy Hash: CA617C352042419FD724DF18C498F6ABBE5FF94318F18848CE4A68B7A2C776EC45CB92
                                                                            Function 00843886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00843925
                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0084393A
                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00843954
                                                                            • _wcslen.LIBCMT ref: 00843999
                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 008439C6
                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 008439F4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window_wcslen
                                                                            • String ID: SysListView32
                                                                            • API String ID: 2147712094-78025650
                                                                            • Opcode ID: 516584b5e9d54be3f3f86b86adc7f4aa4f35022470e1b525bffc4f1d72398f33
                                                                            • Instruction ID: c4156df9ba1ecace648a7964666f7849b244d3472a945f105902a763cd32c8c1
                                                                            • Opcode Fuzzy Hash: 516584b5e9d54be3f3f86b86adc7f4aa4f35022470e1b525bffc4f1d72398f33
                                                                            • Instruction Fuzzy Hash: AB419071A0021DABEF219F64CC49FEA7BA9FF18354F10052AF958E7281D7759A84CB90
                                                                            Function 0081BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0081BCFD
                                                                            • IsMenu.USER32(00000000), ref: 0081BD1D
                                                                            • CreatePopupMenu.USER32 ref: 0081BD53
                                                                            • GetMenuItemCount.USER32(01116508), ref: 0081BDA4
                                                                            • InsertMenuItemW.USER32(01116508,?,00000001,00000030), ref: 0081BDCC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                            • String ID: 0$2
                                                                            • API String ID: 93392585-3793063076
                                                                            • Opcode ID: d40a031f9b1c6e555172a7e0ff5f2f74f58140553fb3cbf8237a4a43a56fee47
                                                                            • Instruction ID: 8c04d156cbcd072e3a0200ddd7f069fc3ae875498a4e437ceabaad1bdcd5e795
                                                                            • Opcode Fuzzy Hash: d40a031f9b1c6e555172a7e0ff5f2f74f58140553fb3cbf8237a4a43a56fee47
                                                                            • Instruction Fuzzy Hash: 6B519D70A002099BDB18CFA8E884BEEBBFCFF59354F144159E411D7291D7709981CB62
                                                                            Function 007D2D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _ValidateLocalCookies.LIBCMT ref: 007D2D4B
                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 007D2D53
                                                                            • _ValidateLocalCookies.LIBCMT ref: 007D2DE1
                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 007D2E0C
                                                                            • _ValidateLocalCookies.LIBCMT ref: 007D2E61
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                            • String ID: &H}$csm
                                                                            • API String ID: 1170836740-1162412510
                                                                            • Opcode ID: 8608dd33a8c4024f99c47c004bc79eaaa6db64ddcb8d5e521ab2ea8eeb40b62f
                                                                            • Instruction ID: 118d084391ac4172cf6fee337a7ac770208e97e22df8aaa1233abafc2b610a67
                                                                            • Opcode Fuzzy Hash: 8608dd33a8c4024f99c47c004bc79eaaa6db64ddcb8d5e521ab2ea8eeb40b62f
                                                                            • Instruction Fuzzy Hash: 73418334A00209EBCF10DF68C849A9EBBB5BF55325F148156E814AB393D739EA07CBD1
                                                                            Function 0081C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 0081C913
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconLoad
                                                                            • String ID: blank$info$question$stop$warning
                                                                            • API String ID: 2457776203-404129466
                                                                            • Opcode ID: 2ae56a1f4dc3212ac7c34fc668664f4e552b34b3bb489755a5fd78101758795b
                                                                            • Instruction ID: 9807f232328a5f0a175306db4e8cf3e36ccffc431eef0a70c28afb61f8944fc9
                                                                            • Opcode Fuzzy Hash: 2ae56a1f4dc3212ac7c34fc668664f4e552b34b3bb489755a5fd78101758795b
                                                                            • Instruction Fuzzy Hash: 3F11EB316C970ABBE7055B64DCC3DEE6BACFF153A8B10402BF504EA382E7749D805268
                                                                            Function 0081DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                            • String ID: 0.0.0.0
                                                                            • API String ID: 642191829-3771769585
                                                                            • Opcode ID: 544cc2d6566cefca5901b3a7a38654140cded48795a79ac0ab11eb7e5ea58679
                                                                            • Instruction ID: ff9669d03a003c2c052ca9fd71111b7b7fce2ec781579f1f722ec9a6799b6424
                                                                            • Opcode Fuzzy Hash: 544cc2d6566cefca5901b3a7a38654140cded48795a79ac0ab11eb7e5ea58679
                                                                            • Instruction Fuzzy Hash: 82110671904208ABCB20AB74DC4AFEE77BCFF11712F00016AF445EA191EF789AC1CA60
                                                                            Function 00849F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                            • GetSystemMetrics.USER32(0000000F), ref: 00849FC7
                                                                            • GetSystemMetrics.USER32(0000000F), ref: 00849FE7
                                                                            • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0084A224
                                                                            • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0084A242
                                                                            • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0084A263
                                                                            • ShowWindow.USER32(00000003,00000000), ref: 0084A282
                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 0084A2A7
                                                                            • DefDlgProcW.USER32(?,00000005,?,?), ref: 0084A2CA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                            • String ID:
                                                                            • API String ID: 1211466189-0
                                                                            • Opcode ID: cfa2600791feda47e4410ac7a1c10ca1013f761378e6637d5e52cee1dbe0d7db
                                                                            • Instruction ID: 16be15c9631476998185123445340289ee5e948179f8a3665175c0a5948b9631
                                                                            • Opcode Fuzzy Hash: cfa2600791feda47e4410ac7a1c10ca1013f761378e6637d5e52cee1dbe0d7db
                                                                            • Instruction Fuzzy Hash: BEB1A831640229EFDF18CF68C9857AA7BB2FF48701F088169EC49DF295DB71AA40DB51
                                                                            Function 0081ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$LocalTime
                                                                            • String ID:
                                                                            • API String ID: 952045576-0
                                                                            • Opcode ID: 04c5372de8eb1873e21e32fb3d03d5a2fb39121935eb3c7a8b5c5d4eb1ae946c
                                                                            • Instruction ID: 389caaa2f7e6486d3cd412b7bc9ee63a3f130b795d9126dbcf6affb63562bb78
                                                                            • Opcode Fuzzy Hash: 04c5372de8eb1873e21e32fb3d03d5a2fb39121935eb3c7a8b5c5d4eb1ae946c
                                                                            • Instruction Fuzzy Hash: 38413066C10118B6CB11ABA4CC8A9CFB7BCBF45710F508567E914E3221EB38F655C7A5
                                                                            Function 007CF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 007CF953
                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 0080F3D1
                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 0080F454
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ShowWindow
                                                                            • String ID:
                                                                            • API String ID: 1268545403-0
                                                                            • Opcode ID: dcc60f7b1e1924092b7bd7857935c668a3cbd63d90f476103a4c1dca10821bc4
                                                                            • Instruction ID: a6453ec4c8fbcb9c122900d419848f6c3bd1d1ff11f5d25f6df2d3bbed559c43
                                                                            • Opcode Fuzzy Hash: dcc60f7b1e1924092b7bd7857935c668a3cbd63d90f476103a4c1dca10821bc4
                                                                            • Instruction Fuzzy Hash: 5D410B31604640BECFB99B2D8C88F6A7B97BB57314F15843DE547D6AA1C639B880CB11
                                                                            Function 00842D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteObject.GDI32(00000000), ref: 00842D1B
                                                                            • GetDC.USER32(00000000), ref: 00842D23
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00842D2E
                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00842D3A
                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00842D76
                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00842D87
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00845A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00842DC2
                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00842DE1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                            • String ID:
                                                                            • API String ID: 3864802216-0
                                                                            • Opcode ID: 2a8bf2ac24aa6f3025763c7968ff8f80a9c87bca0a46c706d2a769a39dc1b95d
                                                                            • Instruction ID: 8d1d835def44a4b617544cbfb1d019268fe8f89c87f6e9589d48514b21c2f79b
                                                                            • Opcode Fuzzy Hash: 2a8bf2ac24aa6f3025763c7968ff8f80a9c87bca0a46c706d2a769a39dc1b95d
                                                                            • Instruction Fuzzy Hash: C5318B76202618BBEB618F548C8AFEB3BADFB1A715F044055FE08DA291C6759C40CBA0
                                                                            Function 00815622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _memcmp
                                                                            • String ID:
                                                                            • API String ID: 2931989736-0
                                                                            • Opcode ID: 9b1c59b45cdc702fe540f14d4b847d40414fb1de738304dc1a0ade642da27afd
                                                                            • Instruction ID: 9933a1819148baa94e5a3b837b3675173f2c4f3209ea0b72ae873b3b79142542
                                                                            • Opcode Fuzzy Hash: 9b1c59b45cdc702fe540f14d4b847d40414fb1de738304dc1a0ade642da27afd
                                                                            • Instruction Fuzzy Hash: 0F21A461640A1DFBD21456219E82FFA336CFFB1398F840025FE05DA782F768ED5085E5
                                                                            Function 00834FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                            • API String ID: 0-572801152
                                                                            • Opcode ID: da6cc382f42540bc0aafdb1968fd08e0b0682d8ec6718eb771f79730019e961a
                                                                            • Instruction ID: d87ce0b7debc63f3d11874e6f96025d6e8097110919a3ee400aabcfa78b44c87
                                                                            • Opcode Fuzzy Hash: da6cc382f42540bc0aafdb1968fd08e0b0682d8ec6718eb771f79730019e961a
                                                                            • Instruction Fuzzy Hash: 4DD1B171A0060A9FDF14CFA8C891BAEB7B5FF88344F148469E915EB281E771DD45CB90
                                                                            Function 007F1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCPInfo.KERNEL32(?,?), ref: 007F15CE
                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 007F1651
                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007F16E4
                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 007F16FB
                                                                              • Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852
                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007F1777
                                                                            • __freea.LIBCMT ref: 007F17A2
                                                                            • __freea.LIBCMT ref: 007F17AE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                            • String ID:
                                                                            • API String ID: 2829977744-0
                                                                            • Opcode ID: 13f48d208eae259ae6b90c8f67263c1a8beb31bb93aa49b45ec4708bf5d1ee54
                                                                            • Instruction ID: f960eb553dcd8e8399dd4a0c7bd2b636a07a0008b8c6d75e4a4fc859b04bd888
                                                                            • Opcode Fuzzy Hash: 13f48d208eae259ae6b90c8f67263c1a8beb31bb93aa49b45ec4708bf5d1ee54
                                                                            • Instruction Fuzzy Hash: 3B91D272E0020EDADB209E75C885AFE7BB5AF49310F980659EA05E7341DB3DCC40CBA0
                                                                            Function 00834523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInit
                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                            • API String ID: 2610073882-625585964
                                                                            • Opcode ID: e5224c18ddf5e37a2c2a1b718ee313e18b32647f7af8597f0df160c610ae46c7
                                                                            • Instruction ID: b69d16cf29bdf4d5597274a6f0b3bd00897730b82014934abe181b4b8a4ff24a
                                                                            • Opcode Fuzzy Hash: e5224c18ddf5e37a2c2a1b718ee313e18b32647f7af8597f0df160c610ae46c7
                                                                            • Instruction Fuzzy Hash: 4C918071A00219ABDF20CFA4C849FAEBBB8FF86714F108559F515EB281D770A945CFA0
                                                                            Function 00821187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0082125C
                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00821284
                                                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 008212A8
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008212D8
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0082135F
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008213C4
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00821430
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                            • String ID:
                                                                            • API String ID: 2550207440-0
                                                                            • Opcode ID: 6baedcfb2dcb52a449c19a6e8ea6c4920b25094feb3bda93baa6ec8c69242a24
                                                                            • Instruction ID: 69118c65de981e0fd4ed82761f028aa11aeaf672254865f0d3299f610373332c
                                                                            • Opcode Fuzzy Hash: 6baedcfb2dcb52a449c19a6e8ea6c4920b25094feb3bda93baa6ec8c69242a24
                                                                            • Instruction Fuzzy Hash: F391F875A00229DFDF10DF98E888BBEB7B6FF55314F204029E540E7291D778A981CB95
                                                                            Function 007C948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                            • String ID:
                                                                            • API String ID: 3225163088-0
                                                                            • Opcode ID: d1438ddd6a0d4058aef5065cda5dac30633742fd29149990b6214ed33295c35e
                                                                            • Instruction ID: c39692197ff473fc4b91154692a539489bfa86297fe9fe4bd10bf905995b3f3f
                                                                            • Opcode Fuzzy Hash: d1438ddd6a0d4058aef5065cda5dac30633742fd29149990b6214ed33295c35e
                                                                            • Instruction Fuzzy Hash: 90912871D00219EFCB54CFA9CC88AEEBBB8FF49320F148459E515B7291D778AA51CB60
                                                                            Function 00833947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(?), ref: 0083396B
                                                                            • CharUpperBuffW.USER32(?,?), ref: 00833A7A
                                                                            • _wcslen.LIBCMT ref: 00833A8A
                                                                            • VariantClear.OLEAUT32(?), ref: 00833C1F
                                                                              • Part of subcall function 00820CDF: VariantInit.OLEAUT32(00000000), ref: 00820D1F
                                                                              • Part of subcall function 00820CDF: VariantCopy.OLEAUT32(?,?), ref: 00820D28
                                                                              • Part of subcall function 00820CDF: VariantClear.OLEAUT32(?), ref: 00820D34
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                            • API String ID: 4137639002-1221869570
                                                                            • Opcode ID: 6938be363450651657b940a4b5642adce8350f9ab51e42f3ba9d27e062ce3d29
                                                                            • Instruction ID: 6daf9bec3c81aaeed986939b92f2ebdfce75beaf5306c47a06590a572782942d
                                                                            • Opcode Fuzzy Hash: 6938be363450651657b940a4b5642adce8350f9ab51e42f3ba9d27e062ce3d29
                                                                            • Instruction Fuzzy Hash: B19122746083059FC704EF28C48596ABBE4FF89314F14882DF89ADB351DB35EA45CB92
                                                                            Function 00834BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0081000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?,?,0081035E), ref: 0081002B
                                                                              • Part of subcall function 0081000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810046
                                                                              • Part of subcall function 0081000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810054
                                                                              • Part of subcall function 0081000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?), ref: 00810064
                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00834C51
                                                                            • _wcslen.LIBCMT ref: 00834D59
                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00834DCF
                                                                            • CoTaskMemFree.OLE32(?), ref: 00834DDA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                            • String ID: NULL Pointer assignment
                                                                            • API String ID: 614568839-2785691316
                                                                            • Opcode ID: 8197c466b9303bf2e389d5a8b1627b59e7f71fae024a986f9e8e7a4a52c2cac5
                                                                            • Instruction ID: ea7331fc2bc5830537dbbc4625f427f2d856cb5394e85750d15b112607c18346
                                                                            • Opcode Fuzzy Hash: 8197c466b9303bf2e389d5a8b1627b59e7f71fae024a986f9e8e7a4a52c2cac5
                                                                            • Instruction Fuzzy Hash: B4910271D0021DEBDF10DFA4C895AEEB7B8FF48314F10816AE915A7251EB34AA45CFA0
                                                                            Function 008420FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenu.USER32(?), ref: 00842183
                                                                            • GetMenuItemCount.USER32(00000000), ref: 008421B5
                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 008421DD
                                                                            • _wcslen.LIBCMT ref: 00842213
                                                                            • GetMenuItemID.USER32(?,?), ref: 0084224D
                                                                            • GetSubMenu.USER32(?,?), ref: 0084225B
                                                                              • Part of subcall function 00813A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00813A57
                                                                              • Part of subcall function 00813A3D: GetCurrentThreadId.KERNEL32 ref: 00813A5E
                                                                              • Part of subcall function 00813A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008125B3), ref: 00813A65
                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 008422E3
                                                                              • Part of subcall function 0081E97B: Sleep.KERNEL32 ref: 0081E9F3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                            • String ID:
                                                                            • API String ID: 4196846111-0
                                                                            • Opcode ID: a8f3f5fa646bf3fc883ab9b7b909809068de4277c3af63089184cf7440d57440
                                                                            • Instruction ID: e6cda4d440ac6c76116605662989f93abe92810b6398822c8ff8b9d760ee3586
                                                                            • Opcode Fuzzy Hash: a8f3f5fa646bf3fc883ab9b7b909809068de4277c3af63089184cf7440d57440
                                                                            • Instruction Fuzzy Hash: 1B718D35A04219EFCB10EF68C885AAEB7B5FF88314F548499F816EB341DB74A941CB90
                                                                            Function 00847E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsWindow.USER32(01116328), ref: 00847F37
                                                                            • IsWindowEnabled.USER32(01116328), ref: 00847F43
                                                                            • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0084801E
                                                                            • SendMessageW.USER32(01116328,000000B0,?,?), ref: 00848051
                                                                            • IsDlgButtonChecked.USER32(?,?), ref: 00848089
                                                                            • GetWindowLongW.USER32(01116328,000000EC), ref: 008480AB
                                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 008480C3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                            • String ID:
                                                                            • API String ID: 4072528602-0
                                                                            • Opcode ID: 315589bd96fecb5f8b0bed77a461c0223da951321f09e8f23d330467babf746d
                                                                            • Instruction ID: 36cca413520b2b0f99ddd7e6c35bfe123b34de5d60a9fdc0c7cbeda76e369020
                                                                            • Opcode Fuzzy Hash: 315589bd96fecb5f8b0bed77a461c0223da951321f09e8f23d330467babf746d
                                                                            • Instruction Fuzzy Hash: 65717B34609648EFEF219F64CC84FAABBB9FF1A300F14445AE955D7261CB31AC49DB20
                                                                            Function 0081AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetParent.USER32(?), ref: 0081AEF9
                                                                            • GetKeyboardState.USER32(?), ref: 0081AF0E
                                                                            • SetKeyboardState.USER32(?), ref: 0081AF6F
                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 0081AF9D
                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 0081AFBC
                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 0081AFFD
                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0081B020
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                            • String ID:
                                                                            • API String ID: 87235514-0
                                                                            • Opcode ID: 7c2ff83f1b8bb5f65496e3c68cdd68329b750ec523ddf89554eb63cc92962717
                                                                            • Instruction ID: daaef3bf9fbe884a05e94011962fe118d78b88c63b485cab95f6d9b616464a8f
                                                                            • Opcode Fuzzy Hash: 7c2ff83f1b8bb5f65496e3c68cdd68329b750ec523ddf89554eb63cc92962717
                                                                            • Instruction Fuzzy Hash: 0951D3A06056D53DFB364234C845BFA7EADBF06304F088489F1D9D54C2D798A8C9D761
                                                                            Function 0081ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetParent.USER32(00000000), ref: 0081AD19
                                                                            • GetKeyboardState.USER32(?), ref: 0081AD2E
                                                                            • SetKeyboardState.USER32(?), ref: 0081AD8F
                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0081ADBB
                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0081ADD8
                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0081AE17
                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0081AE38
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                            • String ID:
                                                                            • API String ID: 87235514-0
                                                                            • Opcode ID: 66876ec56975f88d7a196934986750a947e2f527e023f05b9cf515eba92e285a
                                                                            • Instruction ID: 64e42eea90bc66f171473a7e24b011b4b9dee5810eefa3c1de4163f44fdc658d
                                                                            • Opcode Fuzzy Hash: 66876ec56975f88d7a196934986750a947e2f527e023f05b9cf515eba92e285a
                                                                            • Instruction Fuzzy Hash: 2C51C5A15057D53DFB3A8264CC95BFA7E9CBF46304F088488E1D9C58C2D294ACD8D752
                                                                            Function 007E542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetConsoleCP.KERNEL32(007F3CD6,?,?,?,?,?,?,?,?,007E5BA3,?,?,007F3CD6,?,?), ref: 007E5470
                                                                            • __fassign.LIBCMT ref: 007E54EB
                                                                            • __fassign.LIBCMT ref: 007E5506
                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,007F3CD6,00000005,00000000,00000000), ref: 007E552C
                                                                            • WriteFile.KERNEL32(?,007F3CD6,00000000,007E5BA3,00000000,?,?,?,?,?,?,?,?,?,007E5BA3,?), ref: 007E554B
                                                                            • WriteFile.KERNEL32(?,?,00000001,007E5BA3,00000000,?,?,?,?,?,?,?,?,?,007E5BA3,?), ref: 007E5584
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                            • String ID:
                                                                            • API String ID: 1324828854-0
                                                                            • Opcode ID: 68a802c488cecacd979064e183d00ecd0cc90d5eb5bf0403831b2718933f3c8c
                                                                            • Instruction ID: dacc7c6475ec322bf08e78eeec23da1f53e2c8c9574a45080d5e5ac792db6e95
                                                                            • Opcode Fuzzy Hash: 68a802c488cecacd979064e183d00ecd0cc90d5eb5bf0403831b2718933f3c8c
                                                                            • Instruction Fuzzy Hash: DD51F370A016889FDB10CFA9D845AEEBBFAFF0D304F14401AF555E7292E734AA50CB60
                                                                            Function 008310B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0083304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0083307A
                                                                              • Part of subcall function 0083304E: _wcslen.LIBCMT ref: 0083309B
                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00831112
                                                                            • WSAGetLastError.WSOCK32 ref: 00831121
                                                                            • WSAGetLastError.WSOCK32 ref: 008311C9
                                                                            • closesocket.WSOCK32(00000000), ref: 008311F9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                            • String ID:
                                                                            • API String ID: 2675159561-0
                                                                            • Opcode ID: aa80fb04d662afc9f981e1a1107a232f5b826f3ea205324764ac09d89f51b4fd
                                                                            • Instruction ID: 8fc72b3eb03d402af1503b91e775391a531c19a66e874b557d7537fc45723185
                                                                            • Opcode Fuzzy Hash: aa80fb04d662afc9f981e1a1107a232f5b826f3ea205324764ac09d89f51b4fd
                                                                            • Instruction Fuzzy Hash: CF41C035600208AFDB109F18C889BEEBBA9FF85768F148059F915DB291C774AD41CBE1
                                                                            Function 0081CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0081CF22,?), ref: 0081DDFD
                                                                              • Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0081CF22,?), ref: 0081DE16
                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0081CF45
                                                                            • MoveFileW.KERNEL32(?,?), ref: 0081CF7F
                                                                            • _wcslen.LIBCMT ref: 0081D005
                                                                            • _wcslen.LIBCMT ref: 0081D01B
                                                                            • SHFileOperationW.SHELL32(?), ref: 0081D061
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                            • String ID: \*.*
                                                                            • API String ID: 3164238972-1173974218
                                                                            • Opcode ID: 02ccf2360dced0eb2229c3ff1ece7d7324274acd33aa8fda42f86dc179f51871
                                                                            • Instruction ID: b6d8cd6df0018168083554ed81900cc52b34d5308be313d6f0a8a5e3fcfb86c9
                                                                            • Opcode Fuzzy Hash: 02ccf2360dced0eb2229c3ff1ece7d7324274acd33aa8fda42f86dc179f51871
                                                                            • Instruction Fuzzy Hash: 55415FB18452199FDF12EFA4D985ADEB7BDFF08380F1000A6E505EB141EE74A689CB50
                                                                            Function 00842DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00842E1C
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00842E4F
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00842E84
                                                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00842EB6
                                                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00842EE0
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00842EF1
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00842F0B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LongWindow$MessageSend
                                                                            • String ID:
                                                                            • API String ID: 2178440468-0
                                                                            • Opcode ID: 05960b333e27ea0bedafb902aafc1eb931dd9eebbd26dd56047a1d36ada3867f
                                                                            • Instruction ID: db0c86f74fd0b533bcee217cc3ab0a5ff1fa3f74fdfeea95374af0de6c00b9bf
                                                                            • Opcode Fuzzy Hash: 05960b333e27ea0bedafb902aafc1eb931dd9eebbd26dd56047a1d36ada3867f
                                                                            • Instruction Fuzzy Hash: 47311234609248AFEB60CF58DC88F653BE8FB9A714F9501A4F915CB2B2CB71AC41DB01
                                                                            Function 00817726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00817769
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0081778F
                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00817792
                                                                            • SysAllocString.OLEAUT32(?), ref: 008177B0
                                                                            • SysFreeString.OLEAUT32(?), ref: 008177B9
                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 008177DE
                                                                            • SysAllocString.OLEAUT32(?), ref: 008177EC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                            • String ID:
                                                                            • API String ID: 3761583154-0
                                                                            • Opcode ID: 67f4a1ca6e1a5083ea61e65757e80f5f701ec7ba5e786367624034930cb98d8c
                                                                            • Instruction ID: c09d96912ef472a9659014b43281c070289188b6ff4d46ee32eca98d83a8cad1
                                                                            • Opcode Fuzzy Hash: 67f4a1ca6e1a5083ea61e65757e80f5f701ec7ba5e786367624034930cb98d8c
                                                                            • Instruction Fuzzy Hash: DD219C7A605219AFDB10AFA8CC88DFA73ACFF09364B048429FA15DB191D6749C81C764
                                                                            Function 008177FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00817842
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00817868
                                                                            • SysAllocString.OLEAUT32(00000000), ref: 0081786B
                                                                            • SysAllocString.OLEAUT32 ref: 0081788C
                                                                            • SysFreeString.OLEAUT32 ref: 00817895
                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 008178AF
                                                                            • SysAllocString.OLEAUT32(?), ref: 008178BD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                            • String ID:
                                                                            • API String ID: 3761583154-0
                                                                            • Opcode ID: 7681bd24a57248b3c3fa65ffba1721cbbfd214dea498866a5450d465e65844cd
                                                                            • Instruction ID: 15a0a2aa352e7835d3628aaa5ccc35edd1ae092a56bd61a10fab9e2e7b81d063
                                                                            • Opcode Fuzzy Hash: 7681bd24a57248b3c3fa65ffba1721cbbfd214dea498866a5450d465e65844cd
                                                                            • Instruction Fuzzy Hash: F0213E75609208AF9B10AFA8DC88DEA77BCFF097607108139F915CB2A1D674DC81CB78
                                                                            Function 008204D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 008204F2
                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0082052E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateHandlePipe
                                                                            • String ID: nul
                                                                            • API String ID: 1424370930-2873401336
                                                                            • Opcode ID: 4eadd0d0f406ed8b37d85d1a844c9417d68d7bf44d1dd90423ea920de8a05be2
                                                                            • Instruction ID: 8f387ed2f0c2db72fc2c2410181b423b9adc0da78c6ef4113ae05e63b9ebc45c
                                                                            • Opcode Fuzzy Hash: 4eadd0d0f406ed8b37d85d1a844c9417d68d7bf44d1dd90423ea920de8a05be2
                                                                            • Instruction Fuzzy Hash: 9F216275600329ABDB209F69ED44A5A77F8FF45724F204A19F8A1E62E1D7B09980CF60
                                                                            Function 008205A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 008205C6
                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00820601
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateHandlePipe
                                                                            • String ID: nul
                                                                            • API String ID: 1424370930-2873401336
                                                                            • Opcode ID: d1d30adf5126f0eb903041bf036a9491207d0c5c8829c9e4900feedd0499b632
                                                                            • Instruction ID: 0a50b54d4eef082041caebc020258a3c34bedfe85ce6e8c1ce5863e85a8a15e9
                                                                            • Opcode Fuzzy Hash: d1d30adf5126f0eb903041bf036a9491207d0c5c8829c9e4900feedd0499b632
                                                                            • Instruction Fuzzy Hash: 28216775500325AFDB209F69EC44A5A77E8FF95724F200A19F8A1E72E6D7B099A0CF10
                                                                            Function 008440AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007B604C
                                                                              • Part of subcall function 007B600E: GetStockObject.GDI32(00000011), ref: 007B6060
                                                                              • Part of subcall function 007B600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 007B606A
                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00844112
                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0084411F
                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0084412A
                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00844139
                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00844145
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                            • String ID: Msctls_Progress32
                                                                            • API String ID: 1025951953-3636473452
                                                                            • Opcode ID: 74233505dac18087fe67519f97f4bef570f99e2ec352a1962b501147ec7b8ae8
                                                                            • Instruction ID: 48f1f3db62b34d7c1d21f2766930cbb49648fec5eaff06b5cc8e436533e29a80
                                                                            • Opcode Fuzzy Hash: 74233505dac18087fe67519f97f4bef570f99e2ec352a1962b501147ec7b8ae8
                                                                            • Instruction Fuzzy Hash: B41190B214021DBEEF119E64CC86EE77F5DFF18798F014111BA18E2150CA769C21DBA4
                                                                            Function 007ED7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007ED7A3: _free.LIBCMT ref: 007ED7CC
                                                                            • _free.LIBCMT ref: 007ED82D
                                                                              • Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
                                                                              • Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0
                                                                            • _free.LIBCMT ref: 007ED838
                                                                            • _free.LIBCMT ref: 007ED843
                                                                            • _free.LIBCMT ref: 007ED897
                                                                            • _free.LIBCMT ref: 007ED8A2
                                                                            • _free.LIBCMT ref: 007ED8AD
                                                                            • _free.LIBCMT ref: 007ED8B8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                            • Instruction ID: bb49280d3295ce41be947cc3099dc98e118f2387f72571b85a4e8dd66a6e4271
                                                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                            • Instruction Fuzzy Hash: 3E112171542B88EAD531BFB2CC4FFCB7BDC6F08700F404825B699A64A3DA6DB9064A50
                                                                            Function 0081DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0081DA74
                                                                            • LoadStringW.USER32(00000000), ref: 0081DA7B
                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0081DA91
                                                                            • LoadStringW.USER32(00000000), ref: 0081DA98
                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0081DADC
                                                                            Strings
                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 0081DAB9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HandleLoadModuleString$Message
                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                            • API String ID: 4072794657-3128320259
                                                                            • Opcode ID: 0c10b0d34af12b616334150b5399298cc02a490a04e45654805d7876532d5ec1
                                                                            • Instruction ID: 397092b9d2479e009854f95dc3065eeb54fcf66dcdef4eb4466dc10a41d40ec7
                                                                            • Opcode Fuzzy Hash: 0c10b0d34af12b616334150b5399298cc02a490a04e45654805d7876532d5ec1
                                                                            • Instruction Fuzzy Hash: 6D016DF69002187FE750EBE49D89EEB376CFB09305F404496B746E2041EA749E848F74
                                                                            Function 0082096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InterlockedExchange.KERNEL32(0110F068,0110F068), ref: 0082097B
                                                                            • EnterCriticalSection.KERNEL32(0110F048,00000000), ref: 0082098D
                                                                            • TerminateThread.KERNEL32(?,000001F6), ref: 0082099B
                                                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 008209A9
                                                                            • CloseHandle.KERNEL32(?), ref: 008209B8
                                                                            • InterlockedExchange.KERNEL32(0110F068,000001F6), ref: 008209C8
                                                                            • LeaveCriticalSection.KERNEL32(0110F048), ref: 008209CF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                            • String ID:
                                                                            • API String ID: 3495660284-0
                                                                            • Opcode ID: f8f19885ec25f99b793cb3409d946e5655ed91dabc2f03c6761e76172889a649
                                                                            • Instruction ID: c27ea578c84097ac68dfa3844e3a88c0e6e700d7df2165cc86b00996453fc88a
                                                                            • Opcode Fuzzy Hash: f8f19885ec25f99b793cb3409d946e5655ed91dabc2f03c6761e76172889a649
                                                                            • Instruction Fuzzy Hash: EFF0EC36543A22BBD7915FA4EE8DBD6BB39FF06702F402025F202908A1C7B594A5CF90
                                                                            Function 007B5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClientRect.USER32(?,?), ref: 007B5D30
                                                                            • GetWindowRect.USER32(?,?), ref: 007B5D71
                                                                            • ScreenToClient.USER32(?,?), ref: 007B5D99
                                                                            • GetClientRect.USER32(?,?), ref: 007B5ED7
                                                                            • GetWindowRect.USER32(?,?), ref: 007B5EF8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Client$Window$Screen
                                                                            • String ID:
                                                                            • API String ID: 1296646539-0
                                                                            • Opcode ID: 4d16a9b7c4e20251a851246524c987ba5d43520c1eeac7b6ca8907a455d86baf
                                                                            • Instruction ID: 735e8d0b6caff71039bd0a7ef852065b70e4b6c7056a287e9183832cdee80c16
                                                                            • Opcode Fuzzy Hash: 4d16a9b7c4e20251a851246524c987ba5d43520c1eeac7b6ca8907a455d86baf
                                                                            • Instruction Fuzzy Hash: 00B15739A00A4ADBDB10CFA9C4807FAB7F1FF58310F14851AE9A9D7250DB38EA51DB54
                                                                            Function 007E01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __allrem.LIBCMT ref: 007E00BA
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007E00D6
                                                                            • __allrem.LIBCMT ref: 007E00ED
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007E010B
                                                                            • __allrem.LIBCMT ref: 007E0122
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007E0140
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                            • String ID:
                                                                            • API String ID: 1992179935-0
                                                                            • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                            • Instruction ID: b20514696396fda7d49a5843c09301fa8ca21e88b1e6ecd21a39ffc6a3bbf7db
                                                                            • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                            • Instruction Fuzzy Hash: 49810672602746EBE7209F2ACC45B6F73F9AF49324F24453AF511DA381E7B8D9408790
                                                                            Function 00831D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00833149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,0083101C,00000000,?,?,00000000), ref: 00833195
                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00831DC0
                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00831DE1
                                                                            • WSAGetLastError.WSOCK32 ref: 00831DF2
                                                                            • inet_ntoa.WSOCK32(?), ref: 00831E8C
                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 00831EDB
                                                                            • _strlen.LIBCMT ref: 00831F35
                                                                              • Part of subcall function 008139E8: _strlen.LIBCMT ref: 008139F2
                                                                              • Part of subcall function 007B6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,007CCF58,?,?,?), ref: 007B6DBA
                                                                              • Part of subcall function 007B6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,007CCF58,?,?,?), ref: 007B6DED
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                            • String ID:
                                                                            • API String ID: 1923757996-0
                                                                            • Opcode ID: 4eebfdf1abf936de8f9db1d45a0fc00a3b2e52c0591a44ac401cbef1fbf1ca4f
                                                                            • Instruction ID: a91da524c14d3de9e1775de7390000fda70d04a2ea3ebf8fcd2f2a43937bb32b
                                                                            • Opcode Fuzzy Hash: 4eebfdf1abf936de8f9db1d45a0fc00a3b2e52c0591a44ac401cbef1fbf1ca4f
                                                                            • Instruction Fuzzy Hash: CAA1CE30204340AFC724DB24C889F6ABBA5FFC5718F54895CF5569B2A2CB75ED42CB92
                                                                            Function 007E61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,007D82D9,007D82D9,?,?,?,007E644F,00000001,00000001,8BE85006), ref: 007E6258
                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,007E644F,00000001,00000001,8BE85006,?,?,?), ref: 007E62DE
                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 007E63D8
                                                                            • __freea.LIBCMT ref: 007E63E5
                                                                              • Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852
                                                                            • __freea.LIBCMT ref: 007E63EE
                                                                            • __freea.LIBCMT ref: 007E6413
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1414292761-0
                                                                            • Opcode ID: 9402296ca708fc4792ad87e211bd88c132335c43ffb9a3d687f62096d0bfe413
                                                                            • Instruction ID: 156c82dfe7b9aa2514b5020d008673c770ba74f8bdd7a0ea57b22a5bbd12d1d8
                                                                            • Opcode Fuzzy Hash: 9402296ca708fc4792ad87e211bd88c132335c43ffb9a3d687f62096d0bfe413
                                                                            • Instruction Fuzzy Hash: 7E510472602296ABDB258F66CC85EBF77A9EF58790F144629FD05D7180EB38DC40C6A0
                                                                            Function 0083BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                              • Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
                                                                              • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
                                                                              • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
                                                                              • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083BCCA
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0083BD25
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0083BD6A
                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0083BD99
                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0083BDF3
                                                                            • RegCloseKey.ADVAPI32(?), ref: 0083BDFF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                            • String ID:
                                                                            • API String ID: 1120388591-0
                                                                            • Opcode ID: ca870c8a068ea850fdccf6525713b15c595d9a4ff4f10a131849780150bf1f34
                                                                            • Instruction ID: 2a2830a9a89c550ffab2c42ac810b7802420bb4711ecf27d7a727d71da4d3fae
                                                                            • Opcode Fuzzy Hash: ca870c8a068ea850fdccf6525713b15c595d9a4ff4f10a131849780150bf1f34
                                                                            • Instruction Fuzzy Hash: 7281A070208241EFD714DF24C895E6ABBE5FF84308F14895DF6598B2A2DB31ED45CB92
                                                                            Function 0080F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(00000035), ref: 0080F7B9
                                                                            • SysAllocString.OLEAUT32(00000001), ref: 0080F860
                                                                            • VariantCopy.OLEAUT32(0080FA64,00000000), ref: 0080F889
                                                                            • VariantClear.OLEAUT32(0080FA64), ref: 0080F8AD
                                                                            • VariantCopy.OLEAUT32(0080FA64,00000000), ref: 0080F8B1
                                                                            • VariantClear.OLEAUT32(?), ref: 0080F8BB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                            • String ID:
                                                                            • API String ID: 3859894641-0
                                                                            • Opcode ID: c0daa87be509465dc15cb7dc44de345f60b467517157a08ccb9cd5abaf162445
                                                                            • Instruction ID: 4b932705aeb3ec34ec0f726314d81d7ebfaa5aede649a36723e624c1718585a2
                                                                            • Opcode Fuzzy Hash: c0daa87be509465dc15cb7dc44de345f60b467517157a08ccb9cd5abaf162445
                                                                            • Instruction Fuzzy Hash: E7511731600314EADFB0AB65DC95B69B7A8FF45314B20C42AEA02DF6D3D7748C40C796
                                                                            Function 0082910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625
                                                                              • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 008294E5
                                                                            • _wcslen.LIBCMT ref: 00829506
                                                                            • _wcslen.LIBCMT ref: 0082952D
                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 00829585
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$FileName$OpenSave
                                                                            • String ID: X
                                                                            • API String ID: 83654149-3081909835
                                                                            • Opcode ID: 9485bcc7ac1a8acc7fd18ff802b66d8be47f5078eb84f1a6b5cede8c1c77c6c4
                                                                            • Instruction ID: 2fbcf54583fa761b377acb6f7820c5eccfc9df1326cc8bcf9d45b17c50c0e9f8
                                                                            • Opcode Fuzzy Hash: 9485bcc7ac1a8acc7fd18ff802b66d8be47f5078eb84f1a6b5cede8c1c77c6c4
                                                                            • Instruction Fuzzy Hash: 71E1AE31604310DFC724EF24D889BAAB7E4FF84314F14896DE9999B2A2DB34DD45CB92
                                                                            Function 007C920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                            • BeginPaint.USER32(?,?,?), ref: 007C9241
                                                                            • GetWindowRect.USER32(?,?), ref: 007C92A5
                                                                            • ScreenToClient.USER32(?,?), ref: 007C92C2
                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 007C92D3
                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 007C9321
                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 008071EA
                                                                              • Part of subcall function 007C9339: BeginPath.GDI32(00000000), ref: 007C9357
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                            • String ID:
                                                                            • API String ID: 3050599898-0
                                                                            • Opcode ID: e331c05b1789766830afaba4f11a83c2b7602612c1e4d8683a46b1080adbbe3f
                                                                            • Instruction ID: ac66086d4325e7e2a011fe797acfbd339b212d36ffc8b43932e60ec032e0dff3
                                                                            • Opcode Fuzzy Hash: e331c05b1789766830afaba4f11a83c2b7602612c1e4d8683a46b1080adbbe3f
                                                                            • Instruction Fuzzy Hash: 1E418C70505201EFDB51DF28CC88FAA7BA8FB56320F14066DFA95C72E1CB35A846DB61
                                                                            Function 008207EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 0082080C
                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00820847
                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00820863
                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 008208DC
                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 008208F3
                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00820921
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                            • String ID:
                                                                            • API String ID: 3368777196-0
                                                                            • Opcode ID: 7d0ce0ab9e20f6e0f3d5c86711fc7bb73abc4e2c24b16ddb4b8683cafb48649b
                                                                            • Instruction ID: 05cd6cd3e21b83c3ee9e1bfccf5d61e33f8d31a31e4c79350daf2c97486b4793
                                                                            • Opcode Fuzzy Hash: 7d0ce0ab9e20f6e0f3d5c86711fc7bb73abc4e2c24b16ddb4b8683cafb48649b
                                                                            • Instruction Fuzzy Hash: F6416B71900215EBDF14AF64DC89A6A77B9FF04300F1440A9ED04DA297DB74DEA1DFA4
                                                                            Function 008481DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0080F3AB,00000000,?,?,00000000,?,0080682C,00000004,00000000,00000000), ref: 0084824C
                                                                            • EnableWindow.USER32(?,00000000), ref: 00848272
                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 008482D1
                                                                            • ShowWindow.USER32(?,00000004), ref: 008482E5
                                                                            • EnableWindow.USER32(?,00000001), ref: 0084830B
                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0084832F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                            • String ID:
                                                                            • API String ID: 642888154-0
                                                                            • Opcode ID: d34b490438f3b770e3ca7d68df8556ec132c2bfecfd2a476fa43e1cda6e6b118
                                                                            • Instruction ID: 560e613173ccbea6f468740666c0c89179e7c25fd6238db91fbc56e709dabd04
                                                                            • Opcode Fuzzy Hash: d34b490438f3b770e3ca7d68df8556ec132c2bfecfd2a476fa43e1cda6e6b118
                                                                            • Instruction Fuzzy Hash: BB41A534601658EFDF51CF29CC99BE87BE5FB0A714F185269E5188B262CB71AC41CB50
                                                                            Function 00814C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsWindowVisible.USER32(?), ref: 00814C95
                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00814CB2
                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00814CEA
                                                                            • _wcslen.LIBCMT ref: 00814D08
                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00814D10
                                                                            • _wcsstr.LIBVCRUNTIME ref: 00814D1A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                            • String ID:
                                                                            • API String ID: 72514467-0
                                                                            • Opcode ID: 3564b8b54709cf5a26147709583640c375eae3186e9a79249835ddfb1a1fd464
                                                                            • Instruction ID: dafa1353e084389a723a73f2631bd3020530227d14f701c609522a2e58ba2d6b
                                                                            • Opcode Fuzzy Hash: 3564b8b54709cf5a26147709583640c375eae3186e9a79249835ddfb1a1fd464
                                                                            • Instruction Fuzzy Hash: 9E213876205204BBEB555B39EC09EBB7BACEF45750F10907EF809CA192EA75DC81D2A0
                                                                            Function 0082581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B3A97,?,?,007B2E7F,?,?,?,00000000), ref: 007B3AC2
                                                                            • _wcslen.LIBCMT ref: 0082587B
                                                                            • CoInitialize.OLE32(00000000), ref: 00825995
                                                                            • CoCreateInstance.OLE32(0084FCF8,00000000,00000001,0084FB68,?), ref: 008259AE
                                                                            • CoUninitialize.OLE32 ref: 008259CC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                            • String ID: .lnk
                                                                            • API String ID: 3172280962-24824748
                                                                            • Opcode ID: f07f93dbc57686f00b6ebbb5e2df5cd26396f75515e79a0778075418720a209a
                                                                            • Instruction ID: 3aa551f535abcae5cf4e8a6e1f23ddd9778886301623694da6f0f7d8d77352cb
                                                                            • Opcode Fuzzy Hash: f07f93dbc57686f00b6ebbb5e2df5cd26396f75515e79a0778075418720a209a
                                                                            • Instruction Fuzzy Hash: 6CD15071608611DFC714DF24D488A6ABBE5FF89720F148859F88ADB361DB31EC85CB92
                                                                            Function 0081175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00810FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00810FCA
                                                                              • Part of subcall function 00810FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00810FD6
                                                                              • Part of subcall function 00810FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00810FE5
                                                                              • Part of subcall function 00810FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00810FEC
                                                                              • Part of subcall function 00810FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00811002
                                                                            • GetLengthSid.ADVAPI32(?,00000000,00811335), ref: 008117AE
                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 008117BA
                                                                            • HeapAlloc.KERNEL32(00000000), ref: 008117C1
                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 008117DA
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00811335), ref: 008117EE
                                                                            • HeapFree.KERNEL32(00000000), ref: 008117F5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                            • String ID:
                                                                            • API String ID: 3008561057-0
                                                                            • Opcode ID: 43388ad88ae111a0e3ddeab9fe74fcf3b32928b59066d5211acfefd5fbdad174
                                                                            • Instruction ID: 1791a53b9c0f37753701697067b9e25a0c276fe39f103af1701c0a300f2c51dc
                                                                            • Opcode Fuzzy Hash: 43388ad88ae111a0e3ddeab9fe74fcf3b32928b59066d5211acfefd5fbdad174
                                                                            • Instruction Fuzzy Hash: BB118636602609EBDF109FA4CC49FEE7BADFF42359F104818E581E7294C736A980CB60
                                                                            Function 008114CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 008114FF
                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00811506
                                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00811515
                                                                            • CloseHandle.KERNEL32(00000004), ref: 00811520
                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0081154F
                                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 00811563
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                            • String ID:
                                                                            • API String ID: 1413079979-0
                                                                            • Opcode ID: a206740ca971809b4b692bdef07b1e2c230afe89498ca4c7da505547bb625867
                                                                            • Instruction ID: befebe8f913ca5f7072692a5b3c4c8e4d74bc3703ab63a3da87fb2a367805a30
                                                                            • Opcode Fuzzy Hash: a206740ca971809b4b692bdef07b1e2c230afe89498ca4c7da505547bb625867
                                                                            • Instruction Fuzzy Hash: BC11297660220DABDF118F98DD49FDE7BAEFF49744F044015FA05A2160C3758EA0DB61
                                                                            Function 007D3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLastError.KERNEL32(?,?,007D3379,007D2FE5), ref: 007D3390
                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007D339E
                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007D33B7
                                                                            • SetLastError.KERNEL32(00000000,?,007D3379,007D2FE5), ref: 007D3409
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLastValue___vcrt_
                                                                            • String ID:
                                                                            • API String ID: 3852720340-0
                                                                            • Opcode ID: 70e49fe5c61183378dc5af9fa03b35a25b56d7f2a5985bd5c2fd3d1a2ca4324b
                                                                            • Instruction ID: 5a2af98d07fef3641b7fd9a02d44239554d3a57a71ada4ed1d44270af326a66c
                                                                            • Opcode Fuzzy Hash: 70e49fe5c61183378dc5af9fa03b35a25b56d7f2a5985bd5c2fd3d1a2ca4324b
                                                                            • Instruction Fuzzy Hash: 3D012432209711FEAA242BB4BC8D5262AB8FB05379320022FF414963F1EF198D819186
                                                                            Function 007E2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLastError.KERNEL32(?,?,007E5686,007F3CD6,?,00000000,?,007E5B6A,?,?,?,?,?,007DE6D1,?,00878A48), ref: 007E2D78
                                                                            • _free.LIBCMT ref: 007E2DAB
                                                                            • _free.LIBCMT ref: 007E2DD3
                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,007DE6D1,?,00878A48,00000010,007B4F4A,?,?,00000000,007F3CD6), ref: 007E2DE0
                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,007DE6D1,?,00878A48,00000010,007B4F4A,?,?,00000000,007F3CD6), ref: 007E2DEC
                                                                            • _abort.LIBCMT ref: 007E2DF2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_free$_abort
                                                                            • String ID:
                                                                            • API String ID: 3160817290-0
                                                                            • Opcode ID: 30691485b4a6b20d126be4be2b8801a9c5ac44aa787ae20c930edb3673c64dcb
                                                                            • Instruction ID: dcd59a9627bac9f6fcdb89895675d94b15d61b2987c9438e7278907d289b71f5
                                                                            • Opcode Fuzzy Hash: 30691485b4a6b20d126be4be2b8801a9c5ac44aa787ae20c930edb3673c64dcb
                                                                            • Instruction Fuzzy Hash: 8DF0F935607580B7C25267376C0EA1A265DBBCA7A4F314119F624D32A3EE2C88034160
                                                                            Function 00848A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007C9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007C9693
                                                                              • Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96A2
                                                                              • Part of subcall function 007C9639: BeginPath.GDI32(?), ref: 007C96B9
                                                                              • Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96E2
                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00848A4E
                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 00848A62
                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00848A70
                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 00848A80
                                                                            • EndPath.GDI32(?), ref: 00848A90
                                                                            • StrokePath.GDI32(?), ref: 00848AA0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                            • String ID:
                                                                            • API String ID: 43455801-0
                                                                            • Opcode ID: 3d321a40a4a2f199871ad92441e7804a5175939dfea7f1ba3df9303118f39fef
                                                                            • Instruction ID: 6fc316a5b477960c6d52a3f73b5bf95c4b115089fbf2906a7f119267e4524209
                                                                            • Opcode Fuzzy Hash: 3d321a40a4a2f199871ad92441e7804a5175939dfea7f1ba3df9303118f39fef
                                                                            • Instruction Fuzzy Hash: F411057600111CFFEF129F94DC88EAA7F6CFB09394F048022FA199A1A1C771AD55DBA0
                                                                            Function 008151FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDC.USER32(00000000), ref: 00815218
                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00815229
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00815230
                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00815238
                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0081524F
                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00815261
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CapsDevice$Release
                                                                            • String ID:
                                                                            • API String ID: 1035833867-0
                                                                            • Opcode ID: 2b35a14a6b9404fa82cd2ee3cf8cede32e987296bda9735f90f77c51db30cb75
                                                                            • Instruction ID: 26fcf05aff55e071b714a06cb8017ff89b591e320e8addc1cc98217dd0ef9d72
                                                                            • Opcode Fuzzy Hash: 2b35a14a6b9404fa82cd2ee3cf8cede32e987296bda9735f90f77c51db30cb75
                                                                            • Instruction Fuzzy Hash: B1014F75A01719BBEB109BA69C49A5EBFBCFF49751F048066FA04E7291DA709800CFA0
                                                                            Function 007B1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 007B1BF4
                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 007B1BFC
                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 007B1C07
                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 007B1C12
                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 007B1C1A
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 007B1C22
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Virtual
                                                                            • String ID:
                                                                            • API String ID: 4278518827-0
                                                                            • Opcode ID: 63b053ac44c51eae03ab861f12dd4979592de3ca2760f43d626d9661ffc6f3f0
                                                                            • Instruction ID: 3f8686ace90b27130a065b1dffd0cc3d05dc5a0dd8acd1c2a841b472654460b8
                                                                            • Opcode Fuzzy Hash: 63b053ac44c51eae03ab861f12dd4979592de3ca2760f43d626d9661ffc6f3f0
                                                                            • Instruction Fuzzy Hash: B10167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CFE5
                                                                            Function 0081EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0081EB30
                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0081EB46
                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 0081EB55
                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0081EB64
                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0081EB6E
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0081EB75
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                            • String ID:
                                                                            • API String ID: 839392675-0
                                                                            • Opcode ID: e66797af8c43b99b37343f043edbcd3cdcb46727e616ce3037a06bf5ea47335d
                                                                            • Instruction ID: 901d6b6c9596cd258f93bb76504fc56fc0e80b314647739ba9a3f5df6893303c
                                                                            • Opcode Fuzzy Hash: e66797af8c43b99b37343f043edbcd3cdcb46727e616ce3037a06bf5ea47335d
                                                                            • Instruction Fuzzy Hash: D1F0BEBA202158BBE7605B629C0EEEF3E7CFFCBB11F004158FA02E1090D7A01A01C6B4
                                                                            Function 00807439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClientRect.USER32(?), ref: 00807452
                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00807469
                                                                            • GetWindowDC.USER32(?), ref: 00807475
                                                                            • GetPixel.GDI32(00000000,?,?), ref: 00807484
                                                                            • ReleaseDC.USER32(?,00000000), ref: 00807496
                                                                            • GetSysColor.USER32(00000005), ref: 008074B0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                            • String ID:
                                                                            • API String ID: 272304278-0
                                                                            • Opcode ID: acb979966e7a7a8ae8b3401b6dc3d0b94f7d225158ff5ee21d12e7a87cc43d1b
                                                                            • Instruction ID: a1a110e5c03d7311928d127f5015a7cefbee78a13102714282868b4eb6ec928e
                                                                            • Opcode Fuzzy Hash: acb979966e7a7a8ae8b3401b6dc3d0b94f7d225158ff5ee21d12e7a87cc43d1b
                                                                            • Instruction Fuzzy Hash: 6D018635801605EFEB905FA4DC08BAE7BB9FB05321F224068FA16A21A1CB312E41EB14
                                                                            Function 00811874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0081187F
                                                                            • UnloadUserProfile.USERENV(?,?), ref: 0081188B
                                                                            • CloseHandle.KERNEL32(?), ref: 00811894
                                                                            • CloseHandle.KERNEL32(?), ref: 0081189C
                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 008118A5
                                                                            • HeapFree.KERNEL32(00000000), ref: 008118AC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                            • String ID:
                                                                            • API String ID: 146765662-0
                                                                            • Opcode ID: 16a481885e78c2fa61b1b01d01873b95588c74c7b80c024a57098c4260f90122
                                                                            • Instruction ID: 1c0937363f03f0a46bf8fc9774ef32a150b21399f27d2067bf766a607b505bf1
                                                                            • Opcode Fuzzy Hash: 16a481885e78c2fa61b1b01d01873b95588c74c7b80c024a57098c4260f90122
                                                                            • Instruction Fuzzy Hash: B1E0E53A206101BBDB415FA5ED0C90AFF3DFF4AB22B108220F22581170CB329420DF50
                                                                            Function 0081C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625
                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0081C6EE
                                                                            • _wcslen.LIBCMT ref: 0081C735
                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0081C79C
                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0081C7CA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                            • String ID: 0
                                                                            • API String ID: 1227352736-4108050209
                                                                            • Opcode ID: d378e557efb11aed9cfaead9b92d2c877bff3fb23bc0d371c9f8dd0be77a9531
                                                                            • Instruction ID: eb8bf6c51b4bbe777219372a5a75404beadabe73d54c1f13d426a15ea12e24b4
                                                                            • Opcode Fuzzy Hash: d378e557efb11aed9cfaead9b92d2c877bff3fb23bc0d371c9f8dd0be77a9531
                                                                            • Instruction Fuzzy Hash: FE51AD716843019BD714AF28C889BEA77ECFF59314F040A2DF996D21E1DBA4D984CB52
                                                                            Function 0081719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00817206
                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0081723C
                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0081724D
                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 008172CF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                            • String ID: DllGetClassObject
                                                                            • API String ID: 753597075-1075368562
                                                                            • Opcode ID: 38a6ffc5ca8cbca647b1fc7f10cd762c66a8f94732e9ebd2ada5964b33278f4b
                                                                            • Instruction ID: 1ca5c98b3e6a3f8f05037f39f97756a81cdd12291725abb556c542c6cfa0c9e7
                                                                            • Opcode Fuzzy Hash: 38a6ffc5ca8cbca647b1fc7f10cd762c66a8f94732e9ebd2ada5964b33278f4b
                                                                            • Instruction Fuzzy Hash: D9412971A04205AFDB15CF54C884ADA7BBDFF49314B1480ADBD0ADF20AD7B1D985CBA0
                                                                            Function 00843D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00843E35
                                                                            • IsMenu.USER32(?), ref: 00843E4A
                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00843E92
                                                                            • DrawMenuBar.USER32 ref: 00843EA5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Item$DrawInfoInsert
                                                                            • String ID: 0
                                                                            • API String ID: 3076010158-4108050209
                                                                            • Opcode ID: 45180c6f9bd4b2ccfb32527353aac6a5f9f7ddb61013cd8a837b161c1244ee81
                                                                            • Instruction ID: b52c46acbfc5dd71368a9f03236ddabf6cb1de7dcc274b189626b5d1a03da5cf
                                                                            • Opcode Fuzzy Hash: 45180c6f9bd4b2ccfb32527353aac6a5f9f7ddb61013cd8a837b161c1244ee81
                                                                            • Instruction Fuzzy Hash: CF414575A0220DEFDB10EF64D884AAABBB9FF49354F044129E915EB650D730AE45CF60
                                                                            Function 00811DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                              • Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA
                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00811E66
                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00811E79
                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 00811EA9
                                                                              • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$_wcslen$ClassName
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 2081771294-1403004172
                                                                            • Opcode ID: a53d673d4eddfad0e43288959870c60e66c2f82700560289a58195870686ea9a
                                                                            • Instruction ID: 6dd28082749322f52527f9083762dc85afc477b2eb9fa2f146637e5ffa25ed64
                                                                            • Opcode Fuzzy Hash: a53d673d4eddfad0e43288959870c60e66c2f82700560289a58195870686ea9a
                                                                            • Instruction Fuzzy Hash: 6B210771A00108BADF14ABA4DC4DDFFB7BDFF45354B104119FA26E71E1DB3849459620
                                                                            Function 0083C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen
                                                                            • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                            • API String ID: 176396367-4004644295
                                                                            • Opcode ID: 96e607f1653f1de3847f50a58d7f48ca195059fd82775beab904785784a4a181
                                                                            • Instruction ID: ad75427804bba44a9bc872dc04acdd8cf432934fbf873aaaf5179b6f6b166b7d
                                                                            • Opcode Fuzzy Hash: 96e607f1653f1de3847f50a58d7f48ca195059fd82775beab904785784a4a181
                                                                            • Instruction Fuzzy Hash: 6A31B1B2A001798BCB20EF6D98545BE33A1FBE1754F154029E855FB349EA75CD44D3E0
                                                                            Function 00842F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00842F8D
                                                                            • LoadLibraryW.KERNEL32(?), ref: 00842F94
                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00842FA9
                                                                            • DestroyWindow.USER32(?), ref: 00842FB1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                            • String ID: SysAnimate32
                                                                            • API String ID: 3529120543-1011021900
                                                                            • Opcode ID: 62840c4a7149199b99da4e1aa952f25cc0ae62149e190b09335d082f571e427d
                                                                            • Instruction ID: d45e6647133c00990e823b7ae1700e6fe0e827252d86e0245c9451369a3b9770
                                                                            • Opcode Fuzzy Hash: 62840c4a7149199b99da4e1aa952f25cc0ae62149e190b09335d082f571e427d
                                                                            • Instruction Fuzzy Hash: 5821AE7120820DABEB205F64DC84EBB77BDFB69364F904218F950D2190DB71DC559760
                                                                            Function 007D4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,007D4D1E,007E28E9,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002), ref: 007D4D8D
                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 007D4DA0
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,007D4D1E,007E28E9,?,007D4CBE,007E28E9,008788B8,0000000C,007D4E15,007E28E9,00000002,00000000), ref: 007D4DC3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                            • API String ID: 4061214504-1276376045
                                                                            • Opcode ID: 8400c6adf447e1ce7be9f633a421b9195ce8996fef8a6b3035f2c9ce3c026de3
                                                                            • Instruction ID: 009cc838ae82663efe9e218ba111b8a39ed9961825e89eb936bcd1728044c400
                                                                            • Opcode Fuzzy Hash: 8400c6adf447e1ce7be9f633a421b9195ce8996fef8a6b3035f2c9ce3c026de3
                                                                            • Instruction Fuzzy Hash: A6F04F35A41208BBDB519F90DC49BADBFB9FF48756F0000A9F909A2360DB359940CED0
                                                                            Function 0080D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32 ref: 0080D3AD
                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0080D3BF
                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0080D3E5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$AddressFreeLoadProc
                                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                                            • API String ID: 145871493-2590602151
                                                                            • Opcode ID: 803d85b4c19a42dda54a395bf521526526d6d7a17e6ad91fb263cb61b7087ae2
                                                                            • Instruction ID: 50cf7d2b85a3fb04d981a5bf85736a1ed49d82a929f3706e93277faa45b8956b
                                                                            • Opcode Fuzzy Hash: 803d85b4c19a42dda54a395bf521526526d6d7a17e6ad91fb263cb61b7087ae2
                                                                            • Instruction Fuzzy Hash: 9EF05C75407714EBD7F117904C08A197718FF11705B558059F801E12C9EB24DD44C795
                                                                            Function 007B4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E9C
                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007B4EAE
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,007B4EDD,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4EC0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$AddressFreeLoadProc
                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                            • API String ID: 145871493-3689287502
                                                                            • Opcode ID: 91501abc1e4e3c3b6cebd153be5206cabbfd4d53cfcfcd39315af6641b26217c
                                                                            • Instruction ID: 2cf28801316f23443af8c7466a14622f30a442b876fc85099be98b51582b6bda
                                                                            • Opcode Fuzzy Hash: 91501abc1e4e3c3b6cebd153be5206cabbfd4d53cfcfcd39315af6641b26217c
                                                                            • Instruction Fuzzy Hash: 05E01D39A036225BD3B11B296C19B9F755CFF82F667050115FD05D2256DB6CCD01C5A1
                                                                            Function 007B4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E62
                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007B4E74
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,007F3CDE,?,00881418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 007B4E87
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$AddressFreeLoadProc
                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                            • API String ID: 145871493-1355242751
                                                                            • Opcode ID: 7891c0e88bb014a026f9a1884b5abb12965c8ba9d4e8197aa0781b516d3ca84e
                                                                            • Instruction ID: 9e149030d5132c0ccb954c4f8892cf3a71f8393d6646c3f192616eb68c94063c
                                                                            • Opcode Fuzzy Hash: 7891c0e88bb014a026f9a1884b5abb12965c8ba9d4e8197aa0781b516d3ca84e
                                                                            • Instruction Fuzzy Hash: 97D01239503A615756A21B256C1CECB7B1CFF86B653054515B905E2215CF69CD01C5E1
                                                                            Function 00822947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00822C05
                                                                            • DeleteFileW.KERNEL32(?), ref: 00822C87
                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00822C9D
                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00822CAE
                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00822CC0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: File$Delete$Copy
                                                                            • String ID:
                                                                            • API String ID: 3226157194-0
                                                                            • Opcode ID: e1418647f15477fc153d24a79e0b4b6c33fe898b344572febf70c5b13b463224
                                                                            • Instruction ID: 63e30089b1e106abe8d7d06f8cbb448471273090a60a21a06621a022785827c6
                                                                            • Opcode Fuzzy Hash: e1418647f15477fc153d24a79e0b4b6c33fe898b344572febf70c5b13b463224
                                                                            • Instruction Fuzzy Hash: BFB14E71900129ABDF21EBA4DC89EDEB77DFF49350F1040A6F509E6251EA349A848B61
                                                                            Function 0083A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentProcessId.KERNEL32 ref: 0083A427
                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0083A435
                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0083A468
                                                                            • CloseHandle.KERNEL32(?), ref: 0083A63D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                            • String ID:
                                                                            • API String ID: 3488606520-0
                                                                            • Opcode ID: a942619eb881ba7aaad3c3eda8f56ef51a977885ed7b09dcb719623cb619ed74
                                                                            • Instruction ID: e88a837d78b4ac00a62b3dc50a748321c95022841be92e8bd062cacdef286bf5
                                                                            • Opcode Fuzzy Hash: a942619eb881ba7aaad3c3eda8f56ef51a977885ed7b09dcb719623cb619ed74
                                                                            • Instruction Fuzzy Hash: 15A18B71604300AFD724DF24C886F2AB7E5AF84714F14885DF99ADB292DBB4ED41CB92
                                                                            Function 0081E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0081CF22,?), ref: 0081DDFD
                                                                              • Part of subcall function 0081DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0081CF22,?), ref: 0081DE16
                                                                              • Part of subcall function 0081E199: GetFileAttributesW.KERNEL32(?,0081CF95), ref: 0081E19A
                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0081E473
                                                                            • MoveFileW.KERNEL32(?,?), ref: 0081E4AC
                                                                            • _wcslen.LIBCMT ref: 0081E5EB
                                                                            • _wcslen.LIBCMT ref: 0081E603
                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0081E650
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                            • String ID:
                                                                            • API String ID: 3183298772-0
                                                                            • Opcode ID: 51147a078b55d69c0d916ce7ce82d8b678ecd426660258f6de41b1658309781f
                                                                            • Instruction ID: 26cac6b81c3406e3b3c6c13bf8bc32650a8d8f255ae7dd6e01368d19f0ea68fa
                                                                            • Opcode Fuzzy Hash: 51147a078b55d69c0d916ce7ce82d8b678ecd426660258f6de41b1658309781f
                                                                            • Instruction Fuzzy Hash: 765162B24087459BC724DBA4DC859DBB3ECEF85340F00491EFA89D3151EF74A688C76A
                                                                            Function 0083B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                              • Part of subcall function 0083C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083B6AE,?,?), ref: 0083C9B5
                                                                              • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083C9F1
                                                                              • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA68
                                                                              • Part of subcall function 0083C998: _wcslen.LIBCMT ref: 0083CA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0083BAA5
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0083BB00
                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0083BB63
                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 0083BBA6
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0083BBB3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                            • String ID:
                                                                            • API String ID: 826366716-0
                                                                            • Opcode ID: 976e26c04b20bc5a12d954d09e38dc3fbec1d8eeaebcadf6e6dbb938daf35e18
                                                                            • Instruction ID: 915a1bf8fdf480946be1e8e1bf6379da5583708308921a02e4bb1aa5b71d09d6
                                                                            • Opcode Fuzzy Hash: 976e26c04b20bc5a12d954d09e38dc3fbec1d8eeaebcadf6e6dbb938daf35e18
                                                                            • Instruction Fuzzy Hash: D161BE71209241EFC314DF24C494E6ABBE9FF84318F14899CF5998B2A2DB31ED45CB92
                                                                            Function 00818BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(?), ref: 00818BCD
                                                                            • VariantClear.OLEAUT32 ref: 00818C3E
                                                                            • VariantClear.OLEAUT32 ref: 00818C9D
                                                                            • VariantClear.OLEAUT32(?), ref: 00818D10
                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00818D3B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                            • String ID:
                                                                            • API String ID: 4136290138-0
                                                                            • Opcode ID: a192d7347853d5542ce2014cbe6a5da05734a6ca6751ca69ea49e780e344b7ca
                                                                            • Instruction ID: 0717e7c583a6d0fa4bff7d2146e98a97055155ff2052df60ec8de89695b084e9
                                                                            • Opcode Fuzzy Hash: a192d7347853d5542ce2014cbe6a5da05734a6ca6751ca69ea49e780e344b7ca
                                                                            • Instruction Fuzzy Hash: 0A5167B5A00219EFCB10CF68D884AAAB7F8FF89314B158559F909DB350E730E911CF90
                                                                            Function 00828AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00828BAE
                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00828BDA
                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00828C32
                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00828C57
                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00828C5F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                            • String ID:
                                                                            • API String ID: 2832842796-0
                                                                            • Opcode ID: 2b984eb55d4475901035b574e47172ee16e081fb628804f5c909e8120298431a
                                                                            • Instruction ID: fa45f049807b4b4658e5e3b8ac8dea22e9d34fc12c947db5d23689723375dc57
                                                                            • Opcode Fuzzy Hash: 2b984eb55d4475901035b574e47172ee16e081fb628804f5c909e8120298431a
                                                                            • Instruction Fuzzy Hash: 75514A35A00215EFCB15DF64C885EA9BBF5FF49314F088498E849AB362DB35ED51CBA0
                                                                            Function 00838EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00838F40
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00838FD0
                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00838FEC
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00839032
                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00839052
                                                                              • Part of subcall function 007CF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00821043,?,753CE610), ref: 007CF6E6
                                                                              • Part of subcall function 007CF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0080FA64,00000000,00000000,?,?,00821043,?,753CE610,?,0080FA64), ref: 007CF70D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                            • String ID:
                                                                            • API String ID: 666041331-0
                                                                            • Opcode ID: 60b51738f433137863be13f074e00037ba21b3dfdb835d238feef0e5b49281e2
                                                                            • Instruction ID: a0350f6636dbbd63f69f6436dd1a36ffdc0ec5de9dcb23ca5d10eb111f0f1044
                                                                            • Opcode Fuzzy Hash: 60b51738f433137863be13f074e00037ba21b3dfdb835d238feef0e5b49281e2
                                                                            • Instruction Fuzzy Hash: FE514834605205DFCB14DF68C4989ADBBF1FF89314F0480A8E90AAB362DB75ED85CB90
                                                                            Function 00846B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00846C33
                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 00846C4A
                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00846C73
                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0082AB79,00000000,00000000), ref: 00846C98
                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00846CC7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long$MessageSendShow
                                                                            • String ID:
                                                                            • API String ID: 3688381893-0
                                                                            • Opcode ID: 0bd301e41e89acbcd5a0d1cf7fe45fc9cea840b2b52f67f29b0494202971e972
                                                                            • Instruction ID: bf290d726349df6672adf69598dc108a22ab4fab9ab384f58dcfef6a0b400646
                                                                            • Opcode Fuzzy Hash: 0bd301e41e89acbcd5a0d1cf7fe45fc9cea840b2b52f67f29b0494202971e972
                                                                            • Instruction Fuzzy Hash: EB41D935A0410CAFD724CF68CC98FA57BA9FB0B364F150258F895D72E0E771AD61DA41
                                                                            Function 007E2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free
                                                                            • String ID:
                                                                            • API String ID: 269201875-0
                                                                            • Opcode ID: 0eb78f96a2d8b70f85663c875dd3ea4a588c74c1f7e835f28c071646dbfae687
                                                                            • Instruction ID: a2ace22b2959035da55e73dfb98ff87d8fb33481e20233f5ce4637c4b0a496d2
                                                                            • Opcode Fuzzy Hash: 0eb78f96a2d8b70f85663c875dd3ea4a588c74c1f7e835f28c071646dbfae687
                                                                            • Instruction Fuzzy Hash: FB41E232A01204DFCB24DF79C885A5DB3B9EF89310F1545ADE515EB392EA35EE02CB80
                                                                            Function 007C912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCursorPos.USER32(?), ref: 007C9141
                                                                            • ScreenToClient.USER32(00000000,?), ref: 007C915E
                                                                            • GetAsyncKeyState.USER32(00000001), ref: 007C9183
                                                                            • GetAsyncKeyState.USER32(00000002), ref: 007C919D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                            • String ID:
                                                                            • API String ID: 4210589936-0
                                                                            • Opcode ID: c7a1f87ea00286cef786fa22f82dcbcdb86e55a9ef9ba07dfde3bf59a246bcbc
                                                                            • Instruction ID: 53753f3889a0405dc13dd51329f2ab2f2b46feab1224bd42bfdc1a860809580f
                                                                            • Opcode Fuzzy Hash: c7a1f87ea00286cef786fa22f82dcbcdb86e55a9ef9ba07dfde3bf59a246bcbc
                                                                            • Instruction Fuzzy Hash: 0C416C31A0860AFBDF559F68C849BEEB774FB05324F248229E529A32E0C7346950CB91
                                                                            Function 00823874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetInputState.USER32 ref: 008238CB
                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00823922
                                                                            • TranslateMessage.USER32(?), ref: 0082394B
                                                                            • DispatchMessageW.USER32(?), ref: 00823955
                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00823966
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                            • String ID:
                                                                            • API String ID: 2256411358-0
                                                                            • Opcode ID: 4894f866e29422d1f4e86404c3d0eb82b22f019ffc277909dcf7b52d18bac3a0
                                                                            • Instruction ID: 83b34daef70e1c388b4c92db7a439930e9093cfff362392c97868da0fd45ed9a
                                                                            • Opcode Fuzzy Hash: 4894f866e29422d1f4e86404c3d0eb82b22f019ffc277909dcf7b52d18bac3a0
                                                                            • Instruction Fuzzy Hash: 6831C6709043659EEF25CB38A869BB67FACFB07304F04056DE462D65A0E7BCA6C5CB11
                                                                            Function 0082CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0082CF38
                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 0082CF6F
                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,0082C21E,00000000), ref: 0082CFB4
                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0082C21E,00000000), ref: 0082CFC8
                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0082C21E,00000000), ref: 0082CFF2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                            • String ID:
                                                                            • API String ID: 3191363074-0
                                                                            • Opcode ID: 4101f05bc9bef8b04cb31701f682e2626987dc3601f44185d5e31de2c06d7a4e
                                                                            • Instruction ID: bc3f59297ca6893e6a1530d6481a83bac904f5691e828558d9d1594bb90b8d49
                                                                            • Opcode Fuzzy Hash: 4101f05bc9bef8b04cb31701f682e2626987dc3601f44185d5e31de2c06d7a4e
                                                                            • Instruction Fuzzy Hash: 12314C71600615EFDB20DFA5E984ABFBBFAFB15354B10442EF516D2150DBB0AE80DB60
                                                                            Function 00811901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowRect.USER32(?,?), ref: 00811915
                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 008119C1
                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 008119C9
                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 008119DA
                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 008119E2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePostSleep$RectWindow
                                                                            • String ID:
                                                                            • API String ID: 3382505437-0
                                                                            • Opcode ID: 9ac17af2adc12d955f4c2c8da24d0e2a6d1db0afabe856773213eb118223bd26
                                                                            • Instruction ID: 53003239f63097f18dc77db06ff1d4ddf5325693e3a1fbcb74e5d9ae406b500b
                                                                            • Opcode Fuzzy Hash: 9ac17af2adc12d955f4c2c8da24d0e2a6d1db0afabe856773213eb118223bd26
                                                                            • Instruction Fuzzy Hash: 40318A75A00219AFCB00CFA8C999ADE3BB9FF05315F108229FA21E72D1C7709984CB91
                                                                            Function 00845706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00845745
                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 0084579D
                                                                            • _wcslen.LIBCMT ref: 008457AF
                                                                            • _wcslen.LIBCMT ref: 008457BA
                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00845816
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$_wcslen
                                                                            • String ID:
                                                                            • API String ID: 763830540-0
                                                                            • Opcode ID: 1dd6da03817f53a8a0e6af1bad776a351c0ddc6e953d428ac5c19a5d563f32e6
                                                                            • Instruction ID: fa9c51b16bf1c031e6374f46f664e51548d8e4c4e0cd00c7353d73df8f0b3b50
                                                                            • Opcode Fuzzy Hash: 1dd6da03817f53a8a0e6af1bad776a351c0ddc6e953d428ac5c19a5d563f32e6
                                                                            • Instruction Fuzzy Hash: 7C21A57590461CEBDB209F64CC85AEE7BBCFF15328F108226E929EA181D7709985CF50
                                                                            Function 007C990F Relevance: 7.6, APIs: 5, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSysColor.USER32(00000008), ref: 007C98CC
                                                                            • SetTextColor.GDI32(?,?), ref: 007C98D6
                                                                            • SetBkMode.GDI32(?,00000001), ref: 007C98E9
                                                                            • GetStockObject.GDI32(00000005), ref: 007C98F1
                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 007C9952
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$LongModeObjectStockTextWindow
                                                                            • String ID:
                                                                            • API String ID: 1860813098-0
                                                                            • Opcode ID: c4ed082e7e131905690d74d6f5a63ff9b4ed92afd4dc3dd7b5dcfad2ffd47669
                                                                            • Instruction ID: 459d8688670ddd7a197c83ef38b021c48ac8ab32e0af3e4620f31a56cfac5fce
                                                                            • Opcode Fuzzy Hash: c4ed082e7e131905690d74d6f5a63ff9b4ed92afd4dc3dd7b5dcfad2ffd47669
                                                                            • Instruction Fuzzy Hash: DA2147314462909FCBA24F34EC5CFE53FA4AF67321F09018EE6928B1E2D7396941CB10
                                                                            Function 00830930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsWindow.USER32(00000000), ref: 00830951
                                                                            • GetForegroundWindow.USER32 ref: 00830968
                                                                            • GetDC.USER32(00000000), ref: 008309A4
                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 008309B0
                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 008309E8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ForegroundPixelRelease
                                                                            • String ID:
                                                                            • API String ID: 4156661090-0
                                                                            • Opcode ID: fad088969bae27dec0015164babe6d7ddea8e4be3ed3f0492359b1ebcb207726
                                                                            • Instruction ID: 0aeea945fbd0d7a8874ef899441b9a99aabc184ccc356da6eecc438e4b021767
                                                                            • Opcode Fuzzy Hash: fad088969bae27dec0015164babe6d7ddea8e4be3ed3f0492359b1ebcb207726
                                                                            • Instruction Fuzzy Hash: A0219239A00214AFD714EF68D848AAEBBE9FF49700F04806DE846D7362CB74AD44CB90
                                                                            Function 007ECDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 007ECDC6
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 007ECDE9
                                                                              • Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 007ECE0F
                                                                            • _free.LIBCMT ref: 007ECE22
                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 007ECE31
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                            • String ID:
                                                                            • API String ID: 336800556-0
                                                                            • Opcode ID: 33aceb5797cb3254fc29298eab8c0a9a4fcdae383b1d93a68b22f95d3662e208
                                                                            • Instruction ID: 3f4d337ff001e79b0e2f16a6c807ff4035643e2d2ce196f07aea564aa84c5f84
                                                                            • Opcode Fuzzy Hash: 33aceb5797cb3254fc29298eab8c0a9a4fcdae383b1d93a68b22f95d3662e208
                                                                            • Instruction Fuzzy Hash: 8E01847A6032957F23261ABB6C8DD7B796DEECBBA1315012DF905D7201EA698D0381B0
                                                                            Function 007C9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007C9693
                                                                            • SelectObject.GDI32(?,00000000), ref: 007C96A2
                                                                            • BeginPath.GDI32(?), ref: 007C96B9
                                                                            • SelectObject.GDI32(?,00000000), ref: 007C96E2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                            • String ID:
                                                                            • API String ID: 3225163088-0
                                                                            • Opcode ID: b42091aa466ea46f667b2776bdd57513d1511fca4c010dcca144438f9a1a5a80
                                                                            • Instruction ID: 1c4e9ed553ffd97d0fef64e10dfb18dad075f3b0158eb04e6aff39dba5337549
                                                                            • Opcode Fuzzy Hash: b42091aa466ea46f667b2776bdd57513d1511fca4c010dcca144438f9a1a5a80
                                                                            • Instruction Fuzzy Hash: 58215B30802305EBDF519F68EC1CBA97FACBB51765F50421EF910A61F0DB78A892CB94
                                                                            Function 00815711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _memcmp
                                                                            • String ID:
                                                                            • API String ID: 2931989736-0
                                                                            • Opcode ID: c7d7e5386ca98366bc7bcdfea1c093dc8d2f8b73e55b4e78a695707d4bc12b90
                                                                            • Instruction ID: 25413c5e84caaaa0e60dcf7b542649df44b55df32e25dd2d924a241bb88e8c26
                                                                            • Opcode Fuzzy Hash: c7d7e5386ca98366bc7bcdfea1c093dc8d2f8b73e55b4e78a695707d4bc12b90
                                                                            • Instruction Fuzzy Hash: 550192A564161DFAE20855109D83EFA635CFFA13A8B404425FE14DA382F664ED9086A0
                                                                            Function 007E2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLastError.KERNEL32(?,?,?,007DF2DE,007E3863,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6), ref: 007E2DFD
                                                                            • _free.LIBCMT ref: 007E2E32
                                                                            • _free.LIBCMT ref: 007E2E59
                                                                            • SetLastError.KERNEL32(00000000,007B1129), ref: 007E2E66
                                                                            • SetLastError.KERNEL32(00000000,007B1129), ref: 007E2E6F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_free
                                                                            • String ID:
                                                                            • API String ID: 3170660625-0
                                                                            • Opcode ID: df45c3b02200e14756d5238aba1600b52b08895b55219034174a70bf49f27482
                                                                            • Instruction ID: 521cf5eebcaeb6d580a6a3d346326abb610d3a6f98020daf690945c2b78d19fc
                                                                            • Opcode Fuzzy Hash: df45c3b02200e14756d5238aba1600b52b08895b55219034174a70bf49f27482
                                                                            • Instruction Fuzzy Hash: 3001F436207690A7C61227776C4ED2B265DBBCE7A5B214028F425E32A3EA2CCC034520
                                                                            Function 0081000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?,?,0081035E), ref: 0081002B
                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810046
                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810054
                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?), ref: 00810064
                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0080FF41,80070057,?,?), ref: 00810070
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                            • String ID:
                                                                            • API String ID: 3897988419-0
                                                                            • Opcode ID: 96e983b06c80bb4208fd40589a61af3a1b8881d834301e66dc24c616ca5249da
                                                                            • Instruction ID: 64bdcb67ccf686346d9b879e84e4b9dc447b9c5ab1003b6c487e764d4845096f
                                                                            • Opcode Fuzzy Hash: 96e983b06c80bb4208fd40589a61af3a1b8881d834301e66dc24c616ca5249da
                                                                            • Instruction Fuzzy Hash: BE018F7A601608BFDB504F68DC04BEA7AADFF48791F144124F905D2211E7B1DE80CBA0
                                                                            Function 0081E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0081E997
                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 0081E9A5
                                                                            • Sleep.KERNEL32(00000000), ref: 0081E9AD
                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0081E9B7
                                                                            • Sleep.KERNEL32 ref: 0081E9F3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                            • String ID:
                                                                            • API String ID: 2833360925-0
                                                                            • Opcode ID: 5231acbe761e7f8d81d2d6ec7d405eb1b813db9adbe56b3f7e54c47b760429ce
                                                                            • Instruction ID: edec36c4912ebf244bc602849d9cdb259264adeb50844a12292837b97211c565
                                                                            • Opcode Fuzzy Hash: 5231acbe761e7f8d81d2d6ec7d405eb1b813db9adbe56b3f7e54c47b760429ce
                                                                            • Instruction Fuzzy Hash: 9201203580262DDBCF40ABA4D849AEDBF7CFF0A700F000546E902B2241DB309690CBA2
                                                                            Function 008110F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00811114
                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811120
                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 0081112F
                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00810B9B,?,?,?), ref: 00811136
                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0081114D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 842720411-0
                                                                            • Opcode ID: cb6f4c165fb0fb4777619a384924a86f03e72a424da3677912162897220db374
                                                                            • Instruction ID: 4948babb6b55032bf9debff093acc5b7f3d2f3789d98eebd645afd4b7d59864a
                                                                            • Opcode Fuzzy Hash: cb6f4c165fb0fb4777619a384924a86f03e72a424da3677912162897220db374
                                                                            • Instruction Fuzzy Hash: 37011D79101205BFDB514FA5DC4DAAA7B6EFF86364B104419FA45D7360DA31DC40DA60
                                                                            Function 00810FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00810FCA
                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00810FD6
                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00810FE5
                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00810FEC
                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00811002
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 44706859-0
                                                                            • Opcode ID: 567998ea6ecc569b2c923c110b2fb9ce9f7666ecd1e892198d061c37184415d0
                                                                            • Instruction ID: ccb2c210ecf68ee371e23e2ba8fff4d4b211dd63b5159a1e00ef72f49331ce83
                                                                            • Opcode Fuzzy Hash: 567998ea6ecc569b2c923c110b2fb9ce9f7666ecd1e892198d061c37184415d0
                                                                            • Instruction Fuzzy Hash: 62F06D39602701EBDB214FA4DC4DF963BADFF8ABA2F104415FA45C7251CA70DC80CA60
                                                                            Function 00811014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0081102A
                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00811036
                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811045
                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0081104C
                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811062
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 44706859-0
                                                                            • Opcode ID: 7fe515ebbb15722272c67178beac765ac5fc3883313d04f2c9e8ba271953a579
                                                                            • Instruction ID: 2bcc944d465dc3453d9a31218299b08047f1b907c3da8dc3b30b59fb1ac4fd26
                                                                            • Opcode Fuzzy Hash: 7fe515ebbb15722272c67178beac765ac5fc3883313d04f2c9e8ba271953a579
                                                                            • Instruction Fuzzy Hash: 4CF06D39602701EBDB219FA5EC4DF963BADFF8A761F100415FA45C7250CA70D880CA60
                                                                            Function 0082030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820324
                                                                            • CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820331
                                                                            • CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 0082033E
                                                                            • CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 0082034B
                                                                            • CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820358
                                                                            • CloseHandle.KERNEL32(?,?,?,?,0082017D,?,008232FC,?,00000001,007F2592,?), ref: 00820365
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseHandle
                                                                            • String ID:
                                                                            • API String ID: 2962429428-0
                                                                            • Opcode ID: df780eb3b1c922f1286d6ed0b8409bec9e61ab02a9f457bb54375860e4e4e8bd
                                                                            • Instruction ID: 0c63a696e60e79dc9cb794e17bf8f878aa9cfbcbd47e62372855c1293170ac94
                                                                            • Opcode Fuzzy Hash: df780eb3b1c922f1286d6ed0b8409bec9e61ab02a9f457bb54375860e4e4e8bd
                                                                            • Instruction Fuzzy Hash: B101A272801B259FC7309F66E880412FBF9FF503153158A3FD19692A32C371A994CF80
                                                                            Function 007ED73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _free.LIBCMT ref: 007ED752
                                                                              • Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
                                                                              • Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0
                                                                            • _free.LIBCMT ref: 007ED764
                                                                            • _free.LIBCMT ref: 007ED776
                                                                            • _free.LIBCMT ref: 007ED788
                                                                            • _free.LIBCMT ref: 007ED79A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: b69ccbe27691a6ec38b43fee12e742f1ca277f1da36e9e5f952b85330fe1c2ec
                                                                            • Instruction ID: bd6ebfb9ac73924f51d1c557277c2270fc09ce7cbed4464583d9af027d63b1f6
                                                                            • Opcode Fuzzy Hash: b69ccbe27691a6ec38b43fee12e742f1ca277f1da36e9e5f952b85330fe1c2ec
                                                                            • Instruction Fuzzy Hash: D7F01232546288AB8671EB66F9CAC1A7BDDBB4C710B951819F058E7517C73CFCC08A64
                                                                            Function 00815C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00815C58
                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 00815C6F
                                                                            • MessageBeep.USER32(00000000), ref: 00815C87
                                                                            • KillTimer.USER32(?,0000040A), ref: 00815CA3
                                                                            • EndDialog.USER32(?,00000001), ref: 00815CBD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                            • String ID:
                                                                            • API String ID: 3741023627-0
                                                                            • Opcode ID: 16a0ae5c4d2fb85fe2779daa1bf284a94340040d0ceeb1ee761a69c692672ea0
                                                                            • Instruction ID: 627e3dc209650ed2377011df1c5101c19bfdd2a64e2d2a11bb0c088bb66bd2da
                                                                            • Opcode Fuzzy Hash: 16a0ae5c4d2fb85fe2779daa1bf284a94340040d0ceeb1ee761a69c692672ea0
                                                                            • Instruction Fuzzy Hash: D6016D74501B04EBEB205F50DD5EFE677BCFF51B05F010559A692A10E1DBF4AA84CA90
                                                                            Function 007E22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _free.LIBCMT ref: 007E22BE
                                                                              • Part of subcall function 007E29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000), ref: 007E29DE
                                                                              • Part of subcall function 007E29C8: GetLastError.KERNEL32(00000000,?,007ED7D1,00000000,00000000,00000000,00000000,?,007ED7F8,00000000,00000007,00000000,?,007EDBF5,00000000,00000000), ref: 007E29F0
                                                                            • _free.LIBCMT ref: 007E22D0
                                                                            • _free.LIBCMT ref: 007E22E3
                                                                            • _free.LIBCMT ref: 007E22F4
                                                                            • _free.LIBCMT ref: 007E2305
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: 472bfd149c02a6b76c73b535e97fe7867db6861468b3eff27b41f24d0901512c
                                                                            • Instruction ID: cd97b96eb10b8c821550071798ada21c1691fc384d3c32d3a7ed59b2041cd924
                                                                            • Opcode Fuzzy Hash: 472bfd149c02a6b76c73b535e97fe7867db6861468b3eff27b41f24d0901512c
                                                                            • Instruction Fuzzy Hash: 1CF030714021548B8A22AF59BC0A8083B6CFB1C760702551AF514E72B7CB3854539FA5
                                                                            Function 007C95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EndPath.GDI32(?), ref: 007C95D4
                                                                            • StrokeAndFillPath.GDI32(?,?,008071F7,00000000,?,?,?), ref: 007C95F0
                                                                            • SelectObject.GDI32(?,00000000), ref: 007C9603
                                                                            • DeleteObject.GDI32 ref: 007C9616
                                                                            • StrokePath.GDI32(?), ref: 007C9631
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                            • String ID:
                                                                            • API String ID: 2625713937-0
                                                                            • Opcode ID: 6eb0c816d0a68dbc80c67721d84fa3572191dbeab04b35dca851d55096734527
                                                                            • Instruction ID: 1e9463c47b0783279e18cc86912bea91b78c9048441a6df0216494a48cf85610
                                                                            • Opcode Fuzzy Hash: 6eb0c816d0a68dbc80c67721d84fa3572191dbeab04b35dca851d55096734527
                                                                            • Instruction Fuzzy Hash: C7F04934006A08EBDFA65F69ED1CBA43F69BB02322F448218F525650F0DB3499A2DF20
                                                                            Function 007E0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __freea$_free
                                                                            • String ID: a/p$am/pm
                                                                            • API String ID: 3432400110-3206640213
                                                                            • Opcode ID: 98798344badbd48bda0d0f144e126e0b5095605fee537814fbbcf2a6dcf91ed8
                                                                            • Instruction ID: 3db4e4a99945eb99a5924fc0ee9c9661e8a8a4c076818f38f0d67e60aeb86a7a
                                                                            • Opcode Fuzzy Hash: 98798344badbd48bda0d0f144e126e0b5095605fee537814fbbcf2a6dcf91ed8
                                                                            • Instruction Fuzzy Hash: 2DD11771A02285CACB249F6AC85BBFEB7B5FF0E300FA44159E6019B654D37D9D80CB91
                                                                            Function 00837B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007D0242: EnterCriticalSection.KERNEL32(0088070C,00881884,?,?,007C198B,00882518,?,?,?,007B12F9,00000000), ref: 007D024D
                                                                              • Part of subcall function 007D0242: LeaveCriticalSection.KERNEL32(0088070C,?,007C198B,00882518,?,?,?,007B12F9,00000000), ref: 007D028A
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                              • Part of subcall function 007D00A3: __onexit.LIBCMT ref: 007D00A9
                                                                            • __Init_thread_footer.LIBCMT ref: 00837BFB
                                                                              • Part of subcall function 007D01F8: EnterCriticalSection.KERNEL32(0088070C,?,?,007C8747,00882514), ref: 007D0202
                                                                              • Part of subcall function 007D01F8: LeaveCriticalSection.KERNEL32(0088070C,?,007C8747,00882514), ref: 007D0235
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                            • String ID: 5$G$Variable must be of type 'Object'.
                                                                            • API String ID: 535116098-3733170431
                                                                            • Opcode ID: 66a08e135c1d1e6d268eee57146bbd1769b425eb253d553f9993e53c73791bb7
                                                                            • Instruction ID: 6cad68b10ba1a0657eed0d5186ee161fd164dd21ed18c516b8b9852417ea3775
                                                                            • Opcode Fuzzy Hash: 66a08e135c1d1e6d268eee57146bbd1769b425eb253d553f9993e53c73791bb7
                                                                            • Instruction Fuzzy Hash: 65917CB0A04209EFCB24EF98D8959ADB7B1FF85304F108059F806DB292DB75EE45CB91
                                                                            Function 007E5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: JO{
                                                                            • API String ID: 0-846867066
                                                                            • Opcode ID: db4b4780b453edcbef913ad2e4f8ff9962b886cba1727ce5e0cb94b67ae62a1b
                                                                            • Instruction ID: 79a090f00dfc20f44a4340e164f320a29d4891ace195dfdb7bcb15e5fb5ce256
                                                                            • Opcode Fuzzy Hash: db4b4780b453edcbef913ad2e4f8ff9962b886cba1727ce5e0cb94b67ae62a1b
                                                                            • Instruction Fuzzy Hash: AD51D771D0268EDFCB119FA6C849FAE7BB4BF0D318F14005AF405A72A2D6799901CB61
                                                                            Function 007E8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 007E8B6E
                                                                            • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 007E8B7A
                                                                            • __dosmaperr.LIBCMT ref: 007E8B81
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                            • String ID: .}
                                                                            • API String ID: 2434981716-2266125135
                                                                            • Opcode ID: d46a6e18b7d10b955ebdf18155fa8791c0d367eb3b81288f56b547a0cad9b8e8
                                                                            • Instruction ID: 2bd3054b87ab96cd1e0d88641f715f099e9ff838e6c2bbe03631b14d30f6a939
                                                                            • Opcode Fuzzy Hash: d46a6e18b7d10b955ebdf18155fa8791c0d367eb3b81288f56b547a0cad9b8e8
                                                                            • Instruction Fuzzy Hash: F8417EF06051C5AFC7659F5AC880A7D7FA6EF8D304B1881AAF45D8B242DE35CC02C751
                                                                            Function 00812716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0081B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008121D0,?,?,00000034,00000800,?,00000034), ref: 0081B42D
                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00812760
                                                                              • Part of subcall function 0081B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008121FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0081B3F8
                                                                              • Part of subcall function 0081B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0081B355
                                                                              • Part of subcall function 0081B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00812194,00000034,?,?,00001004,00000000,00000000), ref: 0081B365
                                                                              • Part of subcall function 0081B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00812194,00000034,?,?,00001004,00000000,00000000), ref: 0081B37B
                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008127CD
                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0081281A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                            • String ID: @
                                                                            • API String ID: 4150878124-2766056989
                                                                            • Opcode ID: 1cf53c891e77df89c195903dfc5316426fe48ed5dadcc877db4e6a7f0bf23a84
                                                                            • Instruction ID: 667b42cc3c2581723e5112010567061f9352b72673e8ad9c43916afa68b1c857
                                                                            • Opcode Fuzzy Hash: 1cf53c891e77df89c195903dfc5316426fe48ed5dadcc877db4e6a7f0bf23a84
                                                                            • Instruction Fuzzy Hash: 63410E76900218AFDB10DFA8CD85ADEBBB8FF09700F108099FA55B7181DB706E95CB61
                                                                            Function 007E172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 007E1769
                                                                            • _free.LIBCMT ref: 007E1834
                                                                            • _free.LIBCMT ref: 007E183E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$FileModuleName
                                                                            • String ID: C:\Users\user\Desktop\file.exe
                                                                            • API String ID: 2506810119-1957095476
                                                                            • Opcode ID: c60b4b2e19d71f017cd5cf9c9ca7eb3fb29e52fa69ab0629d7c72ab802417951
                                                                            • Instruction ID: a0fd80694d2f3a71f29ce4c1abd4ed44b8140ca84823a14b1729bd03d08485c0
                                                                            • Opcode Fuzzy Hash: c60b4b2e19d71f017cd5cf9c9ca7eb3fb29e52fa69ab0629d7c72ab802417951
                                                                            • Instruction Fuzzy Hash: 9931C271A01298EFCB21DB9A9C8AD9EBBFCEF89720B504166F404D7211D7749E41CB90
                                                                            Function 0081C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0081C306
                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 0081C34C
                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00881990,01116508), ref: 0081C395
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Delete$InfoItem
                                                                            • String ID: 0
                                                                            • API String ID: 135850232-4108050209
                                                                            • Opcode ID: c313f3190f4823057509d40e889098223ec995e6ca8d8f40c877ca769163f721
                                                                            • Instruction ID: 4a42474d967ae21da25cfcc707abacc5cb04267dab61fcf0dce14183c7c1ebaa
                                                                            • Opcode Fuzzy Hash: c313f3190f4823057509d40e889098223ec995e6ca8d8f40c877ca769163f721
                                                                            • Instruction Fuzzy Hash: 5341AD312443019FD724DF29D884B9ABBE8FF85324F008A1EF9A5D7391D730A985CB62
                                                                            Function 00844416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0084CC08,00000000,?,?,?,?), ref: 008444AA
                                                                            • GetWindowLongW.USER32 ref: 008444C7
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 008444D7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long
                                                                            • String ID: SysTreeView32
                                                                            • API String ID: 847901565-1698111956
                                                                            • Opcode ID: 52808132590bf9e2a57b25bb5eced0ced1c14ba158a16bd354e300b9e096eed3
                                                                            • Instruction ID: 678c2a2f8208d07a7f7510120fe2889aac02b48f39ad2e0540155f51894a3524
                                                                            • Opcode Fuzzy Hash: 52808132590bf9e2a57b25bb5eced0ced1c14ba158a16bd354e300b9e096eed3
                                                                            • Instruction Fuzzy Hash: B7319C32201209ABDF209E38DC45BEA7BA9FB08334F219329F979E21D0D774EC509B50
                                                                            Function 0083304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0083335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00833077,?,?), ref: 00833378
                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0083307A
                                                                            • _wcslen.LIBCMT ref: 0083309B
                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 00833106
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                            • String ID: 255.255.255.255
                                                                            • API String ID: 946324512-2422070025
                                                                            • Opcode ID: 43439361629196dba8ee1a38035ea421ab47a523dacf2b87cfc29215e0f4e42c
                                                                            • Instruction ID: 1c35f26416379ed4bb949ce7da4d8c9fa5caf21feb0274e9bbfe3d4d2330df1b
                                                                            • Opcode Fuzzy Hash: 43439361629196dba8ee1a38035ea421ab47a523dacf2b87cfc29215e0f4e42c
                                                                            • Instruction Fuzzy Hash: 4031B039604605DFCB24CF68C595AAA77E0FF94318F248059E915CB3A2DB72EE45C7A0
                                                                            Function 00843EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00843F40
                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00843F54
                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00843F78
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window
                                                                            • String ID: SysMonthCal32
                                                                            • API String ID: 2326795674-1439706946
                                                                            • Opcode ID: 85439976975d445f7486fb9a8b411f8c13875e0c0f436af981f40ef5680dba5f
                                                                            • Instruction ID: 44d0af4b02267bb7c0b32a61af1e5b3b1c41195c778b067b962fa4f5c5e83f2d
                                                                            • Opcode Fuzzy Hash: 85439976975d445f7486fb9a8b411f8c13875e0c0f436af981f40ef5680dba5f
                                                                            • Instruction Fuzzy Hash: 2321BC32600219BBDF219F94DC46FEA3B79FF48728F110214FE15AB1D0DAB5A854CBA0
                                                                            Function 00844653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00844705
                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00844713
                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0084471A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$DestroyWindow
                                                                            • String ID: msctls_updown32
                                                                            • API String ID: 4014797782-2298589950
                                                                            • Opcode ID: 1665c2315baae876d40db1625875509403ae9e949d2281dab25a0b37a9c37495
                                                                            • Instruction ID: a576bc07c0e531e035fb7637e39ad36ca8bf837efffc3141a1335f1b97ab0764
                                                                            • Opcode Fuzzy Hash: 1665c2315baae876d40db1625875509403ae9e949d2281dab25a0b37a9c37495
                                                                            • Instruction Fuzzy Hash: 93214CB560020DAFEB10DF68DC85EA737ADFB5A394B050059FA15DB351CB34EC12CA60
                                                                            Function 008195AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen
                                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                            • API String ID: 176396367-2734436370
                                                                            • Opcode ID: 82b2bc4142944ed2496f4d944823270937b1d51264a430e921d53c122f974ed4
                                                                            • Instruction ID: c6fd24059aa02734bf3c7c14bc548ab0e3f2c20839342834fe7621f9b4ea49f3
                                                                            • Opcode Fuzzy Hash: 82b2bc4142944ed2496f4d944823270937b1d51264a430e921d53c122f974ed4
                                                                            • Instruction Fuzzy Hash: 74215B32104514A6D331AB24DC26FF773EDFFA1314F50402AF99AE7142EB59ADC1C2A5
                                                                            Function 008437B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00843840
                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00843850
                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00843876
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$MoveWindow
                                                                            • String ID: Listbox
                                                                            • API String ID: 3315199576-2633736733
                                                                            • Opcode ID: f29e4770825a1aaa6f1549ae238ac7c92cf446dcfe312e45bf2ceb6e67f85814
                                                                            • Instruction ID: 2ca54342396679de7e0696ffc64cd80124c3b7fb04e23d79aa855f5d3a1e9d10
                                                                            • Opcode Fuzzy Hash: f29e4770825a1aaa6f1549ae238ac7c92cf446dcfe312e45bf2ceb6e67f85814
                                                                            • Instruction Fuzzy Hash: 5C21BE7260021CBBEF219F54CC85FAB7B6EFF89764F108124F9449B190CA75DC5287A0
                                                                            Function 008249F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00824A08
                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00824A5C
                                                                            • SetErrorMode.KERNEL32(00000000,?,?,0084CC08), ref: 00824AD0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$InformationVolume
                                                                            • String ID: %lu
                                                                            • API String ID: 2507767853-685833217
                                                                            • Opcode ID: 230fdffe052b330e5cb6c6c4761f7ac9f27bea84096d0347f6a16eb042cc4470
                                                                            • Instruction ID: a5bb1de06864e3dba977b6e363c4ab67559932025201e3dba44c93468f5fd2ec
                                                                            • Opcode Fuzzy Hash: 230fdffe052b330e5cb6c6c4761f7ac9f27bea84096d0347f6a16eb042cc4470
                                                                            • Instruction Fuzzy Hash: 1F313E75A00219EFDB10DF64C885EAA7BF8FF09308F1480A9E909DB252D775EE45CB61
                                                                            Function 008441EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0084424F
                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00844264
                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00844271
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: msctls_trackbar32
                                                                            • API String ID: 3850602802-1010561917
                                                                            • Opcode ID: 52fa0a5feae4908afdc35cd9b845dcb3983bb6329d7fb6f835eda5ee8b94b8af
                                                                            • Instruction ID: fd4c9d430e0483fbc0d19a81c24f16447997f07d4de477dfa704de68f15cdca4
                                                                            • Opcode Fuzzy Hash: 52fa0a5feae4908afdc35cd9b845dcb3983bb6329d7fb6f835eda5ee8b94b8af
                                                                            • Instruction Fuzzy Hash: F811A03124024CBEEF205E69CC06FAB3BACFF95B64F114624FA55E60A0D6B1D8519B20
                                                                            Function 00812F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B6B57: _wcslen.LIBCMT ref: 007B6B6A
                                                                              • Part of subcall function 00812DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00812DC5
                                                                              • Part of subcall function 00812DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00812DD6
                                                                              • Part of subcall function 00812DA7: GetCurrentThreadId.KERNEL32 ref: 00812DDD
                                                                              • Part of subcall function 00812DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00812DE4
                                                                            • GetFocus.USER32 ref: 00812F78
                                                                              • Part of subcall function 00812DEE: GetParent.USER32(00000000), ref: 00812DF9
                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00812FC3
                                                                            • EnumChildWindows.USER32(?,0081303B), ref: 00812FEB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                            • String ID: %s%d
                                                                            • API String ID: 1272988791-1110647743
                                                                            • Opcode ID: 7605e713fbe674ab2f0055302b50a4e49f4aff4dfee9a38fcc9cb182caac3481
                                                                            • Instruction ID: 6d864dc5c5774d7c430060042c3e1e0f4e23c3d1d4aab316c091cbe00412f79b
                                                                            • Opcode Fuzzy Hash: 7605e713fbe674ab2f0055302b50a4e49f4aff4dfee9a38fcc9cb182caac3481
                                                                            • Instruction Fuzzy Hash: 0811C0B5200209ABCF446F64DC99FEE37AEFF98304F048079B909DB252DE3499858B70
                                                                            Function 00845882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008458C1
                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 008458EE
                                                                            • DrawMenuBar.USER32(?), ref: 008458FD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$InfoItem$Draw
                                                                            • String ID: 0
                                                                            • API String ID: 3227129158-4108050209
                                                                            • Opcode ID: ef89c0a736d63e01c89feb787392cf19c2d6ccc178ab7829fe7ac453c9ea2b9f
                                                                            • Instruction ID: 7aceac91597fe60d071b630399a89228b7d90c313046ff354b747c3d9f79646c
                                                                            • Opcode Fuzzy Hash: ef89c0a736d63e01c89feb787392cf19c2d6ccc178ab7829fe7ac453c9ea2b9f
                                                                            • Instruction Fuzzy Hash: DE016D3150121CEFDB619F11EC48BAEBFB9FB45764F108099E849DA152EB348A84EF21
                                                                            Function 0081007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f7d1563dfdedfb384480aa6b12b83faa3fe602aea29808be2f7e8236cb936180
                                                                            • Instruction ID: a866da967c318a4f187228eb2b4e7c0d2a871cc6cb3fb0c5c370d03d6d2ce90d
                                                                            • Opcode Fuzzy Hash: f7d1563dfdedfb384480aa6b12b83faa3fe602aea29808be2f7e8236cb936180
                                                                            • Instruction Fuzzy Hash: 86C13A75A0020AEFDB15CFA8C894AAEB7B9FF48704F208598E515EB251D771EDC1CB90
                                                                            Function 0083342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInitInitializeUninitialize
                                                                            • String ID:
                                                                            • API String ID: 1998397398-0
                                                                            • Opcode ID: 75b7353d982eb1e510f8e53a2ef54d8a8db8d23973a5207a08eea0dae982b883
                                                                            • Instruction ID: 92ce67a49cefdf139c223b5cde8093c237f6fd10137c43dda0d27d38cd258d19
                                                                            • Opcode Fuzzy Hash: 75b7353d982eb1e510f8e53a2ef54d8a8db8d23973a5207a08eea0dae982b883
                                                                            • Instruction Fuzzy Hash: 23A10575604200DFC714DF28C58AA6AB7E5FF89714F048859F98ADB362DB34EE41CB92
                                                                            Function 00810436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0084FC08,?), ref: 008105F0
                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0084FC08,?), ref: 00810608
                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,0084CC40,000000FF,?,00000000,00000800,00000000,?,0084FC08,?), ref: 0081062D
                                                                            • _memcmp.LIBVCRUNTIME ref: 0081064E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                            • String ID:
                                                                            • API String ID: 314563124-0
                                                                            • Opcode ID: c65a2eaed473acbcabbf1b14353dca9d19b167a6e3a89d09569248e735c725f5
                                                                            • Instruction ID: 6dc64e35e544a9c4072dd6513a524f173a7db8d840d7a988e65c304a5456cd02
                                                                            • Opcode Fuzzy Hash: c65a2eaed473acbcabbf1b14353dca9d19b167a6e3a89d09569248e735c725f5
                                                                            • Instruction Fuzzy Hash: 2481B775A00209EFCB04DF94C984AEEB7B9FF89315F204558E516EB250DB71AE86CF60
                                                                            Function 0083A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0083A6AC
                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0083A6BA
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 0083A79C
                                                                            • CloseHandle.KERNEL32(00000000), ref: 0083A7AB
                                                                              • Part of subcall function 007CCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,007F3303,?), ref: 007CCE8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                            • String ID:
                                                                            • API String ID: 1991900642-0
                                                                            • Opcode ID: b836cd6ace204ea59cfb14b6be409f65f59ec5a4f58a017f2e7934811dbb0a88
                                                                            • Instruction ID: f8582203b07980ea2a3d63e398105691cbf7a9e247aae5b9f8a1441f5ff7c530
                                                                            • Opcode Fuzzy Hash: b836cd6ace204ea59cfb14b6be409f65f59ec5a4f58a017f2e7934811dbb0a88
                                                                            • Instruction Fuzzy Hash: 2E51F975508300AFD714EF24C88AAABBBE8FF89754F40892DF695D7251EB34D904CB92
                                                                            Function 007F1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free
                                                                            • String ID:
                                                                            • API String ID: 269201875-0
                                                                            • Opcode ID: 32fa48d7415a19909b8190b49d30b651249d8c61a608c21a9ee576cc2183b6e4
                                                                            • Instruction ID: f3aa2bdd580eb7ddab53caec05328eafaf2aee629d84bff199b61a06b2966724
                                                                            • Opcode Fuzzy Hash: 32fa48d7415a19909b8190b49d30b651249d8c61a608c21a9ee576cc2183b6e4
                                                                            • Instruction Fuzzy Hash: C441313250018CEBDB256BFD9C496BE3AB4FF85370F544226F619D7392E63C48415671
                                                                            Function 00846278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowRect.USER32(?,?), ref: 008462E2
                                                                            • ScreenToClient.USER32(?,?), ref: 00846315
                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00846382
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ClientMoveRectScreen
                                                                            • String ID:
                                                                            • API String ID: 3880355969-0
                                                                            • Opcode ID: 2828b9dcdc0ff39fcd2a647ef75036aed9943d27a0681dfa6a50cc024acf4ee1
                                                                            • Instruction ID: bb55c95fea430547b117a4c240ea1e73ca96b1ca5a051c331e0bd50b3f548383
                                                                            • Opcode Fuzzy Hash: 2828b9dcdc0ff39fcd2a647ef75036aed9943d27a0681dfa6a50cc024acf4ee1
                                                                            • Instruction Fuzzy Hash: 0A513A74A00249EFCF14DF68D884AAE7BB5FB46364F108259F815DB290E770ED91CB51
                                                                            Function 00831AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 00831AFD
                                                                            • WSAGetLastError.WSOCK32 ref: 00831B0B
                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00831B8A
                                                                            • WSAGetLastError.WSOCK32 ref: 00831B94
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$socket
                                                                            • String ID:
                                                                            • API String ID: 1881357543-0
                                                                            • Opcode ID: 6665deaf2a74a8f154abda4d0dcd73083c38112c0f1c769ecec0018287a561a9
                                                                            • Instruction ID: edd746a5e746f2c5cc8df41684abfb45bdde96bb1e0a2ce7b018a806f65d2597
                                                                            • Opcode Fuzzy Hash: 6665deaf2a74a8f154abda4d0dcd73083c38112c0f1c769ecec0018287a561a9
                                                                            • Instruction Fuzzy Hash: 0E419035600200AFEB20AF24C88AF6677E5EB85718F54849CFA1A9F2D2D776DD41CBD0
                                                                            Function 007EB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9108068d1149ba4d5a2882e77cbfdcb03d7c964b29cede1f05f572c0f4e29ca0
                                                                            • Instruction ID: 17ec7b6c3e38fc777425bb7cecab36a53ab7f859e837c94d787e9d951dba0b42
                                                                            • Opcode Fuzzy Hash: 9108068d1149ba4d5a2882e77cbfdcb03d7c964b29cede1f05f572c0f4e29ca0
                                                                            • Instruction Fuzzy Hash: 2741E4B2A01384EFD7249F79CC45B6BBFA9EB8D710F10452AF542DB2C2D779A9118780
                                                                            Function 008256D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00825783
                                                                            • GetLastError.KERNEL32(?,00000000), ref: 008257A9
                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 008257CE
                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 008257FA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                            • String ID:
                                                                            • API String ID: 3321077145-0
                                                                            • Opcode ID: 98d15047776dfd438f62c5f904add460fbdc1dd46be7705f111a0fc12e407fe0
                                                                            • Instruction ID: c7ba3682f19bdefb39a0457eb554ffafce1564d766c87f88b9f208be4261ab9e
                                                                            • Opcode Fuzzy Hash: 98d15047776dfd438f62c5f904add460fbdc1dd46be7705f111a0fc12e407fe0
                                                                            • Instruction Fuzzy Hash: 58412B39600610DFCB25DF15C445A5EBBE6FF89320B18C498E84AAB762CB74FD40CB91
                                                                            Function 007ED8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,007D6D71,00000000,00000000,007D82D9,?,007D82D9,?,00000001,007D6D71,?,00000001,007D82D9,007D82D9), ref: 007ED910
                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007ED999
                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 007ED9AB
                                                                            • __freea.LIBCMT ref: 007ED9B4
                                                                              • Part of subcall function 007E3820: RtlAllocateHeap.NTDLL(00000000,?,00881444,?,007CFDF5,?,?,007BA976,00000010,00881440,007B13FC,?,007B13C6,?,007B1129), ref: 007E3852
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                            • String ID:
                                                                            • API String ID: 2652629310-0
                                                                            • Opcode ID: a8d5c3998b6dea91c73d238f89002388254ce34ab4ff39e2401e3b881ae8f801
                                                                            • Instruction ID: 62d11487300ae86361eefad162754f9d9428c169aa3a29dc2cd312f2552c3e88
                                                                            • Opcode Fuzzy Hash: a8d5c3998b6dea91c73d238f89002388254ce34ab4ff39e2401e3b881ae8f801
                                                                            • Instruction Fuzzy Hash: AD31FE72A0124AABDF24CF66DC45EAE7BA5EF45310F054169FC04DB252EB39ED50CBA0
                                                                            Function 008452C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00845352
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00845375
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00845382
                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008453A8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                                            • String ID:
                                                                            • API String ID: 3340791633-0
                                                                            • Opcode ID: e62ed31fd5d1e050d23eba2cf42c4e8730d469434b17556289a5c05035504dc3
                                                                            • Instruction ID: 1155d0d8da569597d5be3e2e3f786d0f05c4c3c0c44215608415496398a0ba32
                                                                            • Opcode Fuzzy Hash: e62ed31fd5d1e050d23eba2cf42c4e8730d469434b17556289a5c05035504dc3
                                                                            • Instruction Fuzzy Hash: D7319E34A55A0CEFEB209E14CC19BED77A5FB06394F584145FA11D63E2C7B49D40DB41
                                                                            Function 0081AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 0081ABF1
                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 0081AC0D
                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 0081AC74
                                                                            • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 0081ACC6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                            • String ID:
                                                                            • API String ID: 432972143-0
                                                                            • Opcode ID: 32992018e734a913a8e53b8ba64cb2e32f1250e21b4bcc7aea413c9b6f1279a0
                                                                            • Instruction ID: 6f33f02a91c2618ca841ad655a6c3c4291f9daa839fc37c28b1edfc861fe1440
                                                                            • Opcode Fuzzy Hash: 32992018e734a913a8e53b8ba64cb2e32f1250e21b4bcc7aea413c9b6f1279a0
                                                                            • Instruction Fuzzy Hash: 1E31F270A02618AFEB39CB69C8047FA7BAEFF89310F04421AE485D22D1D37589C587D2
                                                                            Function 00847674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ClientToScreen.USER32(?,?), ref: 0084769A
                                                                            • GetWindowRect.USER32(?,?), ref: 00847710
                                                                            • PtInRect.USER32(?,?,00848B89), ref: 00847720
                                                                            • MessageBeep.USER32(00000000), ref: 0084778C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                            • String ID:
                                                                            • API String ID: 1352109105-0
                                                                            • Opcode ID: ee4ace036fc9b6b76380c39d2c90543b1b0013ae8466de1f196d4961695f139d
                                                                            • Instruction ID: 2192f2049da4cba4b1fbd9aed070848eecea182820d74dfd39f7364943461e58
                                                                            • Opcode Fuzzy Hash: ee4ace036fc9b6b76380c39d2c90543b1b0013ae8466de1f196d4961695f139d
                                                                            • Instruction Fuzzy Hash: 3F41A038605259DFDB11CF58C898EA9BBF9FF49314F9680A9E414DB261C730E942CF90
                                                                            Function 008416DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetForegroundWindow.USER32 ref: 008416EB
                                                                              • Part of subcall function 00813A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00813A57
                                                                              • Part of subcall function 00813A3D: GetCurrentThreadId.KERNEL32 ref: 00813A5E
                                                                              • Part of subcall function 00813A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008125B3), ref: 00813A65
                                                                            • GetCaretPos.USER32(?), ref: 008416FF
                                                                            • ClientToScreen.USER32(00000000,?), ref: 0084174C
                                                                            • GetForegroundWindow.USER32 ref: 00841752
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                            • String ID:
                                                                            • API String ID: 2759813231-0
                                                                            • Opcode ID: a91f512321ac22e7cbdf84f4e58311c564d3f0978e94eedf9e6c75f0ef576d72
                                                                            • Instruction ID: 0b8d8c4da40f51820a425779c94815b291c13322725b086a4ab5455a2d8e6567
                                                                            • Opcode Fuzzy Hash: a91f512321ac22e7cbdf84f4e58311c564d3f0978e94eedf9e6c75f0ef576d72
                                                                            • Instruction Fuzzy Hash: 28313D75D00149AFCB04EFA9C8859EEBBFDFF48304B5480AAE415E7211D6359E45CBA1
                                                                            Function 0081DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625
                                                                            • _wcslen.LIBCMT ref: 0081DFCB
                                                                            • _wcslen.LIBCMT ref: 0081DFE2
                                                                            • _wcslen.LIBCMT ref: 0081E00D
                                                                            • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0081E018
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$ExtentPoint32Text
                                                                            • String ID:
                                                                            • API String ID: 3763101759-0
                                                                            • Opcode ID: 22fabb79f9fbbd2daafa28e131aebcb667a28093c113d98fa66a7745a542ecb0
                                                                            • Instruction ID: ff5705144ecf747d79a906bb6658590d888e378fda7c29b0378acbda2546a94a
                                                                            • Opcode Fuzzy Hash: 22fabb79f9fbbd2daafa28e131aebcb667a28093c113d98fa66a7745a542ecb0
                                                                            • Instruction Fuzzy Hash: 9921BF71900614EFCB209FA8D881BAEB7F8FF49750F144069E805FB342D6749E41CBA1
                                                                            Function 00848FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                            • GetCursorPos.USER32(?), ref: 00849001
                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00807711,?,?,?,?,?), ref: 00849016
                                                                            • GetCursorPos.USER32(?), ref: 0084905E
                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00807711,?,?,?), ref: 00849094
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                            • String ID:
                                                                            • API String ID: 2864067406-0
                                                                            • Opcode ID: 9c3dc55b092400d9bd754e59ab5f6aa56974abd71316e4b1acb6b22b8b7d18a7
                                                                            • Instruction ID: 895513a63db2c0a3cc037b4a17a9b0046352f141bfd8e24ea4f8b01b62a8e786
                                                                            • Opcode Fuzzy Hash: 9c3dc55b092400d9bd754e59ab5f6aa56974abd71316e4b1acb6b22b8b7d18a7
                                                                            • Instruction Fuzzy Hash: 9F21AB35601418EFDB25CF98CC58EEB7BB9FB8A350F014069F9458B261C735A990DB60
                                                                            Function 0081D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileAttributesW.KERNEL32(?,0084CB68), ref: 0081D2FB
                                                                            • GetLastError.KERNEL32 ref: 0081D30A
                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 0081D319
                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0084CB68), ref: 0081D376
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                            • String ID:
                                                                            • API String ID: 2267087916-0
                                                                            • Opcode ID: 8b54ba8a630571cf7ead8ff8fb40e39efc4b37852b22a00fb85a8c930b7c5dcf
                                                                            • Instruction ID: a462225bb752836ea9add0e225db0aaadaa41b232c6f82c28d2365f80847a51a
                                                                            • Opcode Fuzzy Hash: 8b54ba8a630571cf7ead8ff8fb40e39efc4b37852b22a00fb85a8c930b7c5dcf
                                                                            • Instruction Fuzzy Hash: 90216D74509301DF8710DF28C885AAAB7ECFE56364F104A1DF4A9C73A1EB359986CB93
                                                                            Function 00811571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00811014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0081102A
                                                                              • Part of subcall function 00811014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00811036
                                                                              • Part of subcall function 00811014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811045
                                                                              • Part of subcall function 00811014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0081104C
                                                                              • Part of subcall function 00811014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00811062
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008115BE
                                                                            • _memcmp.LIBVCRUNTIME ref: 008115E1
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00811617
                                                                            • HeapFree.KERNEL32(00000000), ref: 0081161E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                            • String ID:
                                                                            • API String ID: 1592001646-0
                                                                            • Opcode ID: 5b592aac3eb90ee84384de33dfdb77ccadc5c668f7b27132b5841e26f9b9f257
                                                                            • Instruction ID: 2f0dd5b005da9f80202475da1c0be02c6201c66e130a7a0070ef5d4b5b12f4bd
                                                                            • Opcode Fuzzy Hash: 5b592aac3eb90ee84384de33dfdb77ccadc5c668f7b27132b5841e26f9b9f257
                                                                            • Instruction Fuzzy Hash: 0C215531E01108ABDF00DFA4C949BEEB7B9FF94344F084459E541AB241E731AA85CBA0
                                                                            Function 00842782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 0084280A
                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00842824
                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00842832
                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00842840
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long$AttributesLayered
                                                                            • String ID:
                                                                            • API String ID: 2169480361-0
                                                                            • Opcode ID: 459599d348c72a4074221c6d1f30f13f0f7a81e4666e00cc7af659d3dca8b06f
                                                                            • Instruction ID: 6d6edc6f218f67560697b2ee54c1284ed801a6fc73095bf80e1ca62de043452d
                                                                            • Opcode Fuzzy Hash: 459599d348c72a4074221c6d1f30f13f0f7a81e4666e00cc7af659d3dca8b06f
                                                                            • Instruction Fuzzy Hash: 7021D335209119AFD714DB24C844FAA7B99FF46324F158258F826CB6E2CB75FC42CB91
                                                                            Function 008178F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00818D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0081790A,?,000000FF,?,00818754,00000000,?,0000001C,?,?), ref: 00818D8C
                                                                              • Part of subcall function 00818D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00818DB2
                                                                              • Part of subcall function 00818D7D: lstrcmpiW.KERNEL32(00000000,?,0081790A,?,000000FF,?,00818754,00000000,?,0000001C,?,?), ref: 00818DE3
                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00818754,00000000,?,0000001C,?,?,00000000), ref: 00817923
                                                                            • lstrcpyW.KERNEL32(00000000,?), ref: 00817949
                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,00818754,00000000,?,0000001C,?,?,00000000), ref: 00817984
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                            • String ID: cdecl
                                                                            • API String ID: 4031866154-3896280584
                                                                            • Opcode ID: a89660e2b35abb6c13fdb6a1ac615492b6f359d3664075f7f3230b8d64516ecd
                                                                            • Instruction ID: fa8c2db5284cc1c2cf2ba900f07e2d27de3cadca98e5b613c606a79864a0dbb5
                                                                            • Opcode Fuzzy Hash: a89660e2b35abb6c13fdb6a1ac615492b6f359d3664075f7f3230b8d64516ecd
                                                                            • Instruction Fuzzy Hash: AA11D33A201302ABCB159F38D845EBA7BBDFF95350B50802EF946C72A4EB359855C7A1
                                                                            Function 00847CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00847D0B
                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00847D2A
                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00847D42
                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0082B7AD,00000000), ref: 00847D6B
                                                                              • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long
                                                                            • String ID:
                                                                            • API String ID: 847901565-0
                                                                            • Opcode ID: c050399ff5e834137a3bcc14b2a59bbf8e53bebd721d06c56e078df5a18b5a02
                                                                            • Instruction ID: 87094aa5715eee062c8cb7f1d4169a6ab2205526acabfd8d8aded194f60d2b02
                                                                            • Opcode Fuzzy Hash: c050399ff5e834137a3bcc14b2a59bbf8e53bebd721d06c56e078df5a18b5a02
                                                                            • Instruction Fuzzy Hash: DC117235615619AFCB109F68CC08B6A3BA9FF46360B158728F939D72F0E7349D51CB50
                                                                            Function 00845660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 008456BB
                                                                            • _wcslen.LIBCMT ref: 008456CD
                                                                            • _wcslen.LIBCMT ref: 008456D8
                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00845816
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend_wcslen
                                                                            • String ID:
                                                                            • API String ID: 455545452-0
                                                                            • Opcode ID: 0e4d1f276634818fcb86b1a879e1d557200c8c2cdf8c1fb243c237ff707999ff
                                                                            • Instruction ID: 3484552f2f3c67d321c276cb60f82bb38d1ce680c39090847b957b44be3e2dbf
                                                                            • Opcode Fuzzy Hash: 0e4d1f276634818fcb86b1a879e1d557200c8c2cdf8c1fb243c237ff707999ff
                                                                            • Instruction Fuzzy Hash: 9111D67560060CA7DF209F65DC85AEE7B7CFF11768B104026F915D6182EB74D984CB64
                                                                            Function 007E1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a274c5cf5801c76e1aa9d3645680ea80ecbe37bb4d67c34d36d2e2504d840e92
                                                                            • Instruction ID: fe290e7e2c72f60db6776a24b9c03c6fedfcdf2f563bb5cfae85e83dbc079d88
                                                                            • Opcode Fuzzy Hash: a274c5cf5801c76e1aa9d3645680ea80ecbe37bb4d67c34d36d2e2504d840e92
                                                                            • Instruction Fuzzy Hash: 880126B230768A7EF620567A6CC6F27261CEF893B8F710325F520611D2DB788C008230
                                                                            Function 00811A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00811A47
                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00811A59
                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00811A6F
                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00811A8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID:
                                                                            • API String ID: 3850602802-0
                                                                            • Opcode ID: fbab5c9d7572e63aaca50371be4c4583fe74d3473cbe7cff835f32adddc45524
                                                                            • Instruction ID: c4ce0156bd020ed29fc44fdca4a23a53a34c0b2258e02c5a40e9d9a51a564818
                                                                            • Opcode Fuzzy Hash: fbab5c9d7572e63aaca50371be4c4583fe74d3473cbe7cff835f32adddc45524
                                                                            • Instruction Fuzzy Hash: 3811157A901229FFEF109BA48985FADBB78FF08750F200091EA00B7290D6716E50DB94
                                                                            Function 0081E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentThreadId.KERNEL32 ref: 0081E1FD
                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 0081E230
                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0081E246
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0081E24D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                            • String ID:
                                                                            • API String ID: 2880819207-0
                                                                            • Opcode ID: f93c5fd011f796ec07efb20c578a342a3d16b6d9f3852c41420741f68444ab7d
                                                                            • Instruction ID: 5ed4ae3820332df490a8b6845d92a328e42ffdddab12b8037817139b0a97c0fd
                                                                            • Opcode Fuzzy Hash: f93c5fd011f796ec07efb20c578a342a3d16b6d9f3852c41420741f68444ab7d
                                                                            • Instruction Fuzzy Hash: 4511A176A04258ABCB119FACAC09ADA7BACFF46320F144255F925E3391D7B49D4487A0
                                                                            Function 007DD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateThread.KERNEL32(00000000,?,007DCFF9,00000000,00000004,00000000), ref: 007DD218
                                                                            • GetLastError.KERNEL32 ref: 007DD224
                                                                            • __dosmaperr.LIBCMT ref: 007DD22B
                                                                            • ResumeThread.KERNEL32(00000000), ref: 007DD249
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                            • String ID:
                                                                            • API String ID: 173952441-0
                                                                            • Opcode ID: 352b6130a77ccbddf48526a7e6c906f66062611a2b1cc07181f9c0b731c8a6d0
                                                                            • Instruction ID: e6c4c804c30b0d03289cef334efb6de2e75e4b90f32bfcfe37204c785bc332aa
                                                                            • Opcode Fuzzy Hash: 352b6130a77ccbddf48526a7e6c906f66062611a2b1cc07181f9c0b731c8a6d0
                                                                            • Instruction Fuzzy Hash: 7E01D236806208BBCB215BA5DC09BAE7A7DFF82330F10021BF925923D0DB799D01C6A0
                                                                            Function 00849EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007C9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 007C9BB2
                                                                            • GetClientRect.USER32(?,?), ref: 00849F31
                                                                            • GetCursorPos.USER32(?), ref: 00849F3B
                                                                            • ScreenToClient.USER32(?,?), ref: 00849F46
                                                                            • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00849F7A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Client$CursorLongProcRectScreenWindow
                                                                            • String ID:
                                                                            • API String ID: 4127811313-0
                                                                            • Opcode ID: 680494a3136c8c5fcfdb74acc64cad369d0280f335facc23a24a5b0c55ed1445
                                                                            • Instruction ID: 5cafb044af27647778c73202dd575c9ba5e31d02f2852246e480be5465c7f854
                                                                            • Opcode Fuzzy Hash: 680494a3136c8c5fcfdb74acc64cad369d0280f335facc23a24a5b0c55ed1445
                                                                            • Instruction Fuzzy Hash: 9811363690111EABDB20DFA8D8499EE77BCFB46311F000455F941E3140DB34BE86CBA1
                                                                            Function 007B600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007B604C
                                                                            • GetStockObject.GDI32(00000011), ref: 007B6060
                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 007B606A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                            • String ID:
                                                                            • API String ID: 3970641297-0
                                                                            • Opcode ID: 045f1a72f3a26d05369785865b7cb313a5ddb26b8ebb23e05a574f5b3063e17a
                                                                            • Instruction ID: 3309361e98cc23b9cd5a51cf7ca7c9fe72dea1382fae584b3c3a91f7236cf04a
                                                                            • Opcode Fuzzy Hash: 045f1a72f3a26d05369785865b7cb313a5ddb26b8ebb23e05a574f5b3063e17a
                                                                            • Instruction Fuzzy Hash: 6D115B72502508BFEF529FA59C44EFABBADFF197A4F040216FB1452120D73A9C60DBA0
                                                                            Function 007D3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 007D3B56
                                                                              • Part of subcall function 007D3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 007D3AD2
                                                                              • Part of subcall function 007D3AA3: ___AdjustPointer.LIBCMT ref: 007D3AED
                                                                            • _UnwindNestedFrames.LIBCMT ref: 007D3B6B
                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 007D3B7C
                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 007D3BA4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                            • String ID:
                                                                            • API String ID: 737400349-0
                                                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                            • Instruction ID: cce51fc8d84b2eb94deed27e5dbd3e9b0634cff22a8469cc805a35ee2300c8b5
                                                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                            • Instruction Fuzzy Hash: 0C012D72100148BBDF115F95CC46DEB3F7AEF48754F04401AFE4856221C73AE961DBA1
                                                                            Function 007E3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,007B13C6,00000000,00000000,?,007E301A,007B13C6,00000000,00000000,00000000,?,007E328B,00000006,FlsSetValue), ref: 007E30A5
                                                                            • GetLastError.KERNEL32(?,007E301A,007B13C6,00000000,00000000,00000000,?,007E328B,00000006,FlsSetValue,00852290,FlsSetValue,00000000,00000364,?,007E2E46), ref: 007E30B1
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,007E301A,007B13C6,00000000,00000000,00000000,?,007E328B,00000006,FlsSetValue,00852290,FlsSetValue,00000000), ref: 007E30BF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad$ErrorLast
                                                                            • String ID:
                                                                            • API String ID: 3177248105-0
                                                                            • Opcode ID: 21b25d95abe8e4727473bc62f650161a6e36fb394b710fd07915f4c96f78dbe8
                                                                            • Instruction ID: ffe4ef273f0a4e12a9df7f7297eb37be5b9a71668a13bdf0df0555b1d2048d34
                                                                            • Opcode Fuzzy Hash: 21b25d95abe8e4727473bc62f650161a6e36fb394b710fd07915f4c96f78dbe8
                                                                            • Instruction Fuzzy Hash: 1601F736303266ABCB718B7A9C4CA677B9EBF4AB61B200720F905E3140C729D901C6E0
                                                                            Function 00817464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0081747F
                                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00817497
                                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 008174AC
                                                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 008174CA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                                            • String ID:
                                                                            • API String ID: 1352324309-0
                                                                            • Opcode ID: 650b28fb4d1f4606f36a3286b1f94754efeb9c36d5742fb40b42ceb42fb32aae
                                                                            • Instruction ID: 075e860acb4a582f8c5229e99f74c871f2bc8db29abf888d9e46979e1510225f
                                                                            • Opcode Fuzzy Hash: 650b28fb4d1f4606f36a3286b1f94754efeb9c36d5742fb40b42ceb42fb32aae
                                                                            • Instruction Fuzzy Hash: 99118BB9206315ABE7208F18DD08FD27BFCFF00B04F10856EA656D6191DBB0E984DBA4
                                                                            Function 0081B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B0C4
                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B0E9
                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B0F3
                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0081ACD3,?,00008000), ref: 0081B126
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CounterPerformanceQuerySleep
                                                                            • String ID:
                                                                            • API String ID: 2875609808-0
                                                                            • Opcode ID: 48a2ef8fb6b148cdac123c23a5e487312f96d426a28dff42fe670c231cd38b89
                                                                            • Instruction ID: da1fa793a2001e17270a5096d12a3f86bbcd1b0f2dc09c75e3182ef8c50a4a9d
                                                                            • Opcode Fuzzy Hash: 48a2ef8fb6b148cdac123c23a5e487312f96d426a28dff42fe670c231cd38b89
                                                                            • Instruction Fuzzy Hash: 38113931C0292DE7CF00AFE4E958AEEBB7CFF0A711F114089D955B2181DB309690CB51
                                                                            Function 00847E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowRect.USER32(?,?), ref: 00847E33
                                                                            • ScreenToClient.USER32(?,?), ref: 00847E4B
                                                                            • ScreenToClient.USER32(?,?), ref: 00847E6F
                                                                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00847E8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                                            • String ID:
                                                                            • API String ID: 357397906-0
                                                                            • Opcode ID: 650e60726384ca0732650777651d1df83275e1d1b7f884e1c791fbf75fad9e48
                                                                            • Instruction ID: 0ddbd39e18f86e502b8d5086b5f87fbfb66fe1da482e0a9919193be094b3d241
                                                                            • Opcode Fuzzy Hash: 650e60726384ca0732650777651d1df83275e1d1b7f884e1c791fbf75fad9e48
                                                                            • Instruction Fuzzy Hash: 771153B9D0020AAFDB41CF98C884AEEBBF9FF19310F509166E915E3210D735AA54CF90
                                                                            Function 00812DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00812DC5
                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00812DD6
                                                                            • GetCurrentThreadId.KERNEL32 ref: 00812DDD
                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00812DE4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                            • String ID:
                                                                            • API String ID: 2710830443-0
                                                                            • Opcode ID: ee6c6068d4d00478175ac7889816a09b3f5d876ebf92eab2c29cb7e5b680033f
                                                                            • Instruction ID: 47df54622771c2c631a9e814110f028368c56dbe4443fc2fb7b64ba95f0b0cba
                                                                            • Opcode Fuzzy Hash: ee6c6068d4d00478175ac7889816a09b3f5d876ebf92eab2c29cb7e5b680033f
                                                                            • Instruction Fuzzy Hash: 35E0EDB56022287AD7601BA2EC0DEEB7E6CFF57BA1F414119B506D10909AA58981C6B1
                                                                            Function 00848863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007C9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007C9693
                                                                              • Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96A2
                                                                              • Part of subcall function 007C9639: BeginPath.GDI32(?), ref: 007C96B9
                                                                              • Part of subcall function 007C9639: SelectObject.GDI32(?,00000000), ref: 007C96E2
                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00848887
                                                                            • LineTo.GDI32(?,?,?), ref: 00848894
                                                                            • EndPath.GDI32(?), ref: 008488A4
                                                                            • StrokePath.GDI32(?), ref: 008488B2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                            • String ID:
                                                                            • API String ID: 1539411459-0
                                                                            • Opcode ID: 1d02b8c2d0304f3b9224204003e37026857f277bb04c0cdb940d10920d9ff681
                                                                            • Instruction ID: 20a38d9ed3dd85ae02279bfa6b9c1a4f6ad8188e8f8fe8181ec2984ddeb694ae
                                                                            • Opcode Fuzzy Hash: 1d02b8c2d0304f3b9224204003e37026857f277bb04c0cdb940d10920d9ff681
                                                                            • Instruction Fuzzy Hash: FFF03A3A042658FADB125F94AC0DFCE3F5DBF16310F448100FA11650E2CB795511CBA9
                                                                            Function 007C98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSysColor.USER32(00000008), ref: 007C98CC
                                                                            • SetTextColor.GDI32(?,?), ref: 007C98D6
                                                                            • SetBkMode.GDI32(?,00000001), ref: 007C98E9
                                                                            • GetStockObject.GDI32(00000005), ref: 007C98F1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$ModeObjectStockText
                                                                            • String ID:
                                                                            • API String ID: 4037423528-0
                                                                            • Opcode ID: bb042d19db3b5bb4f6906f3dc882655ad4791df2d0d743e664fc3f8eb4fca947
                                                                            • Instruction ID: 87c73e50b79ce0d56a9dc8e4514ff6f1d15e70f6bbe25832d6a4961b6a7a5c5d
                                                                            • Opcode Fuzzy Hash: bb042d19db3b5bb4f6906f3dc882655ad4791df2d0d743e664fc3f8eb4fca947
                                                                            • Instruction Fuzzy Hash: 10E06D35645680AAEBA15B74AC09BE83F24FB16336F04821AF7FA980E1C7715640DB10
                                                                            Function 0081162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCurrentThread.KERNEL32 ref: 00811634
                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,008111D9), ref: 0081163B
                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,008111D9), ref: 00811648
                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,008111D9), ref: 0081164F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentOpenProcessThreadToken
                                                                            • String ID:
                                                                            • API String ID: 3974789173-0
                                                                            • Opcode ID: a078a80f433d401bac9efca365a8b1257342b8008e380df04017da6c866e0e6d
                                                                            • Instruction ID: e64f9d6bbc5286c102c18ad84a9b7e0be76c1581370867597684db660c95620a
                                                                            • Opcode Fuzzy Hash: a078a80f433d401bac9efca365a8b1257342b8008e380df04017da6c866e0e6d
                                                                            • Instruction Fuzzy Hash: AEE04F356022119BDBA01FA19D0DB867B6CFF56791F144809F246C9090D6644480CB50
                                                                            Function 0080D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDesktopWindow.USER32 ref: 0080D858
                                                                            • GetDC.USER32(00000000), ref: 0080D862
                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0080D882
                                                                            • ReleaseDC.USER32(?), ref: 0080D8A3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                            • String ID:
                                                                            • API String ID: 2889604237-0
                                                                            • Opcode ID: 71af866e893cf2f108df2042461eec6fefa9a422a0a2af59f33a3eb0dc9d6d73
                                                                            • Instruction ID: 13321e3ed673f8acc9d190eacb0a759ad6745cbe7fdaf895e1cfbf6239a866b8
                                                                            • Opcode Fuzzy Hash: 71af866e893cf2f108df2042461eec6fefa9a422a0a2af59f33a3eb0dc9d6d73
                                                                            • Instruction Fuzzy Hash: 1AE01AB9801204DFCB919FA0D80CA6DBBB9FB19310F15D45DF806E7260C7388941EF40
                                                                            Function 0080D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDesktopWindow.USER32 ref: 0080D86C
                                                                            • GetDC.USER32(00000000), ref: 0080D876
                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0080D882
                                                                            • ReleaseDC.USER32(?), ref: 0080D8A3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                            • String ID:
                                                                            • API String ID: 2889604237-0
                                                                            • Opcode ID: 92930487ac24d5aeb003586e5637af17dc9f4d468713c256e5f06a10f4043d81
                                                                            • Instruction ID: fb8f7df383d276537f4b873886af573eceff8f8f58ac5c3633cf56e53c440740
                                                                            • Opcode Fuzzy Hash: 92930487ac24d5aeb003586e5637af17dc9f4d468713c256e5f06a10f4043d81
                                                                            • Instruction Fuzzy Hash: 03E012B9801200EFCB91AFA0D80CA6DBBB9BB18310B15904DF80AE7260CB385901EF40
                                                                            Function 00824D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B7620: _wcslen.LIBCMT ref: 007B7625
                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00824ED4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Connection_wcslen
                                                                            • String ID: *$LPT
                                                                            • API String ID: 1725874428-3443410124
                                                                            • Opcode ID: 4486a246dbeed911b2aa277a325ae5d32884325d52cca0758779172d297efda7
                                                                            • Instruction ID: e455c64542f3f60f92b3bc824cbfb99804a26d372fdb64951ebe8365511e19c9
                                                                            • Opcode Fuzzy Hash: 4486a246dbeed911b2aa277a325ae5d32884325d52cca0758779172d297efda7
                                                                            • Instruction Fuzzy Hash: 90915D75A00214DFDB14DF54D584EA9BBF1FF84308F199099E80A9B3A2CB35ED85CBA1
                                                                            Function 007DE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __startOneArgErrorHandling.LIBCMT ref: 007DE30D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorHandling__start
                                                                            • String ID: pow
                                                                            • API String ID: 3213639722-2276729525
                                                                            • Opcode ID: c24ba329d51ee94fb4fec6408fa400269111273a5592d596e66f879c91bccf1c
                                                                            • Instruction ID: d1aca00e533d87af2d3d85465686fa6d49425c17236073528bbe33e1683875b8
                                                                            • Opcode Fuzzy Hash: c24ba329d51ee94fb4fec6408fa400269111273a5592d596e66f879c91bccf1c
                                                                            • Instruction Fuzzy Hash: 55517D61A0D24296CB1BB715CD453793BB8FB44741F34899AF0D54A3E9EF3C8C81DA46
                                                                            Function 007CE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: #
                                                                            • API String ID: 0-1885708031
                                                                            • Opcode ID: 731caa0cacfd3f05764a35a1f52625675a7d55b90583395a9d3c5173bf92b4da
                                                                            • Instruction ID: a0e0574afa566caabd0df11704e73db328291abee784368646056cd2d93df8d9
                                                                            • Opcode Fuzzy Hash: 731caa0cacfd3f05764a35a1f52625675a7d55b90583395a9d3c5173bf92b4da
                                                                            • Instruction Fuzzy Hash: 4A513335601246DFDB25DF28C885BFA7BA8FF55310F24845DE891DB2C0DA389D42CBA0
                                                                            Function 007CF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Sleep.KERNEL32(00000000), ref: 007CF2A2
                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 007CF2BB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: GlobalMemorySleepStatus
                                                                            • String ID: @
                                                                            • API String ID: 2783356886-2766056989
                                                                            • Opcode ID: 4231ab75b2eb5cab69395742c67e2dbbb786614f2f3ecc27fb58f946dee20a4e
                                                                            • Instruction ID: 3bde580d16c01c80ca60aa0703b44a4a87176a18361d47c7f36ffcf31841fa65
                                                                            • Opcode Fuzzy Hash: 4231ab75b2eb5cab69395742c67e2dbbb786614f2f3ecc27fb58f946dee20a4e
                                                                            • Instruction Fuzzy Hash: 26512472418744DBD320AF10D88ABABBBF8FB84300F85885DF199811A5EB748529CB67
                                                                            Function 00835745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 008357E0
                                                                            • _wcslen.LIBCMT ref: 008357EC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BuffCharUpper_wcslen
                                                                            • String ID: CALLARGARRAY
                                                                            • API String ID: 157775604-1150593374
                                                                            • Opcode ID: 2a8cbcd6c6a20a1b1ad6bedc6c3ee26c616fc7a4865f1bb77bcf05fc963859a6
                                                                            • Instruction ID: 9b4aa4ad0486f56b69684687b479536400e46f84f8c4f47c98e3771e86572609
                                                                            • Opcode Fuzzy Hash: 2a8cbcd6c6a20a1b1ad6bedc6c3ee26c616fc7a4865f1bb77bcf05fc963859a6
                                                                            • Instruction Fuzzy Hash: CE417B71A00209DFCB14EFA9C8869AEBBB5FF99724F14406DE505E7291E7349D81CBA0
                                                                            Function 0082D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 0082D130
                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0082D13A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CrackInternet_wcslen
                                                                            • String ID: |
                                                                            • API String ID: 596671847-2343686810
                                                                            • Opcode ID: e6bdfb16a3302687b4c644f36a6cbc6ef092c59fb416fecf6aec27b1ca3c13bc
                                                                            • Instruction ID: 90cb027f29bb1966fd41cade51f9b97d776b7f7d4da69dfbe65080a66a028a56
                                                                            • Opcode Fuzzy Hash: e6bdfb16a3302687b4c644f36a6cbc6ef092c59fb416fecf6aec27b1ca3c13bc
                                                                            • Instruction Fuzzy Hash: DA313D71D00219EBCF15EFA4DC89AEEBFB9FF04304F100019F915A61A2E735AA56CB50
                                                                            Function 0084356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 00843621
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0084365C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$DestroyMove
                                                                            • String ID: static
                                                                            • API String ID: 2139405536-2160076837
                                                                            • Opcode ID: cde8ff80f452406edd14703b4eca76a618658a3134d7b99c46acd22e846fe70e
                                                                            • Instruction ID: b38273474efd00566f789cc8dc224cdf0dea4106e98ef89d1b150c0d8388403b
                                                                            • Opcode Fuzzy Hash: cde8ff80f452406edd14703b4eca76a618658a3134d7b99c46acd22e846fe70e
                                                                            • Instruction Fuzzy Hash: 2E318B71100208AEDB109F28DC81FFB73A9FF98724F01961DF9A5D7280DA34AD91D760
                                                                            Function 00844537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0084461F
                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00844634
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: '
                                                                            • API String ID: 3850602802-1997036262
                                                                            • Opcode ID: ddc320d0b2ac1850c42bd35a704b1aa1591d15bcea3de07d3f71126650ad9518
                                                                            • Instruction ID: c4464c42456f18ed92abcffdef0fb7452e3bce76c10ba5e013144f27457a82e5
                                                                            • Opcode Fuzzy Hash: ddc320d0b2ac1850c42bd35a704b1aa1591d15bcea3de07d3f71126650ad9518
                                                                            • Instruction Fuzzy Hash: C1311674A0120A9FEF14CFA9C981BDABBB5FB09304F11516AE904EB341E770A941CF90
                                                                            Function 008431EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0084327C
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00843287
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: Combobox
                                                                            • API String ID: 3850602802-2096851135
                                                                            • Opcode ID: 0f3fc38bb4fa408a60f52cc42f8321a926c22700b88828db42fa5a3438f93434
                                                                            • Instruction ID: 56c278f566167a7f9c7c240396078fed9a4896da22fac78da8aee52565d0a99f
                                                                            • Opcode Fuzzy Hash: 0f3fc38bb4fa408a60f52cc42f8321a926c22700b88828db42fa5a3438f93434
                                                                            • Instruction Fuzzy Hash: C811E27130021CBFFF219E54DC84EBB376AFB94365F104129F918E7290D6B19D518760
                                                                            Function 00843710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 007B604C
                                                                              • Part of subcall function 007B600E: GetStockObject.GDI32(00000011), ref: 007B6060
                                                                              • Part of subcall function 007B600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 007B606A
                                                                            • GetWindowRect.USER32(00000000,?), ref: 0084377A
                                                                            • GetSysColor.USER32(00000012), ref: 00843794
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                            • String ID: static
                                                                            • API String ID: 1983116058-2160076837
                                                                            • Opcode ID: 98fb6cb6d2af43dfd6a7543cab4fda905cac549e0ee2f579513fbce18c972d3e
                                                                            • Instruction ID: bdebe9097ade9d6eb677833f92052c27917069f6c898326c9138d3eaf3068594
                                                                            • Opcode Fuzzy Hash: 98fb6cb6d2af43dfd6a7543cab4fda905cac549e0ee2f579513fbce18c972d3e
                                                                            • Instruction Fuzzy Hash: 1A1114B2610209AFDB00DFA8CC46AEA7BB8FB19314F014925F995E2250EB35E8519B60
                                                                            Function 0082CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0082CD7D
                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0082CDA6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Internet$OpenOption
                                                                            • String ID: <local>
                                                                            • API String ID: 942729171-4266983199
                                                                            • Opcode ID: 7546942a85d1c6e1dbfb562718d782b7ccfa52b5ba45c7ef3892fb5f4ae9eb21
                                                                            • Instruction ID: 866c55de97b99e9a797e4d49d9dd54627f7970ff85f50d424ab671f10b64b5c5
                                                                            • Opcode Fuzzy Hash: 7546942a85d1c6e1dbfb562718d782b7ccfa52b5ba45c7ef3892fb5f4ae9eb21
                                                                            • Instruction Fuzzy Hash: CF11C675205635BAE7744B669C45EFBBE6CFF127A8F004226B109C3180D7749885D6F0
                                                                            Function 00843429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 008434AB
                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 008434BA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LengthMessageSendTextWindow
                                                                            • String ID: edit
                                                                            • API String ID: 2978978980-2167791130
                                                                            • Opcode ID: 0b05aa99c5084f3edc06199eae86ab3daaf553215719654eefe4616b8dbdac49
                                                                            • Instruction ID: 5ffc070907786c82c05a7ef23b8bbafb895468806aa7979e660796b310a58703
                                                                            • Opcode Fuzzy Hash: 0b05aa99c5084f3edc06199eae86ab3daaf553215719654eefe4616b8dbdac49
                                                                            • Instruction Fuzzy Hash: 1E118C7120020CABEB129E68DC44AEB3B6EFB25378F504324FA65D31E0C775DD519B68
                                                                            Function 00816C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 00816CB6
                                                                            • _wcslen.LIBCMT ref: 00816CC2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharUpper
                                                                            • String ID: STOP
                                                                            • API String ID: 1256254125-2411985666
                                                                            • Opcode ID: 0de969964638197b9059f1a4e327ba514083c316271e4de17f6dedfea8ee5a6e
                                                                            • Instruction ID: fe1d592cee2147167a732a5a081b95cd2af626aef173e5642108d64bb8716bb8
                                                                            • Opcode Fuzzy Hash: 0de969964638197b9059f1a4e327ba514083c316271e4de17f6dedfea8ee5a6e
                                                                            • Instruction Fuzzy Hash: 2001C832A005268BCB209FBDDC859FF77B9FF617147500524E9A2D6194FB35D990C690
                                                                            Function 00811CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                              • Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA
                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00811D4C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: 44c664b64b4fc40eae469592dcfb40b3089f4f476fe2ffc8a953e8b8bd079b3f
                                                                            • Instruction ID: 355a8ff5885acc09cf363920a7c1f8545435a2eda2ff57a6f7f2e6c743d8a9b7
                                                                            • Opcode Fuzzy Hash: 44c664b64b4fc40eae469592dcfb40b3089f4f476fe2ffc8a953e8b8bd079b3f
                                                                            • Instruction Fuzzy Hash: 3E01D875601218AB8F04EBA4DC59DFE776CFF56350B140519FA36A73C1EA345948C660
                                                                            Function 00811BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                              • Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA
                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 00811C46
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: afcc4f6516009f8c547af5e5925e11f1a9e452c6337d5b4a97c9769845ccd119
                                                                            • Instruction ID: 3dbd65f795c5e87bdaf3cc0415f2a458daab8c1434daee9773a16fab64a6404e
                                                                            • Opcode Fuzzy Hash: afcc4f6516009f8c547af5e5925e11f1a9e452c6337d5b4a97c9769845ccd119
                                                                            • Instruction Fuzzy Hash: 24016775781108A7CF14EBA4C959AFFB7ACFF15340F140019BA27B7281EA649E48D6F1
                                                                            Function 00811C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                              • Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA
                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 00811CC8
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: c929876f72f8c983fd04f0f3843675249c88346ce7b9cad841efd8ec880a2e34
                                                                            • Instruction ID: af2df4fd33fa047b78ba71b34cd1b64b27c7ef02900a72a847b160a2c4dac923
                                                                            • Opcode Fuzzy Hash: c929876f72f8c983fd04f0f3843675249c88346ce7b9cad841efd8ec880a2e34
                                                                            • Instruction Fuzzy Hash: 16016775641118A7CF14E7A4CA59AFE77ACFF11340B540015BA16F3281EA659F48C6F1
                                                                            Function 00811D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007B9CB3: _wcslen.LIBCMT ref: 007B9CBD
                                                                              • Part of subcall function 00813CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00813CCA
                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00811DD3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: b9cad59d8d61aa57293a647d1a203afce2228bac2b7668dd5f16f7051381456e
                                                                            • Instruction ID: 8ed1e5e2453ce5bfbb9405e2f0c8d69b5130a39d5efa73596a3fa99c785b1b4a
                                                                            • Opcode Fuzzy Hash: b9cad59d8d61aa57293a647d1a203afce2228bac2b7668dd5f16f7051381456e
                                                                            • Instruction Fuzzy Hash: C7F0A471A41218A7DF04E7A4DC9ABFE776CFF02354F140919BA36E32C1EA64994882A1
                                                                            Function 0083747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen
                                                                            • String ID: 3, 3, 16, 1
                                                                            • API String ID: 176396367-3042988571
                                                                            • Opcode ID: 9f12e271cb67e940d73a0713f41820832bd969109cbe90b71bf67f98d2b41939
                                                                            • Instruction ID: dc864e4d952e30fa594f8c27769b698985bfc8a4d0c7135bbed5b46ae303ab39
                                                                            • Opcode Fuzzy Hash: 9f12e271cb67e940d73a0713f41820832bd969109cbe90b71bf67f98d2b41939
                                                                            • Instruction Fuzzy Hash: 91E06182305320719331137BDCC597F5699EFC9750B10182BF9C5C236AFAA8ED9193E5
                                                                            Function 00810B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00810B23
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Message
                                                                            • String ID: AutoIt$Error allocating memory.
                                                                            • API String ID: 2030045667-4017498283
                                                                            • Opcode ID: caba219e3b5da8fe3256ef994c4a29f64d80ae7bb8af87367a6028fbb9836473
                                                                            • Instruction ID: a4b8b483dcb5d5ef85070187c6243648818fb49017b1517cb1003bd9dc536497
                                                                            • Opcode Fuzzy Hash: caba219e3b5da8fe3256ef994c4a29f64d80ae7bb8af87367a6028fbb9836473
                                                                            • Instruction Fuzzy Hash: C9E0923128931876D2102694BC07F897B88EF05B20F10442AF798955C38AE9649046E9
                                                                            Function 007D0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 007CF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,007D0D71,?,?,?,007B100A), ref: 007CF7CE
                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,007B100A), ref: 007D0D75
                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,007B100A), ref: 007D0D84
                                                                            Strings
                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 007D0D7F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                            • API String ID: 55579361-631824599
                                                                            • Opcode ID: e547f1605994cf4680165de67cd9b24f8a37a5bb0e7f236ba47e2b23c8bf0abc
                                                                            • Instruction ID: a4fdf2cc0019c5a3ee43742a9bfa33ad10526c74e515400b607aa2db2b9dba03
                                                                            • Opcode Fuzzy Hash: e547f1605994cf4680165de67cd9b24f8a37a5bb0e7f236ba47e2b23c8bf0abc
                                                                            • Instruction Fuzzy Hash: E7E06D742003118BD3609FB8E4087427BF5BB04741F00492EE482C6752DBF8E444CBE1
                                                                            Function 00823017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0082302F
                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00823044
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Temp$FileNamePath
                                                                            • String ID: aut
                                                                            • API String ID: 3285503233-3010740371
                                                                            • Opcode ID: 33406ae8aef0cf0af239201b697ae239ba2021ab5c21085c1b2a3ce0146b08ef
                                                                            • Instruction ID: e81a3babe13f0b0b7251f081ce54f30b2f972fbd36cee2666586f44e4729a2d9
                                                                            • Opcode Fuzzy Hash: 33406ae8aef0cf0af239201b697ae239ba2021ab5c21085c1b2a3ce0146b08ef
                                                                            • Instruction Fuzzy Hash: 98D05E7650133867DA60A7A4AC4EFCB7B6CEB05750F0002A1B655E2091EAF4D984CAD4
                                                                            Function 0080D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LocalTime
                                                                            • String ID: %.3d$X64
                                                                            • API String ID: 481472006-1077770165
                                                                            • Opcode ID: 7110b61ffbe97b82b312c7f374fa5a5703d167400860c87300c3b0d261b88ea1
                                                                            • Instruction ID: df0cb18d1ddec9aa742374055d307fbc4bcf8584641ed9bd7d9ab1f796f90e1b
                                                                            • Opcode Fuzzy Hash: 7110b61ffbe97b82b312c7f374fa5a5703d167400860c87300c3b0d261b88ea1
                                                                            • Instruction Fuzzy Hash: 5BD012A180931CEACBD096E0CC49DB9B37CFB18305F508466F80AD1080D768E948AB61
                                                                            Function 00842322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0084232C
                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0084233F
                                                                              • Part of subcall function 0081E97B: Sleep.KERNEL32 ref: 0081E9F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FindMessagePostSleepWindow
                                                                            • String ID: Shell_TrayWnd
                                                                            • API String ID: 529655941-2988720461
                                                                            • Opcode ID: c8576065b501445a9aae6b6921dc2c580df56daef686a73fc5c60daae4d3c665
                                                                            • Instruction ID: 936b23977f1e719fe3cf86902c85832c08ded0b433b843a78ac64a7cf2d884d5
                                                                            • Opcode Fuzzy Hash: c8576065b501445a9aae6b6921dc2c580df56daef686a73fc5c60daae4d3c665
                                                                            • Instruction Fuzzy Hash: 20D0A93A381300B6E2E8A7309C0FFCA6A18BB00B00F018A06770AEA1D0C8A4A801CA00
                                                                            Function 00842356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0084236C
                                                                            • PostMessageW.USER32(00000000), ref: 00842373
                                                                              • Part of subcall function 0081E97B: Sleep.KERNEL32 ref: 0081E9F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FindMessagePostSleepWindow
                                                                            • String ID: Shell_TrayWnd
                                                                            • API String ID: 529655941-2988720461
                                                                            • Opcode ID: 4e1c624e1da4bd6ac43389eddc581ab89d77dc7f6dae138402ec877548a2774a
                                                                            • Instruction ID: 2d36e448977bbaa1e62ed39db9f3ddd06f4e3404d43831596448da2c508375ae
                                                                            • Opcode Fuzzy Hash: 4e1c624e1da4bd6ac43389eddc581ab89d77dc7f6dae138402ec877548a2774a
                                                                            • Instruction Fuzzy Hash: A6D0A9363823007AE2E8A7309C0FFCA6A18BB01B00F018A06770AEA1D0C8A4A801CA04
                                                                            Function 007EBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 007EBE93
                                                                            • GetLastError.KERNEL32 ref: 007EBEA1
                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007EBEFC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.1666810267.00000000007B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                            • Associated: 00000000.00000002.1666797023.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.000000000084C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666855579.0000000000872000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666895428.000000000087C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.1666908727.0000000000884000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7b0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                            • String ID:
                                                                            • API String ID: 1717984340-0
                                                                            • Opcode ID: 7b6ada164a8ca295b88806f991881dc366a0924043faf2c6e5892e392aa0dff9
                                                                            • Instruction ID: 6ab9e0bb520bff7adada0835ff20473fbf7aa37c125d7e425345c7e21e527321
                                                                            • Opcode Fuzzy Hash: 7b6ada164a8ca295b88806f991881dc366a0924043faf2c6e5892e392aa0dff9
                                                                            • Instruction Fuzzy Hash: 5341D735602286EFCF218FA6CC84ABB7FA5AF49310F144169F959972A1DB349D01DB60

                                                                            Execution Graph

                                                                            Execution Coverage:0.4%
                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                            Signature Coverage:100%
                                                                            Total number of Nodes:6
                                                                            Total number of Limit Nodes:0
                                                                            execution_graph 5002 216e5a2aaf7 5003 216e5a2ab07 NtQuerySystemInformation 5002->5003 5004 216e5a2aaa4 5003->5004 5005 216e5a221f2 5006 216e5a22249 NtQuerySystemInformation 5005->5006 5007 216e5a205c4 5005->5007 5006->5007

                                                                            Callgraph

                                                                            Executed Functions

                                                                            Function 00000216E5A221F2 Relevance: 26.1, APIs: 1, Strings: 10, Instructions: 6826nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000011.00000002.2930560490.00000216E5A20000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000216E5A20000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_17_2_216e5a20000_firefox.jbxd
                                                                            Similarity
                                                                            • API ID: InformationQuerySystem
                                                                            • String ID: #$#$#$4$>$>$>$A$z$z
                                                                            • API String ID: 3562636166-3072146587
                                                                            • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                            • Instruction ID: a189a58d83ed06289d81eea35a6f09fa28d654966723e619d27f684e8c731069
                                                                            • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                            • Instruction Fuzzy Hash: C4A3C339618B498BDB2DDF1DDC8A6E973E5FB98700F14422EDC4AC7255DE34E9028B81